That's a very ambitious take on this problem. It is pretty cool (and definitely more secure) to run OpenBSD but you can probably get most of the upside by slapping OpenWRT on the consumer router you already have. A $50 WDR3600 happily handles several VPNs, custom VLANs, an IPv6 tunnel, exotic routing, an external drive, and a Samba server while doing the typical SOHO router-y stuff, like wifi.<p>BTW Running my own name server has solved a lot of weird slowdowns I used to experience when browsing the web or sshing. According to namebench[1], my router doesn't even crack the top three when it comes to response time so I used to have it forward queries but in practice, after it warms up, it's more reliable and delivers a smoother experience than either my ISP or Google.<p>[1] <a href="https://code.google.com/p/namebench/" rel="nofollow">https://code.google.com/p/namebench/</a>
So... $337 for a decent soekris board and 'ok' case... or $340 for this: <a href="http://www.amazon.com/Ubiquiti-Networks-Edgerouter-Router-ERPro-8/dp/B00IA5J8M8/" rel="nofollow">http://www.amazon.com/Ubiquiti-Networks-Edgerouter-Router-ER...</a><p>The latter has a complete open-source OS, you can ssh in and re-flash it yourself easily, a great community, the same TCP hardware offload, etc. I have been spec'ing out a BSD+soekris board setup for years, but when the Edgerouter came on the market it was a no-brainer. The fact that it works-out-of-box with little effort (for someone experienced with networking) is a big win, and that its quite easy to re-flash it and tweak as desired sure doesn't hurt.<p>While I really dig the DIY-router stuff, and was about to do it myself, Ubiquiti has sure made it hard to go that route when they can supply dang good products for the same price or less.<p>Edit: Added bit that this isn't a "zero effort for newbs" type product. If you've never setup a router, there'll be some research in your future to setup an Edgerouter, or BSD router.
Personally I like to get a consumer router and put OpenWRT on it. It used to be a lot harder but it's gotten a lot more simple and effective. I have a few reflashed Netgear WNDR3700s but there are probably better ones out there that are pretty cheap too.<p>It takes more research and work but it's more simple than having to install everything onto a clean OS install.
Does Soekris have any competition in this space? Any time I check I can never find any viable competitors. Soekris seems to have hit the "IDA Pro sweet spot," AKA unbelievable product priced just low enough to scare away any new competitors.
And for the rest of us there is: <a href="http://routerboard.com" rel="nofollow">http://routerboard.com</a><p>Which as-far-as-I-know comes with all open source software, it very well supported by a large community.
I've been using MikroTik lately because I wanted to identify my traffic and Qos it differently for VoIP installations. It seems to do well with this.
Allow me to save all of you who follow this guide $14 and hours of headaches: don't waste your time with the internal USB port on the Soekris net6501. The little Sandisk Cruzer drives that fit inside the case are total crap. The two that I bought lasted less than a day each. I think that writing the 4GB PFsense image to them was enough to kill them. Unfortunately for me, it didn't kill them in an obvious way. In my case, strange things started happening in PFsense. DNS became half-broken, DHCP for new clients didn't function, etc. I finally realized what was wrong and threw the USB drives in the trash and bought some of these guys and the problem was solved:<p><a href="http://amzn.com/B00ELQZD10" rel="nofollow">http://amzn.com/B00ELQZD10</a>
Most consumer routers include an access point too nowadays.<p>The downside of this OpenBSD setup, is that you still need a consumer grade AP next to your router (that's exactly the setup I have).<p>OpenBSD still doesn't support 802.11 > g, regrettably.
I'm using an ASUS RT-AC68U with totally open source firmware, supported by asus, with timely updateds to fix security issues. It's a 802.11ac. I really recommend it. Works very well.
I just added an OpenBSD firewall in bridge mode between my Comcast router and the rest of my network. It's implemented on a Shuttle DS57U (dual-core 1.5GHz Broadwell Celeron 3205U), with 16GB Crucial DDR3L RAM and a 128GB Crucial SSD (leftover parts). Total price: $358. It's a pretty sweet box: fanless, metal chassis, dual Intel Gigabit Ethernet. The only (minor) quibble is the CPU doesn't have AES-NI.
Here is the link to the relevant section ...<p><a href="https://youtu.be/a-wtYUKoBa0?t=3662" rel="nofollow">https://youtu.be/a-wtYUKoBa0?t=3662</a>
My only concern would be the use of a SSD for something like this. I know with PFSense and Untangle, applications like this will shred a ssd in fairly short period of time.