Операционные системы для создания роутера

Name Status Type Architecture Min hardware requirements License Cost Description Alpine Linux Active Linux distribution x86, x86-64, ARM Open source Free Linux distribution running from a RAM drive. Its original target was small appliances like routers, VPN gateways, or embedded x86 devices. However, it supports hosting other Linux guest OSes under LXC control, making it an attractive hosting solution as well. Uses Busybox and musl. ClearOS Active Red Hat Enterprise Linux derivative x86, x86-64 GPL and others Free or paid registration Router and firewall for SMBs with network, gateway and server modules accessed through WebConfig. A paid registration for extra online services is available, but not necessary for operation of the product. Cumulus Linux Active Debian derivative ? Free with registration, or paid subscription. Open source Linux based networking operating system for bare metal switches. DD-WRT Active Linux distribution MIPS, x86, ARM ? Free or paid registration for x86 Embedded Linux firmware distribution available on a variety of wireless routers. Endian Firewall Active Linux distribution x86-64 ? Free (PC) or hardware version UTM distribution with routing, firewall, anti-spam and anti-virus for web, FTP and e-mail, OpenVPN, IPsec, captive portal functionality, and captive portal (missing in community version). Endian Firewall Community (EFW) is a complete version for x86. The anti-virus for EFW is Sophos or ClamAV. The intrusion protection is Snort. fli4l Active Linux distribution x86, x86-64 GPL (Free software) Free Linux-based router project supporting a large set of layer-1 technologies (e.g. Ethernet LAN, Wireless LAN, ISDN, DSL, UMTS), layer-3 protocols and functionality (IPv4, IPv6, stateful packet filter), and various network-related functionality (e.g. Bridging, Bonding, VLANs; DNS, DHCPv4, DHCPv6, IPv6 RA; PPP (client+server), PPTP (client+server), Multilink PPP, OpenVPN, 6in4 tunneling; support for various DynDNS clients, NTP time synchronization). It is easily extendable by a large number of additional packages. floppyfw Unmaintained Linux distribution x86 ? Free Single-floppy router with Linux’s advanced firewall capabilities. FRRouting Active GPL2 Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD. Gargoyle Active Linux distribution MIPS, x86-64 A free OpenWrt-based Linux distribution for a range of Broadcom and Atheros chipset based wireless routers. Global Technology Associates, Inc. Discontinued FreeBSD derivative x86 ? Free (limited functionality) or paid GB-OS firewall and UTM appliance. IPFire Active Linux distribution x86, x86-64, ARM RAM : 1 GB
Storage : 4 GB GPLv3 Free IPFire is a hardened Open Source Linux distribution that primarily performs as a Router and a Firewall; a standalone firewall system with a web-based management console for configuration. Kerio Control Active Linux x86-64 Proprietary Paid hardware or virtual appliance Router/firewall distribution. LEAF Project Active Linux distribution x86 ? Free linux Embedded Appliance Framework; a customizable embedded Linux network appliance used as an Internet gateway, router, firewall, and wireless access point. LibreCMC Active Linux-libre MIPS GPLv2 Free Linux-libre distribution for computers with minimal resources, such as the Ben NanoNote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software. Based on OpenWrt, the project’s goal is to aim for compliance with the GNU Free System Distribution Guidelines (GNU FSDG) and ensure that the project continues to meet these requirements set forth by the Free Software Foundation (FSF). LibreCMC does not support ac (Wi-Fi 5) or ax (Wi-Fi 6) due to a lack of free chipsets. m0n0wall Discontinued FreeBSD derivative x86 ? Free Development ended 2015-02-15. Small web-administrative router/firewall/VPN (IPsec/PPTP only; no OpenVPN) distribution. m0n0wall was forked to smallwall.org shortly after Manuel Kasper announced end of development for m0n0wall. Openwall Active Linux x86, x86-64 ? Free GNU/*/Linux (or Owl for short) is a small security-enhanced Linux distribution for servers, appliances, and virtual appliances. Effectively at end of life. OpenWrt Active Linux x86, x86-64, MIPS, ARM, PowerPC, AVR32, CRIS, m68k, SPARC, SuperH, Ubicom32, etc. GPL V2 Free Linux distribution with a focus on CPE-routers and similar embedded devices. Its comprehensive build system is based on a heavily modified uClibc#Buildroot and suitable for embedded systems in general. OPNsense Active FreeBSD derivative, fork of pfSense x86-64 FreeBSD License Free or paid Forward caching proxy, traffic shaping, intrusion detection, two-factor authentication, IPsec and OpenVPN^[1] pfSense Active FreeBSD derivative, fork of m0n0wall x86-64, ARM Closed & Open source licenses Free as PfSense CE or paid on Netgate Devices as PfSense Plus Customized distribution tailored for use as a firewall, router, DHCP server, gateway, OpenVPN, IPsec, proxy and anti-virus (Snort). Smoothwall Active (Closed Source) Linux distribution x86 Closed & Open source licenses Free or paid Router/firewall distribution with a web interface and light terminal. Sophos Active Linux derivative x86-64 ? Free, Paid or hardware/virtual appliance UTM — offers free home use for up to 50 clients. Provides HTTP/S web filtering, spam filtering, antivirus (web and email), VPN (PPTP and a HTML5 agentless VPN) and Point-to-point links between UTM and other devices via IPSec and SSL-VPN. Formerly Astaro Security Gateway.^[2] Tomato Firmware Discontinued Linux distribution Broadcom only: MIPS, ARM ? Free Free HyperWRT-based, Linux core firmware distribution for many Broadcom-based wireless routers, originally Linksys WRT54G. Now being ported to ARM-based consumer routers.^[3] Vyatta Discontinued Linux distribution x86, x86-64 ? Paid Enterprise-class router, firewall, VPN, intrusion protection and more delivered as a complete network operating system that runs on x86 hardware or in XenServer, VMware or Hyper-V to provide vFirewall, vRouter network virtualization functionality. VyOS Active Linux distribution x86, x86-64 RAM : 512MB
Storage : 2GB
(recommended) GPL v2 Free «snapshot» builds or self-compiled. Stable builds require subscription Based on Vyatta. After Brocade halted development of Vyatta CE (free edition) in favor of the subscription edition, this project aims to keep open source development going. But have switched to a paid subscription model too. Windows RRAS Active Windows add-in feature x86, x86-64 ? Requires prerequisite Windows OS license Windows Routing and Remote Access Service is a feature that can be installed on Windows (mainly server) Operating Systems, and can perform routing functions, NAT, and implement firewall rules. Zentyal (formerly eBox Platform) Active Ubuntu derivative x86, x86-64 Open source Free with paid services available Zentyal is an open-source router/firewall and small business server. Zeroshell Discontinued Linux distribution x86, ARM GPL V2 Free (contribution required for some graphing functions) Web-administrative router/firewall live CD with QoS features. It is also able to act as a Wi-Fi access point with advanced features such as the multiple SSID and 802.1x RADIUS authentication. Zeroshell supports VLAN trunking (802.1q), bridging, WAN load balancing, and fail-over features.

