💾 Archived View for gemini.circumlunar.space › users › kraileth › neunix › eerie › 2017 › building_a… captured on 2022-04-28 at 19:15:58. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-05)
-=-=-=-=-=-=-
Here I'm republishing an old blog post of mine originally from May 2017. The article has been slightly improved.
Background: This is the first part of the longest (8 parts) and also one of the most popular series that I have written. It has received quite a bit of attention since it was published.
Pretty much everybody in the western world has Internet access at home these days. It's not a big deal: You conduct a contract with some ISP. They send you a modem/router combo box that you plug in, do some simple setup and you're done. Those boxes are pretty much ubiquitous pieces of hardware, silently doing their work most of the time. Some of them even come with wireless access and all that other convenient stuff. Basically you configure them once and then forget that you even have one!
The paragraph above sounds great, doesn't it? It sure does. And it actually is. Kind of. There's only one little problem with it, really. Those boxes are more often than not meant for sunny, green meadows where unicorns graze peacefully. Unfortunately... the Internet is a less friendly place: Predators, scavengers and all kinds of poltergeists are out there and after your hide, luring in the shadows ready to rip your guts out when they catch you off guard!
Let's put it straight: It's not much of a secret that standard off-the-shelf type home routers suck. Big time. They do little to protect the unsuspecting user. They get in the way of people who know a bit more than the average user and try to tighten security at least a little. They have proven to often come with serious bugs. Or worse: They might even contain holes that were introduced on purpose...
If you're running Linux, *BSD or some other OS that puts _you_ in control, you might not be too comfortable with that potential spy in your house. (In times where people choose to put _known spies_ like "Alexa" in their homes, your router is probably not the first thing to take care of, though. But maybe you live in a shared apartment together with someone who thinks that this devil's work is "cool". You know that a move is in order, don't you? But hey, it could be worse: You could have _married_ someone who thinks so - in which case of course you're hosed.)
The first thing to think about - at least for me - was which software to use. There are various possibilities to choose from. Since I've come to appreciate BSD operating systems, I wanted something BSD-based. This basic thing decided on, I needed to find hardware that was supported by my OS of choice.
However there was more to think about. While a PC is usually powered down and turned off when it's not needed, you probably don't want to do the same thing for your router. And while an old PC could technically do the job, for something that's basically an "always on" device, it makes sense to use something that doesn't draw as much power. For that reason some of those small embedded boards crossed my mind. However those are often ARM or MIPS-based and sometimes don't even have proper gigabit LAN. This doesn't mean they are not up to the task, but going with a less common architecture wouldn't exactly make things easier. Therefore I decided that x86 still was the way to go, at least for now. There's enough new things to learn and if everything works out very well I can always play the "build your own router" game again, choosing a higher difficulty level.
Ok, x86 and (preferably) low power consumption. There are various products which fit into this category, and they often are passively cooled as well which is nice, too. I read good things about _PC Engine's APU2_ boards. There are reports out there indicating that they run FreeBSD and OpenBSD really well. They also seem to be pretty popular among people building their own routers - and it's not hard to see why.
The APU2 is a system board that comes in a couple of variants. I opted for the APU2c4 which has among other features the following specs:
It makes use of _Coreboot_ which is great and the CPU features the AES-NI instruction set that enables AES crypto acceleration which is useful as well. While the RAM is ECC technically, the firmware does not support error correction, yet, unfortunately. But that feature may be enabled with a future firmware update. [Said feature has landed a while ago now.]
In the end I ordered a bundle that consists of the board, an external power supply, an indoor case and an mSATA 16 GB drive. The APU can make use of an SD card, too, but I definitely prefer the mSATA option. And I only paid about 180 Euros for it. Sure, you can get off-the-shelf routers for a lot less, but... yeah. This one is much more useful.
When I received my shipment, I opened it up and took a look at the parts. Luckily a colleague who is much more experienced with hardware than I am, offered to help me. At my first attempt I wasn't even able to get the board into the case - it didn't seem to fit! Of course it does fit... You just have to remove the screws for the COM port first.
My bundle came with a small metal heat transfer plate and two stripes of double-sided sticky tape. You're supposed to use one of the latter to fix the plate so that it connects that plate to both the processor and the case. However my colleague asked me if I'd rather do things right and I agreed.
So he put sticky tape on one side of the plate to stick it to the case. Then he put the board into the case. The board has two holes for screws:
Holes for screws in the board (PNG)
With a marker pen he wrote marks on the on the plate to indicate where the holes on the board are. Then he removed the board again and drilled two holes through the plate and the bottom of the case. Using a screw tap, he then cut two screw threads into the material.
The heat transfer plate with markers and double-sided sticky tape (PNG)
The next step was to properly clean both the plate and the CPU, put thermal conductance paste on there and put the board back in place. Now screws could be used to correctly fix the whole thing. I also plugged in the mSATA drive.
The board is fixed properly and mSATA drive plugged in (PNG)
My colleague used plastic screws for the simple reason that it's easy to cut off the overlapping parts that went through the bottom of the case. Not a bad idea!
Bottom view: Those white spots are the plastic screws (PNG)
Done! I thought about painting the plastic screws' ends black but then again that's only the bottom of the case. I've been using my router for a couple of weeks now and I'm pretty happy with it (and have a lot to play with!).
UPDATE: My colleague also got a similar APU2 and was curious enough to test how much of a difference it makes to use the heat plate the way the bundle suggests or to use thermal conductance paste. He put his machine under various load situations once with the sticky tape and once with the paste applied. The difference proved to be ranging between 2° to 5° C! That really makes the extra effort worth it.
The APU does not have any VGA port, you have to attach a serial console to work with it. So that's what the next post will be about.
Building a BSD home router (pt. 2): The serial console (excursion)