We needed a router and wifi access point in the office, and
simultaneously both I and my co-worker Ivan needed such a thing at our
respective homes. After some discussion, and after reading articles in
Ars Technica about building PCs to act as routers, we decided to do
The PC solution seem to offer better performance, but this is
actually not a major reason for us.
We want to have systems we understand and can hack. A standard x86
PC running Debian sounds ideal to use.
Why not a cheap commercial router? They tend to be opaque and
mysterious, and can’t be managed with standard tooling such as
Ansible. They may or may not have good security support. Also, they
may or may not have sufficient functionality to be nice things, such
as DNS for local machines, or the full power if iptables for
Why not OpenWRT? Some models of commercial routers are supported by
OpenWRT. Finding good hardware that is also supported by OpenWRT is
a task in itself, and not the kind of task especially I like to do.
Even if one goes this route, the environment isn’t quite a standard
Linux system, because of various hardware limitations. (OpenWRT is a
worthy project, just not our preference.)
We got some hardware:
|| Qotom Q190G4, VGA, 2x USB 2.0, 134x126x36mm, fanless
|| Intel J1900, 2-2.4GHz quad-core
|| Intel WG82583, 4x 10/100/1000
|| Crucial CT102464BF160B, 8GB DDR3L-1600 SODIMM 1.35V CL11
|| Kingston SSDNow mS200, 60GB mSATA
|| AzureWave AW-NU706H, Ralink RT3070L, 300M 802.11b/g/n, half mPCIe
|| Half to full mPCIe adapter
|| 2x 2.4/5GHz 6dBi, RP-SMA, U.FL Cables
These were bought at various online shops, including AliExpress and
After assembling the hardware, we installed Debian on them:
Connect the PC to a monitor (VGA) and keyboard (USB), as well as
I built a “factory image” to be put on the SSD, and a USB stick
installer image, which includes the factory one. Write the
installer image on a USB stick, boot off that, then copy the factory
image to the SSD and reboot off the SSD.
The router now runs a very bare-bones, stripped-down Debian system,
which runs a DHCP server on eth3 (marked LAN4 on the box). You can
log as root on the console (no password), or via ssh, but for ssh
you need to replace the
with one that contains only your public ssh key.
Connect a laptop to the Ethernet port marked LAN4, and get an IP
address with DHCP.
Log in with ssh to
firstname.lastname@example.org, and verify that
works without password. Except you can’t do this, unless you put in
your ssh key in the authorized keys file above.
Git clone the ansible playbooks, adjust their parameters in
minipc-router.yml as wanted, and run the playbook. Then reboot the
You should now have wifi, routing (with NAT), and be generally
speaking able to do networking.
There’s a lot of limitations and problems:
There’s no web UI for managing anything. If you’re not comfortable
doing sysadmin via ssh (with or without ansible), this isn’t for
No IPv6. We didn’t want to enable it yet, until we understand it
better. You can, if you want to.
No real firewalling, but adjust
The router factory image is 4 GB in size, and our SSD is 60 GB.
That’s a lot of wasted space.
The router factory image embeds our public keys in the
user’s authorized keys file for ssh. This is because we built this
for ourselves first. If there’s interest by others in using the
images, we’ll solve this.
Probably a lot of stupid things. Feel free to tell us what it is
(email@example.com would be a good address for that).
If you’d like to use the images and Ansible playbooks, please do. We’d
be happy to get feedback, bug reports, and patches. Send them to me
(firstname.lastname@example.org) or my ticketing system (email@example.com).
Source: Debian Planet