Looking for alternatives to commercial router OS software products? Here are some open-source options to consider

Open-source router OS software refers to router operating systems that are released under an open-source license, allowing users to freely use, modify, and distribute the software. These router OS software options are based on Linux or other open-source operating systems, and offer a range of features such as advanced networking configurations, security capabilities, and user-friendly interfaces. They are designed to provide a customizable, secure, and feature-rich networking experience while being cost-effective alternatives to commercial router OS software.

Open-source router OS software can be a strong option to consider as an alternative to commercial products. Open-source router OS software can be customized to meet specific networking needs and can be more cost-effective than commercial products. These software options are often designed to be user-friendly and feature-rich, with advanced networking configurations and security capabilities. These routers’ OSs can be used in networks ranging from home networks, to small business networks, or even in large corporate environments. Additionally, the open-source nature of these products means that users can contribute to the development of the software and collaborate with other users to improve it over time.

In this article, we present the best open-source router OS software out there. Hopefully, this would help you in choosing the right one for your network.

The Best Open-source Router OS Software

1. RouterOS from MikroTik

MikroTik RouterOS is an open-source router OS software that is designed to provide a powerful, customizable, and secure networking experience. It is based on the Linux kernel and offers a range of features and capabilities that make it a popular choice among network enthusiasts, developers, and IT professionals. The open-source nature of MikroTik RouterOS means that users can contribute to the development of the software and collaborate.

One of the primary benefits of MikroTik RouterOS is its flexibility. The software allows users to customize and modify the software to meet their specific networking needs. This includes adding new features, removing unnecessary features, or configuring the software to work with specific hardware. This flexibility makes it an attractive option for advanced users who want more control over their networking equipment.

Another benefit of MikroTik RouterOS is its advanced networking configurations. The software includes support for Quality of Service (QoS), network address translation (NAT), and virtual private network (VPN) support, which can help optimize network performance and improve security. Additionally, the software includes support for advanced routing protocols such as OSPF, BGP, and VRRP, making it an ideal solution for complex network setups.

MikroTik RouterOS also offers a range of security features to protect against security threats and attacks. The software includes support for firewalls, intrusion detection, and prevention, and secure remote access. Additionally, the software is updated frequently with security patches and bug fixes, ensuring that users have access to the latest security enhancements.

MikroTik RouterOS is also designed to be user-friendly. The software includes a web-based interface that allows users to configure their networking settings easily. The interface is responsive and can be accessed from any device with a web browser. Additionally, the software includes support for scripting and automation, allowing users to automate routine tasks and customize the software to fit their specific needs.

2. OpenWrt

OpenWrt is an open-source router operating system (OS) that is designed to provide a customizable, secure, and feature-rich networking experience. It is based on the Linux kernel and offers a range of features and capabilities that make it a popular choice among network enthusiasts, developers, and IT professionals.

One of the primary benefits of OpenWrt is its flexibility. OpenWrt allows users to customize and modify the software to meet their specific networking needs. This includes adding new features, removing unnecessary features, or configuring the software to work with specific hardware. This flexibility makes it an attractive option for advanced users who want more control over their networking equipment.

Another benefit of OpenWrt is its security capabilities. OpenWrt includes features such as firewalls, intrusion detection and prevention, and VPN support, which can help protect against security threats and attacks. Additionally, the software is updated frequently with security patches and bug fixes, ensuring that users have access to the latest security enhancements.

OpenWrt is also designed to be user-friendly. The software includes a web-based interface that allows users to configure their networking settings easily. The interface is responsive and can be accessed from any device with a web browser. OpenWrt also includes support for a wide range of hardware, including popular router models from companies such as TP-Link, Netgear, and Asus.

OpenWrt also offers a range of advanced networking configurations, including support for Quality of Service (QoS), network address translation (NAT), and virtual LAN (VLAN) tagging. These features make OpenWrt an attractive option for businesses and organizations that require more advanced networking capabilities. The open-source nature of OpenWrt means that users can contribute to the development of the software and collaborate with other users to improve it over time. This community-driven approach has led to the development of many useful plugins and packages that extend the functionality of the software.

OpenWrt is a powerful and flexible open-source router operating system that offers advanced networking capabilities, robust security features, and a user-friendly interface. Its customizable nature, support for a wide range of hardware, and active development community make it an attractive option for network enthusiasts and IT professionals alike.

3. DD-WRT

DD-WRT is an open-source router OS software based on the Linux kernel that offers a highly customizable and feature-rich networking experience for both home and enterprise users. Its advanced networking features include Quality of Service (QoS), VPN support, and port forwarding. The software supports multiple wireless protocols, such as 802.11ac, 802.11n, and 802.11g, among others, and advanced routing protocols such as OSPF, BGP, and RIPv2.

DD-WRT includes multiple wireless SSIDs, which allows for the creation of multiple wireless networks with different access levels and security settings. Additionally, the software offers network storage capabilities, allowing users to share files across their network. DD-WRT is highly customizable, allowing users to tailor the software to their specific needs. Its user-friendly web-based interface makes it easy to configure network settings.

The software includes a range of security features, such as firewall support, WPA/WPA2 encryption, VPN and add-ons, and plugin support.

