I spent some time over the weekend playing with Pfsense, and I can’t say much about it other than it does what it says. I didn’t throw a ton of hardware at it–the best motherboard I have laying around is a late P4-era Celeron board, and the best network card I could find was, believe it or not, an ancient Netgear 10/100 card with the late, lamented DEC Tulip chipset on it. Great card for its time, but, yeah, nice 100-megabit throughput, hipster.
If you actually configure your routers rather than just plugging them in, you can do this. Plug in a couple of network cards, plug in a hard drive that you don’t mind getting overwritten, download Pfsense, write the image file to a USB stick, boot off the USB stick, and follow the prompts. Then, to add wireless, plug in a well-supported card like a TP-Link and follow the howto. At the turn of the century, when a Linksys wired router cost $200, I used to build my own routers out of surplus x86 PC parts and run single-floppy Linux router distributions on them. Today, when a nice wireless router costs $20, that makes less sense. You won’t save any money with this approach today but you gain a lot of power. Even a $200 router can’t compare with a full-blown PC’s power. You get a stronger firewall, and you can add nifty features like web caching with Squid, web filtering to blacklist known bad domains and any other content you find objectionable, and other niceties.
You can even do virus scanning on the router, if you’re willing to incur a bit of a speed penalty to do so. It’s based on Clam AV, so the additional protection for Windows PCs already running competent antivirus would be negligible, but it might be a nice additional layer of protection for Android devices.
If you’re willing to spend $200 on a router, rather than buying a high-end model, you’ll do much better buying an inexpensive off-lease desktop PC–be sure to get one with a gigabit NIC and as many open PCI Express slots as possible, such as an HP dc5850–and a wireless NIC and a second wired NIC. Or, for the best hardware support, use Pfsense for routing and pair it with one or more 802.11ac-capable access points to handle the wireless. Not only will you get better protection, you’ll get a faster Internet connection thanks to all that caching.
And the upside to Pfsense as opposed to any consumer router, and even aftermarket firmware like DD-WRT, is that you get updates more frequently.
Pfsense is definitely a tinkerer’s solution, but they did a really good job of balancing power with usability. I can’t recommend it enough, and I sure wish someone would just build a router on low-power x86 hardware based on this. Even if it cost $300, it would be worth it.