I am using Linux as my router and written instructions so that you can too.
For a while now I have held some disappointment in the SOHO to SMB range of routers. Considering the low cost of modern ARM SBCs their hardware seems expensive. That cost might be justifiable if updates were not few and far between. In July 2020 ARN posted an article “How home router manufacturers dropped the ball on security” which confirmed a lot of my suspicions. One thing stood out to me:
a third of the routers ran on top of the 2.6.36 Linux kernel, an older version. The last security update for kernel version 2.6.36 was provided nine years ago
Personally I was lucky with my last home router, I had an ASUS which was released in mid-2012 and they were still providing firmware updates for it 8 years later when I had ditched it in 2020. I can’t speak for what kernel version it was running but updates 8 years later is quite impressive.
My old home router aside, I decided that I wanted to try configure a router using a fresh install of a well supported Linux distro. While working towards that goal I noticed that the notes I was taking could be turned into instructions so that others can do the same. Since “sharing is caring” I decided to pivot towards writing instructions and turn this into a small personal project which I have codenamed: NetworkEnjin
I’m using the latest Ubuntu Server LTS as my base (22.04 at time of writing). It’s pretty much ubiquitous at this point so you can follow my instructions to configure anything from a Rock Pi S to an IBM Z mainframe (I haven’t tested this on an IBM Z mainframe, quite frankly that would be a tiny bit of overkill but if I could I absolutely would). These instructions are not for beginners, I do expect you to know the following:
- How to configure a router
- How to administrate a Linux distribution via a CLI
- How to install Ubuntu Server on your chosen device and configure networking
If you’re new to working with Netplan, Canonical have done a good job of providing almost any example configuration you need at https://netplan.io/examples/
My instructions are going to be spread out over multiple parts. The immediate plan is as follows:
Part 0: PPPoE (a bonus part for those who need it)
Part 1: Routing with NFTables
Part 2: DNS and DHCP with DNSMasq
Ideally in the long term I would also like to write the follow parts too if time permits:
Part 3a: Wireguard VPNs
Part 3b: IPSec VPNs
Part 4: NGINX as a WAF using ModSecurity and Certbot
Anyway, I hope that you find this helpful. Good luck and happy routing.