Other features and capabilities include:

• DD-WRT supports a wide range of routers and hardware, including older and newer devices.
• The software includes advanced networking features such as Quality of Service (QoS), VPN support, and port forwarding.
• DD-WRT offers support for multiple wireless protocols, including 802.11ac, 802.11n, and 802.11g, among others.
• The software includes support for advanced routing protocols such as OSPF, BGP, and RIPv2.
• DD-WRT supports multiple wireless SSIDs, which allows for the creation of multiple wireless networks with different access levels and security settings.
• The software includes a range of security features, including firewall support, WPA/WPA2 encryption, and VPN support.
• DD-WRT also supports network storage, allowing users to share files across their network.
• The software can be customized using add-ons and plugins, allowing users to add new features or modify existing ones.

4. VyOS

VyOS is an open-source network operating system based on Debian GNU/Linux. It is designed to be used as a router, firewall, and VPN gateway, and it is well-suited for small to medium-sized businesses and enterprise-level networks. VyOS is a fork of the Vyatta project, which was discontinued in 2013. The software is actively maintained by the VyOS community and offers a range of advanced networking features.

One of the key features of VyOS is its flexibility. It can be installed on a range of hardware, including physical servers, virtual machines, and cloud platforms such as Amazon Web Services and Microsoft Azure. It can also be deployed as a virtual appliance, making it easy to test and evaluate the software. VyOS includes a wide range of networking features, including advanced routing protocols such as OSPF, BGP, and RIPv2. It also supports VPNs, including IPsec, OpenVPN, and L2TP. The software includes advanced firewall features, such as stateful packet inspection, NAT, and zone-based firewalling. Additionally, VyOS supports Quality of Service (QoS) and network address translation (NAT).

One of the strengths of VyOS is its command-line interface (CLI), which allows for detailed configuration of networking features. The CLI is similar to the Juniper Networks Junos CLI, making it a good choice for users familiar with that platform. Additionally, VyOS includes a web-based GUI for configuring basic networking settings. VyOS’s strengths also include its advanced networking features, flexibility, and ability to be deployed in a variety of environments. The software’s active development community and frequent software updates ensure that it remains up-to-date with the latest networking technologies. Additionally, VyOS’s CLI makes it a good choice for experienced network administrators who prefer to work with a command-line interface.

On the other hand, one potential weakness of VyOS is that it may be less user-friendly than other router OS software with a graphical user interface. Additionally, configuring advanced networking features may require a higher level of technical expertise. Nevertheless, VyOS is a powerful and flexible open-source router OS software that is well-suited for enterprise-level networks. Its advanced networking features and active development community make it an excellent choice for experienced network administrators who require advanced routing, firewalling, and VPN capabilities.

5. OPNsense

OPNsense is an open-source router OS software that is based on FreeBSD. It is designed to be used as a firewall, router, and VPN gateway, and it includes a range of advanced networking features. OPNsense is a fork of the pfSense project, and it is actively maintained by the OPNsense community.

One of the key features of OPNsense is its flexibility. It can be installed on a range of hardware, including physical servers, virtual machines, and cloud platforms such as Amazon Web Services and Microsoft Azure. It can also be deployed as a virtual appliance, making it easy to test and evaluate the software. Other features and capabilities include:

• Firewall OPNsense includes a powerful firewall with stateful packet inspection, which allows it to filter traffic based on packet contents, port numbers, and other criteria. This provides a high level of security for enterprise networks.
• Quality of Service (QoS) OPNsense supports Quality of Service (QoS) features, which allows network administrators to prioritize traffic based on its type, source, and destination. This helps to ensure that critical network traffic is given priority over less important traffic.
• Virtual Private Network (VPN) support OPNsense includes built-in support for Virtual Private Networks (VPNs), allowing users to securely connect to the network from remote locations.
• Web-based GUI OPNsense provides a web-based graphical user interface (GUI) for easy configuration and management. The GUI is user-friendly and includes a range of features, such as a dashboard, firewall rule editor, and package manager for installing additional features.
• Traffic shaping OPNsense includes advanced traffic shaping capabilities, which allows network administrators to control the flow of traffic on the network. This helps to optimize network performance and reduce congestion.
• Intrusion Detection and Prevention System (IDPS) OPNsense includes an Intrusion Detection and Prevention System (IDPS), which allows network administrators to detect and prevent network attacks.

As with most applications, OPNsense has its strengths and weaknesses. OPNsense’s strengths include its advanced networking features, flexibility, and ease of use. The software is actively maintained by the OPNsense community, which ensures that it remains up-to-date with the latest networking technologies. Additionally, the software’s web-based GUI makes it easy to configure networking settings, even for users without extensive technical expertise.

On the other hand, one of OPNsense’s weaknesses is that it may be less user-friendly than other router OS software with a graphical user interface. Additionally, configuring advanced networking features may require a higher level of technical expertise. Nonetheless, OPNsense is a powerful and flexible open-source router OS software that is well-suited for enterprise-level networks. Its advanced networking features, flexibility, and ease of use make it an excellent choice for both experienced network administrators and users with less technical expertise.

6. pfSense

pfSense is a free and open-source router and firewall operating system based on the FreeBSD operating system. It is designed to be used on standard x86 hardware and can be deployed as a virtual machine or on dedicated hardware. pfSense offers advanced features and capabilities that are typically found in commercial routers and firewalls, making it an ideal solution for small to medium-sized businesses, educational institutions, and other organizations that require robust network security and management.

pfSense provides a web-based graphical user interface (GUI) that allows users to configure and manage all aspects of their network. This includes setting up firewall rules, configuring virtual private networks (VPNs), managing DNS and DHCP services, and monitoring network activity. The GUI is highly customizable, allowing users to create dashboards and widgets that display real-time network information and statistics.

One of the key features of pfSense is its firewall capabilities. It offers advanced features such as stateful packet inspection, traffic shaping, and intrusion detection and prevention. These features allow administrators to block unwanted traffic and prevent malicious attacks on their networks. pfSense also supports VPN connections, allowing users to securely connect to their network from remote locations.

