I notice (in the new firmware selector tool) that there IS a generic x86/64 version of OpenWrt.
My current router, Nano R4S is doing very well.
However the R4S only has 2 nics, I'm looking at the possibility of adding a DMZ (3rd nic). I don't like the idea of running ethernet over a usb adaptor.
I don't have any idea of recommended mini-PC style router (w 3 nics). So I looked up something on Amazon.
Anyone have a fav mini-PC hardware vendor?
NanoPi R6s in the same vein. Odroid H4+ with addon card
OK, I was unaware of NanoPi avail in 3 nics.
Is an eMMC slot microSD compatible? I know FriendlyElec has their own prop version of OpenWrt, supporting eMMC.
If I was to install vanilla OpenWrt, using microSD, is that gonna work?
Do not own it myself, it is inbound, but the PR notes on uboot indicate to the affirmative.
Tnx, so I need to watch release notes & firmware selector for R6S support.
The CWWK devices are sort of a favorite, as it is strongly suspected that they are the true manufacturer for Hunsn, Topton and various other China-based sellers. Take a look on aliexpress for the N100s with 4x or 6x 2.5 GbE ports, they are usually around $150 in bare bones form.
Here's the most recent megathread about them on STH https://forums.servethehome.com/index.php?threads/cwwk-topton-nxxx-quad-nic-router.39685/
How about using VLAN?
Tnx for suggestion.... I don't know much about VLANs. Do I need have the router LAN port plugged into a managed switch. I can do so.
Where do I find more info on how to use a VLAN to implement DMZ?
Apologies....
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_dmz
The quoted VLAN doc page, if I read correctly, only references how to configure OpenWrt VLAN config.
I have a very newbie question re VLANs....
Since OpenWrt is seemingly able to "assign" traffic to a VLAN, does the downstream/LAN side switch need to be managed/VLAN capable, to be able to segregate the VLAN traffic? I assume if the downstream switch is unmanaged/dumb, then VLAN config/assignment on OpenWrt is useless/wasted?
If a DMZ is segregated via a VLAN, then any server/device within said DMZ needs to be on the same VLAN?
Yes you need a managed switch or some cheap smart switch with VLAN support.
Just today I've tried a cheaper Mokerlink "managed" switch (fr Amazon).
( https://www.amazon.de/dp/B0B5KPHVJM )
It was the worst experience with any managed switch I've had.... Admin pw reset didn't work (I had to do factory reset TWICE). A good/long pw just didn't save.
After couple resets, I tried a SHORT pw (7 chars). That worked, was able to login after pw saved!
So, after factory IP change & pw change, I switched device off to install cables onto it.... Then once restarted, RJ45's def powered/lit, HOWEVER I couldn't access GUI/IP anymore! New IP (on correct subnet), old IP (on factory subnet).... Never got GUI working again.... Device is now IN THE BIN.... Literally..... W terrible Amazon review, which mods prob won't post.....
Its the fastest I've thrown any hardware away.... Unfort I didn't try this device soon enough, so return window had expired. Nevermind, its better in the bin!
Now I'm looking at Ubiquiti / Unify.... Some forums seem to like Ubiquiti, I've heard the name somewhere. I'm done w cheap!
Ubiquity switches with Etherlighting like Pro Max 16 PoE are indeed not the cheapest but look very cool ! => see Switch with Etherlighting
When reconsidering that you need something more budget like you could check into Netgear GS308EP => see Basic VLAN setup for router / managed switch / access point for some screenshots of its UI
That kind of netgear is exactly what I used to buy. Nothing currently against Netgear, it's always served me well.
currently I'm using a combination of three switches.... One older Netgear PoE/af (GS308P wan switch), a Nicgiga S25-0801M 2.5g managed for server(s)/faster, & Nicgiga GS0820P, PoE/at for general PoE.
I adore PoE, Will use it even if I don't have to..... You can see why I like that Pro Max 16 PoE, got all the PoE bases covered.
With the Pro Max 16, I can put all my other switches (except for the 2.5g) in storage.
& my 2.5g has a 10g sfp, so I'm all set for a 10g lightpipe betw switches.
Using a VLAN, I should be able to integrate my wan subnet into the Unify..... So having both my WAN and my DMZ VLANs in the same switch.
Let's see if I can afford Christmas early?
Mikrotik/Zyxel also have some low end smart/managed switch (I am using Mikrotik)
I tend to avoid anything x86 that doesn't support EFI config over serial. Having to break out a monitor/usb keyboard/mouse to a network cabinet sucks. This excludes a bunch of the mini PC's i see? I haven't seen a review of the N100 based router hardware where they talk about that.
I'm still running a bunch of Riverbed hardware with openwrt and other router oses ( newer 64 bit stuff though, no experience with the 32 bit 555/550/755/250)
If you're after new/10gb, there's a bunch of relatively economical c3758/c3558R hardware now on aliexpress. I recall a review where one of them had the EFI on serial, but I also see ones which have VGA so I'd need to have a look.
As an aside some thinkstation hardware supports getting into the EFI over serial. My goto is get a rackmount server like Dell R320 as you can get them to under 60W.
While I understand -and share- the desire, this requirement does limit your options and raises your price range (and problably indirectly the power consumption) quite a bit. While I totally get the desire to enter the BIOS/ UEFI settings (during first set up procedures, BIOS updates if available), you rarely need to change those setting during 'normal' operations (again). On a normal x86 system, you get serial console access using OpenWrt while grub is starting up - likewise you can boot a rescue system from USB without attaching a monitor/ keyboard, do there aren't that many instances where attaching a monitor would be required, even if having to recover.
Yep. It's all compromise. Just not a fan of mini PC's rather than a proper network appliance or server.
The c3338/c3558r/3758r hardware on aliexpress is still quite appealing as it's closer to a proper network appliance.
I'd welcome further discussion on budget, power, cooling, physical dimensions and performance requirements from OP i guess. Sounds like they're going for VLAN's with existing hardware anyway.....
I've used a bunch of HP/lenovo mini PC's. If one does want to go for mini pc I'd consider using something that has vPro and then use m.2 adapters or if it takes a half height half length pcie x4 slot.
You can also do a lot from a GRUB console, and that's a good point regarding boot from USB first I agree. How often does one actually need to go into bootloader anyway =P Things are mostly set and forget with networking hardware. Plus a lot of openwrt hardware doesn't have a physical console on the outside anyway.