Zendir

Posted on January 30, 2023 by Tylor Kobierski

In 2020, I took on a minor challenge: I made my own router.

It ended up being a lot more than just a mere router.

The system does multiple different things for me:

  • It’s a router and a firewall with 10 GB/s connection speeds.
  • It’s a NAS that serves files through Samba on my network.
  • It’s a server for my own personal wiki to organize my thoughts.
  • It’s a todo manager for large projects we have around the home.
Zendir sitting on my desk.

I would like to give a big thank you Manuel Cerrato for documenting his own router building process. And archwiki for most of the rest.

How I did it

Hardware

Zendir’s internals

The base of Zendir is effectively a mid range gaming desktop, with most of the parts (excluding some of the most important ones like the NIC) available from local shops. I chose the following hardware:

  • Rog Strix B550 Motherboard with Wifi - This will provide a good enough base for everything. I don’t need many peripherals. I need a handful of PCIe cards. The intel wifi chip is disgustingly locked down but it is completely sufficient for a small 2.5 GhZ band AP. Most of the devices I actually care about and are used on a daily basis are wired. It also has a 2.5 Gb/s NIC port, which I can use for any devices that I can’t 10 G/B
  • Ryzen 3600 CPU - this should provide more than enough parallelism for most of my purposes.
  • 16 GB of RAM
  • A QLogic 10gb 4 port NIC so all my computers can connect to storage quickly and effectively. I found a very good deal for this card so I just took it.

Most of the components could be easily purchased through Microcenter and Newegg, though a few choice components (like the 10gb NIC) are sourced from ebay.

This is not a cheap project - if you merely want a router or a NAS, you can easily purchase a router and a NAS for a fraction of the cost of this project. A lot of this is for fun.

Software

Zendir’s software is a little unusual compared to a lot of things.

As a base for the system, I chose to use Arch Linux. “Stable” distributions of Linux like Debian or Ubuntu didn’t work particularly well with the hardware stack – I actually couldn’t even get the installer to run at all. I also didn’t care for the idea of living with decrepit software that inevitably finds itself in the stable branches of many distributions. Arch works perfectly, and had no particularly nasty drawbacks given the scope of what I was planning to do with this machine.

I recommend you install yay to easily manage things that live on the AUR, since it makes updating them very simple to manage.

Networking

Networking is main point of building Zendir - we want it to route traffic and route it well. You’ll need a couple things here:

  • A firewall
  • A DHCP client to retrieve an IP address from your ISP
  • a DHCP server to delegate IP addresses to other machines in your local network
  • A DNS Server
  • A wireless access point daemon

I ended up going with Manuel Cerrato’s suggestion of using FireHOL - I found the configuration style a breath of fresh air compared to dealing with iptables rules. And, there was an AUR package for it, which is nice. We block everything on the external network, except what we serve directly to the outside, or what hosts within the system explicitly ask to route to themselves.

External IPs are assigned with dhcpcd using SLAAC. Internal ones are managed by dnsmasq.

We use dnsmasq as a way of assigning local IPS, and blocking ads and malicious sites. We set DNSmasq to cache results from a German DNS provider, and added a cron script to sync a DNSmasq blocklist from github.

It’s important that you use a hosts style blocklist rather than a dnsmasq style blocklist - the latter is very inefficient, and will slow your ability to resolve sites down considerably.

Aside form the wireless settings, setting up IPv6 is probably the worst part of this process, depending on who you use as an internet service provider.

Setting up wireless is the absolute worst. HostAPD is the method that I chose. HostAPD is easy to set up - it’s not the problem. All it really asks for is a few key bits of information: You will need to set up what wireless features your card supports, what cart to use, etc. You can get all the information you need to do from a simple iw list. The real problem is that most wireless hardware that you can buy these days is horribly and disgustingly locked down, if you are a mere consumer as myself. Most cards you can buy will only emit frequencies allowed by the lowest common legal denominator, and a lot of those cards do not allow you to bypass that, because they lock it down in the firmware and make it difficult to bypass or update, even if the signals are technically legal in your jurisdiction.

As a result, if you roll your own wireless hardware you’re likely going to limited to weak 2.5 GhZ. I expect, maybe, if you can get your hands on a hard AP card, you can bypass this, and have a nice 5 GhZ or 6 GhZ endpoint. I’ve not been able to get around this unfortunately. I know some people have successfully done this. One key point will be that you will need at least one card per frequency spectrum you support. The unfortunate side effect is that I currently can only connect my devices to the router using either a physical wire or a particularly weak 2.5 GhZ connection which does not come close to letting my wireless devices saturate bandwidth.

Backup

A second part of this is to act as a backup system, and a place to hold a few of our files. There are two aspects to this:

  • There is a smaller 1TB SSD, which is used to quickly share things through Samba.
  • There is a large 4TB HDD, which is used to archive everything on the HDD as well as key components of the base system.

To do this, I created a script, run daily through cron, which will rsync the 1TB SSD to the 4TB HDD, along with everything within the /etc, /var, and /opt directories, which include all of the critical configuration associated with the system.

A combination of samba with wsdd2 allows anyone on the internal network to mount and interface with our storage drives.

Services

At this point, we have a useful router and backup system, but the hardware could provide us with a lot more than just those two things.

I added quite a few intranet services onto the computer so I can command it to do interesting things.

A combination of Gitea and Jenkins allows me to store a lot of my software projects on Zendir, have them backed up, and then automatically built and deployed to the appropriate locations. This blog is included in that, but also several personal systems depend on this.

I set up PHP FPM along with Nginx, which allows me to run several useful services:

  • I set up a wiki. I use this to jot down notes which can be shared across any computer on my network. I chose dokuwiki for this, because I’m very familiar with dokuwiki and like it.
  • I set up a kanban board. I use this to organize big tasks that I need to do in my day-to-day ife.

I also used the system to set up a few useful services that can be accessed externally:

  • Dendrite - this allows me to communicate with Matrix services
  • Pleroma - this serves me as a home base for any ActivityPub related-activities that I do.

I’ll probably add even more features in the future, when I begin to upgrade the hardware. Or perhapse, I might break down a few of these services across several different machines, and isolate them in some way, so that I’m not reduced to a single point of failure. As it is, this is still better than my previous setup, which I feel like I had very little control over at all, and has been at risk just by the very nature of a lack of firmware updates for many, many years.

Final Notes

It’s not particularly hard to create a router for yourself, and setting it up is actually quite fun. There is a lot that you can do using off the shelf hardware which you can use to boost the productivity of your entire household.

Unfortunately, this post is pretty bird’s eye, and I intentionally avoided writing too much about the config. But I’d be happy to answer any questions about how to do these sorts of things. The Arch linux wiki was extremely helpful in getting many of these things working!