Another important feature of pfSense is its support for high availability (HA) and load balancing. With HA, administrators can set up redundant systems that automatically failover in the event of a hardware or software failure. Load balancing allows administrators to distribute network traffic across multiple servers or internet connections, improving performance and reducing downtime.

pfSense is highly flexible and can be customized to meet the specific needs of different organizations. It supports a wide range of third-party packages and plugins, including antivirus and anti-spam filters, content filtering, and intrusion detection and prevention systems. It also has an active community of developers and users who contribute to its ongoing development and support.

7. IPFire 

IPFire is a free and open-source router and firewall operating system based on the Linux kernel. It is designed to be used on standard x86 hardware and can be deployed as a virtual machine or on dedicated hardware. IPFire offers advanced features and capabilities for network security and management, making it an ideal solution for small to medium-sized businesses, educational institutions, and other organizations that require robust network protection.

IPFire provides a web-based graphical user interface (GUI) that allows users to configure and manage all aspects of their network. This includes setting up firewall rules, configuring virtual private networks (VPNs), managing DNS and DHCP services, and monitoring network activity. The GUI is highly customizable, allowing users to create dashboards and widgets that display real-time network information and statistics.

One of the key features of IPFire is its firewall capabilities. It offers advanced features such as stateful packet inspection, traffic shaping, and intrusion detection and prevention. These features allow administrators to block unwanted traffic and prevent malicious attacks on their networks. IPFire also supports VPN connections, allowing users to securely connect to their network from remote locations. Another important feature of IPFire is its support for proxy servers, which can be used to filter web traffic and block unwanted content. It also supports content filtering, which allows administrators to block access to specific websites or types of content.

IPFire is highly flexible and can be customized to meet the specific needs of different organizations. It supports a wide range of third-party packages and plugins, including antivirus and anti-spam filters, content filtering, and intrusion detection and prevention systems. It also has an active community of developers and users who contribute to its ongoing development and support.

Уровень сложности
Средний

Время на прочтение
6 мин

Количество просмотров 9.9K

Какой маршрутизатор лучше подойдёт для домашнего офиса? Ответ зависит от множества факторов. Для одних самое важное — поддержка Wi-Fi 6 (802.11ax), для других — качественный корпус и антенны, энергопотребление, кто-то выбирает по надёжности и отзывам коллег. Но есть особая категория пользователей, которым на всё это наплевать. Потому что они смотрят на маршрутизатор совершенно под другим углом. Для них маршрутизация — это программная функция. А саму «железку» можно собрать из чего угодно. Главное, чтобы она работала на свободной прошивке, а ещё лучше — на полноценном Линуксе для удобства управления устройством.

И если подумать, то лучший маршрутизатор — это обычный компьютер. Только слегка допиленный до кондиции.

В этом смысле история развивается по спирали, напоминая причудливые адаптеры Wi-Fi начала 2000-х годов — практически единственный способ подключить «мобильный интернет» к какому-нибудь ноутбуку или КПК. А сейчас мы делаем примерно то же самое с персональным компьютером, чтобы сделать из него сервер/маршрутизатор.

Первая версия протокола Wi-Fi (802.11) была представлена в 1997 году. И все сразу поняли, что это революция. Даже первые версии обеспечивали скорости на порядок выше, чем GPRS (мобильный интернет того времени), который к тому же тарифицировался по килобайтам и требовал совершенно безумных трат. Например, просто посмотреть почту в текстовом виде стоило примерно доллар. А открывать на своих КПК какие-то сайты с графикой могли только миллионеры.

Поэтому Wi-Fi сразу пошёл в народ. В конце 90-х на рынке появились специальные адаптеры Wi-Fi, которые можно было вставить в ноутбук и получить настоящий большой интернет практически бесплатно, через какую-нибудь публичную точку доступа Wi-Fi, которые постепенно начали появляться в городах (сначала в ресторанах и интернет-кафе). Парольная защита хотспотов в те времена (WEP) взламывалась за секунды.

▍ Точка доступа Wi-Fi из ноутбука

Раньше мы апгрейдили ноутбук, чтобы получить мобильный интернет, а сейчас — чтобы сделать маршрутизатор или точку доступа Wi-Fi. В принципе, в такой роли можно использовать любой старый компьютер, даже 80486. Ноутбук в силу портативности выглядит более концептуально. Вспомним, как это делалось двадцать лет назад.

Комплект простой:

• старый ноутбук;
• беспроводная карта;
• разъём типа pigtail (пигтейл);
• антенна.

В начале 2000-х для этой цели использовались PCMCIA-карты типа ORiNOCO Gold с пигтейлом под антенну. Дёшево и сердито.

ORiNOCO Gold с подключением внешней антенны через pigtail-коннектор

Карты ORiNOCO Gold были популярным выбором для хакерских экспериментов с Wi-Fi в публичных местах, например, организации фальшивых точек доступа или скана/брутфорса окружающих хотспотов.

В корпорациях чаще использовались PCMCIA-карты Cisco, более дорогие и престижные. Тогда был целый зоопарк разнообразных форм-факторов для Wi-Fi-адаптеров, включая Compact Flash (CF), Secure Digital (SD), ExpressCard и USB. Были карты в форматах ISA и PCI, чтобы нативно подключить десктопы к Wi-Fi.

Ноутбук с таким адаптером можно было настроить для работы в качестве нормальной публичной точки доступа. Например, в каком-нибудь кафе.

Сейчас кажется, что от этого многообразия не так много осталось. Зоопарк стал гораздо пореже. В большинстве смартфонов, ноутбуков и планшетов чипсет Wi-Fi изначально встроен в материнскую плату, так что нет нужды в дополнительных аксессуарах. Широкой нишей остались беспроводные USB-адаптеры Wi-Fi для подключения настольных ПК.

▍ Маршрутизаторы из одноплатников

Сейчас среди продвинутых пользователей принято покупать маршрутизатор на свободной прошивке типа OpenWRT, DD-WRT, Tomato (с интерфейсом AdvancedTomato) или самому настраивать какой-нибудь одноплатник типа Raspberry Pi. Продаются даже специализированные одноплатники, которые рассчитаны на использование в роли маршрутизаторов. Кажется, у них это главное целевое предназначение. Вот некоторые из списка:

• Orange Pi (последняя версия Orange Pi 5 c 8-ядерным SoC Rockchip RK3588S и 32 ГБ RAM гораздо производительнее, чем Raspberry Pi 4 — на ней можно даже построить бюджетный Linux-десктоп);

  

  

  Orange Pi 5

• Banana Pi;
• Odroid;
• BeagleBone;
• Cubieboard.

