Librem Mini as Router

Curious if devices such as M.2 Key M to PCIe x4 adapters will be compatible with the Librem mini when used with PCIe x4 network cards.

Such a configuration would make the mini a very capable intel based router able to run a distribution such as OPNsense or pfsense.

I currently have an Up Xtreme i3 running OPNsense with a Net+ carrier board so it supports a wide range of features.

If firmware support were worked out so the mentioned configuration could be obtained then a SATA SSD could be used for the OS while the M.2 port was used to add additional gigabit ethernet ports (4x or so) with a PCIe x4 network card. With support for WiFi separately, this would definitely set users up with a very capable mini router.

If such an adapter were made an external enclosure that was capable of holding the network card and adapter while attaching to the librem mini or having a short cable between the mini and the adapter could make this a good solution for a mini configured as a router.

These adapters are available abundantly on the market, but sometimes there exists a firmware problem with being able to identify the PCIe x4 network card on the PCIe lanes provided by an M.2 slot, so this would likely require some firmware support so it could function.

I did see a mention of mini’s possibly being able to support router functions, but having just one ethernet port and one WiFi connection provides a pretty limited capability set for a router with the processor that is in the mini. Unless users use other options, such as USB ethernet adapters to gain access to more ports.

If the mini has one ethernet port and one WIFI, that should be all that is needed. The WIFI should be able to handle many simultaneously wireless connections. A ten dollar ethernet switch should provide all of the needed physical ethernet port connections.

I think that ultimately depends on who is configuring the network and how they would like to build their network and connect devices.

For a start, it depends what you mean by a router.

From your discussion, you may be looking for an “all in 1” network device i.e. router + switch + wireless access point.

A “true router” for most modern purposes needs exactly two ethernet ports, not more, not less.

There are advantages and disadvantages of the “all in 1” approach v. the “true router” approach. So in part it would depend on what your motivation is / what your goals are.

The actual grunt available is probably a little overkill for a router.

Excessive grunt can be a problem because then there is the temptation to use the box for additional purposes - but that violates good security. So in that case, with this box, maybe you would want to have two VMs - one doing the actual routing (and only that), and one for everything else (things that should be LAN side).

I wouldn’t like a router that has a fan, at least in a domestic setting, but that’s going to depend on the specifics of where the router is going to live in your house.

Getting the WiFi component to act as an access point can be tricky in the Linux world e.g. for some devices there is no support under Linux at all and e.g. even where the support exists, you need it to be open source and freed if that is part of your motivation for considering a Purism device.

Not really, if you have a switch with vlan support 1eth is enough, you can multiplex as many logical ports into it as you wish. And vlan-capable switch is not necessary enterprise-grade switch, many commodity switching chips support vlan tagging.

For simple router yes, it’s an overkill, but for more sophisticated edge device - maybe not, depends on what network functions you want to put on it and which performance you expect in the end (just thinking about sdwan edge with nfv ngfw and ssl-vpn on data plane)

1 Like

Fair cop.

It could just be me but VLAN that is used to allow a router to have one physical ethernet port isn’t great for sleeping well though. That config always makes me edgy (no pun intended). It means that one slip up in switch config (including even device plugged into wrong port) means that the router can be bypassed - since the internet physically can communicate with your LAN, and vice versa.

True. You might not get a VLAN-capable switch for the “ten dollars” referred to above however.

1 Like

well, you may forget to turn on firewall on the router… leading to the same result :wink:

1 Like

That can happen in either router config (one ethernet port + two VLANs; two ethernet ports). Stuffing up the switch config is a new point of external security failure, unique to the “one ethernet port” config.

All your points are valid. With correct config, one ethernet port + VLANs can be completely secure.

Whether you would use this particular box in part depends on how critical the purity of the hardware is to a user’s requirements, and whether the Pureboot lock-down functionality is essential to the router (and it certainly would be a nice feature).

It’s about what lets you sleep at night. For me, I would get a box with two ethernet ports.

I have seen it claimed that the underlying hardware is off-the-shelf. If that’s correct then the same manufacturer certainly offers other models in the range that have two ethernet ports and perhaps Purism would consider that if and when they explicitly tackle the router market segment. But NO fan, please. :slight_smile: