Re: A FreeBSD-based Router

From: David Christensen <dpchrist_at_holgerdanske.com>
Date: Sat, 05 Apr 2025 23:40:59 UTC
On 4/5/25 11:02, Martin McCormick wrote:
> We have been using a Netgear wndr3400v2 router since February of
> 2013 and it is probably time to take advantage of newer
> technology especially since there have been no new software updates for
> it in years.  It also has a web GUI interface that must have, at
> one time, worked for somebody, but nobody here because I have
> thrown every browser at it I can get my hands on and the best way
> to describe it is that each browser does okay with some web pages
> on it but not others and anything related to passwords or the
> changing there of seems to always make the most destructive
> changes but never any beneficial adjustments so one doesn't
> really know what got changed until later when this or that
> function no longer works.
> 
> 	If I do the factory default reset, that will certainly
> set things back to originals while also deleting the dhcp table
> so I don't really want to do that.
> 
> 	What I really want is a modern router with a command-line
> method of control which allows for good old text-base
> configuration files for changing router settings as well as the
> dhcpd server which it would also be running.
> 
> 	My idea is to load a mini PC with FreeBSD and a router
> engine which means that the mini PC would need to have at least 2 NICS.
> 
> 	Is there any particular mini PC  with a good track record
> on running FreeBSD?  I just put our Netgear router on a UPS so
> that the occasional power glitches aren't as easily passed
> through to our home network and hopefully a mini PC would not run
> the UPS battery down as quickly as a full-sized work station
> might.
> 
> 	Before I retired in 2015, I ran the FreeBSD-based bind
> name servers along with ISC Dhcpd for my employer and we had
> virtually no issues at all with that particular scheme so that's
> why I want to use FreeBSD in our house for this purpose even
> though I use debian Linux for most hobby activities so I can say
> good things about both unixen (I believe that is a correct form
> of speech.)
> 
> 	Our router is still working, knock on wood, but we
> recently had issues with our ISP that so choked the router that I
> thought it had crashed only to find out that it came back to life
> when whatever traffic the ISC was throwing on to their system
> went away and things got back to what passes for normal.
> 
> 	The FreeBSD/dhcp environment we had for over 20 years was
> run on Dell servers and we had one FreeBSD box that ran continuously
> without a reboot for over a year so I know FreeBSD gets things
> done.
> 
> 	Thanks for any suggestions.
> 
> Martin McCormick


Network engineering in the age of the Internet is a never-ending 
learning curve with potentially disastrous consequences if it is done 
incorrectly (including not keeping it up-to-date).


I have a SOHO network with a file server, various client devices, and 
residential Internet service.  I want a safe and reliable network, but 
am not a network engineer.


Back in the day, I started with a homebrew dial-up firewall router using 
a desktop PC, dual NIC's, and Red Hat Linux.  It was a useful learning 
exercise.  Later, I tried purpose-built FOSS distributions.  pfSense was 
too powerful and complex for my needs.  IPCop was a good fit and I used 
it for years.  But, the PC was bulky, made noise, produced heat, and 
consumed power.  Compact energy-efficient PC's have always come at a 
premium price.  I tried a few Netgear products, but also had problems 
with the web user interface (WUI).  More importantly, the devices tended 
to crash every few months; especially in summer.  FOSS firmware (DD-WRT) 
helped with the WUI, but I bricked at least one device attempting to 
upgrade.  When I added a Wi-Fi access point (AP), I soon discovery the 
hassle of trying to keep configuration settings synchronized across 
multiple network devices.


Then I discovered Ubiquitti Networks and their UniFi lineup of products. 
  The killer feature is the UniFi Network Application -- centralized 
high-level network command and control with one WUI to "rule them all". 
I bought a UniFi Security Gateway, a UniFi AP AC-Lite, rented a Linode 
VPS, installed Debian and the UniFi Network Application (via a Linode 
StackScript), configured everything, and have been up and running 24x7 
ever since.  The UniFi Network Application WUI has evolved over the 
years, but has always been very polished.  Upgrades have been 
uneventful.  Backup is achieved by downloading a configuration file. 
Restore is achieved by uploading a configuration file.  I easily added 
incoming firewall pinholes and forwarding rules to allow remote SSH 
access from the Internet.  At one point, I set up a VPN to allow remote 
Samba access from the Internet.  I easily added two more AP's to my LAN. 
  Technical support was excellent when I needed it.  UniFi devices are 
Linux on the inside, so I can look; but I dare not touch.


David