Выбор конкретной модели, конечно, зависит от конкретного юзкейса, то есть требований к сети и мощности. Большинство современных одноплатников из коробки поддерживает Wi-Fi и Ethernet, наряду с другими сетевыми интерфейсами.

Интерфейс AdvancedTomato

Но когда покупаешь новую партию одноплатников для домашних поделок, невольно закрадывается мысль: а почему не использовать старое железо, которое пылится в подвале? Иногда старенький 80486 вполне может справляться с работой того же маршрутизатора.

▍ Linux-маршрутизатор из старого ПК

Ещё в конце 90-х появилась идея, что в роли маршрутизатора можно использовать обычный Linux-компьютер. Нужно только доукомплектовать его соответствующим образом. Если вспомнить, какие детали мы использовали раньше для этих целей, то сейчас многие из них уже отсутствуют в продаже. Но в принципе, их можно найти на барахолках, если есть такой интерес.

В те времена маршрутизаторы частенько устанавливали для организации совместного доступа в интернет, например, по ADSL. Интернет был дорогим удовольствием, так что имело смысл сброситься на подключение всем пользователям локальной сети (например, из одного или нескольких многоквартирных домов).

Мосты между домами прокладывали кабелем или по Wi-Fi (адаптеры в ПК + антенны). В качестве адаптеров были популярные устройства Aironet (позже эту фирму купила Cisco):

С обеих сторон роль маршрутизатора выполняли обычные «пентиумы». Сборка собственного Linux-маршрутизатора имела экономический смысл, потому что коммерческие модели c такой функциональностью стоили тысячи долларов. А средние зарплаты у инженеров (и программистов) тогда были в районе 150 долларов, что говорить о студенческих стипендиях, так что приходилось экономить.

В общем, типичный комплект 1998 года выглядел примерно так, с теми ценами:

Пару советов по кабелям:

• Не экономить на качестве кабеля.
• Не прижимать, не сгибать и не подвергать кабель другим пыткам.
• Использовать короткие кабели (чем короче — тем лучше, потому что сигнал реально затухает с каждым метром).

В наше время можно взять практически любой компьютер, поставить туда хорошую сетевую карту с поддержкой Wi-Fi и специализированный Linux-дистрибутив — и маршрутизатор готов. Специалисты рекомендуют брать серверную карту на чипсете Intel i350.

В прошлом веке использовали дистрибутив Linux Router, а сегодня на выбор — десяток специализированных альтернатив. Некоторые перечислены выше в разделе про одноплатники. К ним можно добавить OPNsense, pfSense и IPFire, причём первые две — наилучший выбор (вместе с OpenWRT). Нужно только оговориться, что pfSense основан на ядре BSD, а не Linux, а OPNsense — форк pfSense.

OPNsense

Как вариант, можно запустить скрипт linux-router, который настроит любую Linux-систему на раздачу трафика по одному из следующих сценариев:

Internet----(eth0/wlan0)-Linux-(wlanX)AP
|--client
|--client"><pre class="notranslate">Internet----(eth0/wlan0)-Linux-(wlanX)AP
|--client
|--client

 Internet
WiFi AP(no DHCP) |
|----(wlan1)-Linux-(eth0/wlan0)------
| (DHCP)
|--client
|--client

 Internet
WiFi AP(no DHCP) |
|----(wlan1)-Linux-(eth0/wlan0)------
| (DHCP)
|--client
|--client

 Internet
Switch |
|---(eth1)-Linux-(eth0/wlan0)--------
|--client
|--client

 Internet
Switch |
|---(eth1)-Linux-(eth0/wlan0)--------
|--client
|--client

Собственный компьютер-маршрутизатор полностью программируемый и под своим контролем — это отличная идея. На рынке есть специализированные мини-ПК, например, на чипсете Pentium N6005.

Intel Pentium N6005

Но то же самое и даже лучше можно собрать своими руками из старого ПК и лишних комплектующих. Преимущество мини-ПК — низкое энергопотребление (около 10 Вт) в режиме ожидания, в котором устройство проводит 99% времени. Показатель почти как у обычного маршрутизатора (3–5 Вт).

В начале 2000-х маршрутизаторы с большими антеннами «добывали» интернет в удалённых районах, передавали его на точку распределения трафика для раздачи голодным до интернета местным пользователям. В принципе, сегодня большинство типичных ситуаций в доме и офисе примерно такие же. Маршрутизатор должен «добыть» интернет — и раздать его местным пользователям, хотя в роли юзеров уже не столько люди, сколько всяческие устройства: телевизоры, колонки, холодильники. Что тут говорить, даже офисный чайник последней модели стучится в интернет, а управлять им можно через приложение, чтобы вскипятить воду перед приходом в офис.

В общем, старые компьютеры всегда можно переиспользовать, в том числе в роли маршрутизатора. Наверное, жители Германии или Испании на барахолках могут найти кучу интересных гаджетов 2000-х годов, и те же PCMCIA-карты Wi-Fi и карты Aironet. Если повезёт, можно даже найти Wi-Fi-адаптер для десктопа PCI или даже ISA. Наверное, тысячи таких адаптеров лежат без дела где-то по чердакам и шкафам у компьютерных энтузиастов.

Почему бы не взять их для хорошего дела? Пусть потрудятся ещё пару лет, пока не сгорят. Хотя старая техника зачастую оказывается надёжнее самых новых моделей, так что ожидание может затянуться… 😏

Telegram-канал с розыгрышами призов, новостями IT и постами о ретроиграх 🕹️

Get the best OS for your router; totally free and community supported.

Routers have traditionally been created using proprietary software, which means the source code is closed and cannot be modified by users. However, open-source router operating systems have grown in popularity in recent years, providing customers with additional freedom, customization, and control over their networks.

Here is our list of the best Open Source Router OS Software for Small or Large Networks:

1. OpenWrt A Linux-based open-source router firmware that can be installed on a wide range of hardware platforms. It provides a customizable, modular, and lightweight platform for creating routers, gateways, and other network devices.
2. pfSense An open-source firewall and router platform based on FreeBSD. It provides a wide range of features, including VPN, load balancing, traffic shaping, and more. pfSense can be used to build a range of network devices, from small home routers to large enterprise firewalls.
3. DD-WRT Another open-source router firmware based on Linux. It provides advanced features like VPN, VLAN, and QoS, and it can be installed on a wide range of routers. DD-WRT is suitable for both home and enterprise use.
4. VyOS Based on Debian Linux. It provides a wide range of routing and security features, including VPN, firewall, NAT, and more. VyOS can be used to build a range of network devices, from small home routers to large enterprise firewalls.
5. RouterOS Developed by MikroTik. It provides a wide range of features, including VPN, firewall, hotspot, and more. RouterOS can be used to build a range of network devices, from small home routers to large enterprise firewalls.
6. Tomato An open-source router firmware based on Linux. It provides advanced features like VPN, QoS, and traffic monitoring, and it can be installed on a wide range of routers. Tomato is suitable for both home and enterprise use.

The flexibility to tweak and personalize the software to meet the specific needs of a given network is one of the key benefits of utilizing an open-source router OS. This is especially crucial for corporations and organizations with distinct needs or applications. Users of open-source software can alter the code to add new features, improve performance, or increase security.

Another advantage of open-source router operating systems is their transparency. Users are frequently left in the dark about how the router works and what data it may be gathering when using proprietary software. Nevertheless, with open-source software, the source code is openly available, allowing customers to understand exactly how the router works and have more control over how their data is handled.

There are several variables to consider when choosing an open-source router OS. The amount of support and community participation surrounding the product is one of the most significant. A strong user and developer community can assist ensure that the program is always up-to-date and safe, as well as provide essential resources for troubleshooting and modification.

Another crucial element is the range of features and functionalities given by the software. Certain open-source router operating systems may include more advanced routing and security capabilities, whereas others may be more focused on usability and flexibility. When choosing a router OS, it is critical to analyze the specific needs of a given network and to select one that delivers the correct combination of features and functionality.

The Best Open Source Router OS Software for Small or Large Networks

1. OpenWrt

OpenWrt is a popular open-source router firmware that has been around since 2004. It offers a range of features and functions that make it a viable option for both small and large networks. One of the most notable features of OpenWrt is its customizability. Users can choose from a wide range of packages and modules to install on their routers, allowing them to tailor their devices to their specific needs. This can be particularly useful for those who need advanced features like VPN, QoS, and more.

Key Features:

• High customizability
• Lightweight design
• Strong security
• Open-source
• Active community

Another benefit of OpenWrt is its lightweight design. The firmware is optimized for performance and can run on a range of hardware platforms, including routers with as little as 4MB of flash storage. This makes it an ideal choice for those who want to repurpose an older router or use a low-cost device. OpenWrt is also known for its security features. It provides regular updates to address security vulnerabilities and includes features like packet filtering, NAT, and VPN to help keep networks secure.

As open-source software, OpenWrt is free to use and distribute. However, some hardware manufacturers offer pre-installed versions of the firmware for a fee. One potential downside to OpenWrt is the lack of official support. While there is an active community of developers and users who provide support and guidance, there is no official customer support team. This can be a concern for those who require assistance with their router.

Ultimately, OpenWrt is a powerful and versatile open-source router firmware that offers a range of features and functions. Its customizability, lightweight design, and security features make it a popular choice for both small and large networks. However, users should be aware of the potential downsides, including the need for technical expertise and the lack of official support.

2. pfSense

pfSense is a FreeBSD-based open-source firewall and router platform. It has a wide range of features and functionalities, making it a popular choice for both small and big networks. The versatility of pfSense is one of its most prominent advantages. It may be used to build everything from small home routers to massive enterprise firewalls.

Key Features:

• Powerful firewall capabilities
• Comprehensive network solution
• User-friendly interface
• Regular security updates
• Commercial support available

One of pfSense’s most notable features is its robust firewall capabilities. It provides capabilities such as sophisticated packet filtering, stateful inspection, and intrusion detection and prevention to help keep networks secure. Moreover, pfSense supports VPN, load balancing, traffic shaping, and other network functions, making it a complete network solution.

pfSense is also noted for its ease of use. Its web-based interface is intuitive and user-friendly, making it easy to configure and manage even for those who are not networking specialists. Furthermore, pfSense releases regular updates to correct security flaws and improve efficiency. pfSense is free to use and share as open-source software. Commercial support and services are, however, available for individuals who require further assistance or features.

One disadvantage of pfSense is that it requires more powerful hardware than some other router software solutions, which may restrict its usefulness for some users. Another potential disadvantage is that pfSense may be more difficult to install and configure than other router software solutions. While the web-based interface is simple to use, users may need to spend more time configuring the product to match their individual requirements.

pfSense is a robust and adaptable open-source router and firewall platform with several features and functionalities. Many customers like it because of its flexibility, effective firewall features, ease of use, and regular upgrades. However, before deciding to utilize pfSense, users should be aware of the potential hardware requirements and configuration complexity.

3. DD-WRT

Since 2005, DD-WRT has been a popular open-source router firmware. It has a variety of features and functionalities that make it suitable for both small and large networks. Customizability is one of DD-most WRT’s most significant features. Customers can install a variety of packages and modules on their routers, allowing them to personalize their devices to their individual needs. This is especially handy for individuals that require advanced capabilities such as VPN, QoS, and others.

Key Features:

• Customizability
• Compatibility with hardware
• Strong security features
• Free and open-source
• Active community

Another advantage of DD-WRT is that it is compatible with a wide range of hardware platforms. It may be installed on a variety of routers, including older models, making it a low-cost solution to repurpose existing equipment. The security features of DD-WRT are also well-known. It receives regular updates to address security vulnerabilities and offers network security capabilities such as packet filtering, NAT, and VPN.

DD-WRT is free to use and distribute as open-source software. However, some hardware manufacturers charge a price for pre-installed firmware versions. Also, there are several disadvantages to utilizing DD-WRT. One potential disadvantage is that installation and configuration require considerable technical knowledge. It may be difficult to set up for users who are unfamiliar with networking fundamentals or Linux.

Another disadvantage of DD-WRT is the absence of official support. There is no official customer service team, but there is an active community of developers and users that provide assistance and guidance. This can be a problem for folks who need help with their router.

It is a popular choice for both small and big networks due to its customizability, compatibility with older hardware, and security features. Users should be aware of the potential drawbacks, such as the requirement for technical expertise and the lack of official support.

4. VyOS

VyOS is a Debian Linux-based open-source router and firewall platform. It has a variety of features and functionalities, making it a popular choice for both small and large networks. VyOS’s excellent routing capabilities are one of its most notable characteristics. It contains complex routing protocols such as OSPF, BGP, and RIP, making it a complete network routing solution.

Key Features:

• Advanced routing protocols
• Comprehensive security features
• Flexible deployment options
• User-friendly interface
• Open-source and free

VyOS has several security features in addition to routing. It provides stateful firewalling, VPN, NAT, and other features to assist secure networks. VyOS also supports QoS, network address translation, and other advanced features, making it a versatile solution.

VyOS is also well-known for its adaptability. It is a suitable alternative for a variety of situations because it may be deployed as a virtual machine, on bare metal hardware, or as a cloud instance. Its web-based interface is also user-friendly and straightforward, making configuration and management simple.

VyOS is free to use and share as open-source software. Commercial support and services are, however, available for individuals who require further assistance or features. VyOS has the potential disadvantage of requiring more technical expertise to set up and customize than other router software solutions.

While the web-based interface is simple to use, users may need to spend more time configuring the product to match their individual requirements. Another potential disadvantage of VyOS is that it may require more hardware than other router software solutions, which may limit its usability for some users. Many users like it because of its sophisticated routing capabilities, advanced security features, and versatility. However, before using VyOS, users should be aware of the potential need for technical expertise as well as greater hardware requirements.

5. RouterOS

MikroTik, a Latvian networking firm, created RouterOS, a robust router operating system. It has a variety of features and functionalities, making it a popular choice for both small and large networks. RouterOS’ flexibility is one of its most notable qualities. It may be used as a router, firewall, hotspot gateway, and more, making it a complete network management solution.

Key Features:

• Versatility
• Advanced routing protocols
• Security features
• QoS support
• Intuitive interface

RouterOS also incorporates sophisticated technologies like BGP, OSPF, MPLS, and VPLS, making it a formidable routing solution. It also incorporates several security capabilities, including stateful firewalling, VPN, and others, to aid with network security. Furthermore, RouterOS supports QoS, network address translation, and other advanced features, making it a versatile solution. RouterOS may have a longer learning curve than other router software solutions, which could be a disadvantage. While its web-based interface is simple and easy to use, it provides a vast range of customizable options that may necessitate more technical knowledge to fully exploit.

RouterOS has a variety of pricing choices based on the features and functions required. The program can be licensed for specific hardware or usage as a virtual machine. For individuals that require more assistance in utilizing the software, MikroTik also provides a variety of training and certification opportunities. Another potential disadvantage of RouterOS is that it may require more specific hardware than other router software solutions, which may limit its use for some users.

RouterOS is a versatile and powerful router operating system with a variety of features and functionalities. Many customers like it because of its adaptability, comprehensive routing and security capabilities, and support for QoS and other complex functions. However, before using RouterOS, customers should be aware of the potential need for technical expertise as well as greater system requirements.

6. Tomato

Tomato is a free and open-source router operating system with a variety of features and functionalities for controlling small to medium-sized networks. Tomato’s straightforward web-based interface is one of its main features, making it simple for customers to set up and administer their networks.

Key Features:

• Intuitive interface
• QoS support
• VPN support
• Traffic monitoring
• Wireless hardware support

Tomato, in addition to its user-friendly interface, includes several complex capabilities such as Quality of Service (QoS), VPN support, and traffic monitoring. These qualities combine to make it an effective solution for regulating network traffic and ensuring that key applications have adequate bandwidth. Tomato also supports a variety of wireless gear, including popular versions from vendors such as Linksys, Buffalo, and Asus. As a result, it is a versatile choice for customers that need to manage both wired and wireless networks.

Tomato may not have as many advanced capabilities as other router operating systems on the market, which could be a disadvantage. While it supports QoS, VPNs, and other advanced capabilities, it may not be the ideal choice for users who require more advanced routing or security. Tomato can be downloaded for free, and there are no license fees associated with its use. As a result, it is a cost-effective alternative for customers who need to manage small to medium-sized networks.

Overall, Tomato is a user-friendly and adaptable router operating system with a variety of features and functions for network management. Its user-friendly interface, compatibility with a wide range of wireless gear, and support for QoS and other advanced features make it a popular choice among many users. Users should be cautious, however, of its potential limits in advanced routing and security features.

Best free Linux router and firewall distributions of 2023

This article was last updated on December 30, 2022.

There are countless Free and Open Source Linux/BSD distributions to choose from for your router. However, there are many outdated recommendations on the internet, so it’s not an easy choice. Therefore, we have decided to create a definitive firewall comparison for 2023. 

Wikipedia has a list of router and firewall distributions, but the list is not useful because it’s inaccurate (as of January 2023), and it doesn’t really compare these systems in a way that helps making the choice without trying all of them one by one. It also lists many outdated and irrelevant systems that should be avoided in 2023.

If you are looking to get the most out of your hardware appliance or are building a new firewall, we have done the research for you.

Why is our router distro comparison better than others? 

We have been selling hardware for building Open Source firewalls and routers for many years. Over the last year, we have installed and configured most, if not all, distributions out there. We install and configure pfSense, OPNSense, OpenWRT, Vyos, IPFire, and other systems daily, so we have a good idea of which Operating Systems work better than others. In addition, we don’t make any money from any software vendors, which makes this recommendation relatively objective. 
We hear customer feedback daily; if there are performance issues or problems with updates, we hear about it.

Top 10 Open Source Firewall Software to avoid — what you should NOT use.

Other comparisons recommend Operating Systems that are long dead or no longer relevant. This is most likely because these «Top 10 Open Source Linux Firewall Software» lists are copied from year to year by non-technical users without doing the actual work of comparing them.

Some Operating Systems have been superseded or stopped being maintained and become irrelevant. You want to avoid such systems because of security reasons — these distros are outdated and have insecure Linux/BSD kernels, potentially exposing you to security exploits. 

1. IPCop — avoid at all costs.

Once a popular operating system, included in all «top 10» lists such as this one. You should avoid using it. The last release was in 2015, and the system is ancient by today’s standards. The official website is dead, but the source code is still out there. Don’t use it.

2. Smoothwall — long dead.

Smoothwall got a good reputation in the early days when it was competing with IPCop. It went silent in 2014. Smoothwall OS has been abandoned and is no longer relevant or secure. You should avoid it. The website is still up and running but hasn’t been updated in many years.

3. DD-WRT — no longer competitive.

This is a controversial recommendation because many users still feel that DD-WRT is good. It certainly was back in the day. Today DD-WRT is still functional and works, but it’s not great or innovative. It’s mostly unchanged since 2014 and fell far behind other open-source competitors. Today there are many good alternatives, such as OpenWRT.

4. M0n0wall — retired.

M0n0wall is the godfather of the most successful operating systems we have today. It’s been one of the most innovative projects of its day, but it’s now retired. The system hasn’t received any updates since early 2014 and is officially abandoned. 
Manuel Kasper, the author of M0n0wall, recommends OPNSense as its successor. 

5. Tomato — not for new routers.

Tomato is cool, and we love it, but it’s minimal firmware designed for flashing off-the-shelf routers such as D-Link and Asus. The system is still relevant if you want to resurrect your old hardware and make it functional again, but if you are building a new router, you probably don’t want to use tomato on it. We are building powerful routers from scratch, so we generally don’t use this system (we still love it).

6. Zeroshell — abandoned.

Although Zeroshell never reached the point of being good enough to be recommended, we had high hopes for it in 2019 when we started maintaining this list of recommendations because it was developed from scratch rather than based on another system and had some innovative features. Unfortunately, the system got officially abandoned in September 2021. No longer maintained and secure.

---

Not recommended because they are not user friendly

These systems are relevant and receive updates, but we still don’t recommend them, at least to less technical users. 

We don’t recommend the below systems because they require relatively high expertise to perform simple tasks. These days, SOHO routers (Small Office / Home Office) should be easy to set up and have an Intuitive Web Interface to manage. Updating your router should not require hours of work on the command line. For these reasons, we don’t recommend the following systems:

7. VyOS — no Web interface.

We actually like VyOS. It’s a good, innovative system that is actively developed and receives regular updates. So why don’t we recommend it, then? 

VyOS must be managed from the command line, and it requires a high level of expertise to maintain and use. If you are a Linux expert, have some time on your hands, and love the command line interface, you can give it a shot — some of our customers use it successfully. However, it’s not a good choice if you are a home user who just wants to get things done. 
There are two release variants of the system. The «stable» release and the «rolling» release. Most users likely want to use the stable release; however, this release is only free if you compile it from the source code yourself. This hurdle discourages many users. The rolling release is free but not guaranteed to be stable — and we can attest to this as several times we hit a bug when installing it. The rolling release also isn’t covered by the official documentation.

8. OpenBSD and FreeBSD — use only if you have 10+ years of the command line experience.

OpenBSD and FreeBSD are actively developed and are very capable, but these systems require a high level of understanding of operating system internals and low-level networking to be used as routers.

We routinely install both systems for customers that are experts, such as network administrators or software developers. If you don’t want to mess with system internals and spend hours reading manuals, this is not a system for you. It does not provide any Web UI or GUI tools for configuration. It’s a barebones terminal-based system.

9. Debian and Ubuntu — don’t use general-purpose OS for your router.

These systems are not intended for routers. They are general-purpose operating systems and should not really be used as routers. Similar to OpenBSD and VyOS, you will have to configure everything by hand without a Web Interface. It’s easy to make a mistake and leave a hole that exposes internal systems to attackers. 

---

Not recommended because they are not really free

There are also a few systems we don’t recommend because they are not truly free or open source.

10. Untangle — is it really free if OS asks you to upgrade to a paid version?

Untangle NG Firewall is truly great software with many happy users. However, we don’t recommend it because the free version is very limited, and the operating system constantly incentivizes the users to upgrade to a paid subscription to unlock the cool functionality. The cheapest license is $50 USD/year. 

11. Sophos — small fish in an enterprise pond.

Sophos «XG Firewall» distribution has a very friendly user interface and is free for home use. However, we generally don’t recommend it because it’s not a system that Sophos itself promotes. Sophos’ website seems to make it purposefully hard to find, and the community is very small. Sophos, in general, is an enterprise software company with one community product. It’s not an Open Source system — it’s a free product from an enterprise.

12. Endian — you really have to pay to use it fully.

Endian is actually pretty cool and has a free version. We don’t recommend it because features like WiFi are available only in paid subscriptions. Similar to Untangle, it’s good software, but you have to pay for it — this disqualifies it from our consideration.

Best Linux/BSD Router distribution in 2023 (4 recommendations)

To choose the best Operating System for routers, we have set a few basic guidelines. All systems not compatible with these guidelines have been rejected. 

Basic requirements for choosing Firewall Operating System

1. The system must be actively maintained and regularly receive security patches.
2. The system must be fully Free and Open Source
3. The system must have a Web interface or GUI. Command line operating systems are disqualified.
4. The system must be performant and work well for a typical user.

These basic requirements are reducing the list of recommendations to 4 systems. pfSense, OpenWRT, OPNSense, and IPFire.

Final verdict

In short, if you plan to use WiFi in your router, choose OpenWRT. It has the absolute best support for wireless of all systems we have tested. 

If you don’t need WiFi support or are planning to use separate Access Points, we recommend OPNSense or pfSense. 

---