Using Linux box as default gateway instead of router

  MikeTimberlake 12:36 02 Apr 2014

My situation is this.

I subscribe to a VPN service. The VPN client currently runs on my router, running DD-WRT, The problem with this is that my router is not very powerful, and my VPN provider uses strong encryption, so my bandwidth over VPN is limited by the router's weak CPU.

I'm on the verge of replacing the router, but I know there is a better way to achieve what I want, without shelling out for yet more hardware that itself will become redundant in the near future when bandwidth increases.

I also have a linux server running 24/7 here at home. Currently running Open Media Vault (Debian based), but soon to be upgraded to pure Debian 7. This server has a Celeron G550T CPU.

I believe it should be possible to set my linux server as the default internet gateway, so I can run the VPN client on there, and route all internet traffic through there instead of through the router, so the router would act only as a wifi access point. Is this possible? If so:

  1. how should I configure the linux server?
  2. how should I configure the router?
  3. what physical configuration would I need?

In terms of the physical configuration am I right to believe that I would need to add an extra LAN port to the linux server. If so, would a USB->LAN adapter be good enough? The linux server is ITX based, and its one PCI slot is currently taken by a SATA adapter.

Assuming I do need 2 LAN ports on the server, would one be connected to the local network, and the other to the cable modem? If so, I guess that cable needs to come directly from the modem, and cannot be routed through a switch? I ask this because my partner is already unhappy enough about the cable that snakes around the room to reach the server, and 2 would be unacceptable to her :(

Here is a graphic showing a basic conceptual diagram here:


Lastly, I've considered installing pfsense on an old laptop, and ditching the router altogether, but then wifi would be the problem, right? I mean, the laptop has wifi, but I guess it wouldn't be sufficiently powerful, both in terms of signal strength and bandwidth, as the laptop is about 5 years old. So then I'd still somehow need the router to be the wifi access point. Also, running this laptop 24/7 is only going to increase my electricity bills, which I'm trying to reduce.

Lastly I should say that my linux server will soon possibly also be my HTPC (XBMC). I'd rather not combine them, but I want to reduce the number of machines in our rather small flat. CPU power isn't a problem, but combining so many services onto one machine seems to me to be asking for trouble. I mean, if the machine needs to be rebooted I lose everything at once, whereas at the moment, router, HTPC and server are all separate devices, so problems are kept separate.

What would YOU do in my situation? Simply get a better router, and keep things simple?

My understanding of linux networking is not very strong. I've googled this subject but cannot find anything that makes enough sense to me to get started. At least some advice about whether what I want to do is feasible or not would be a great help :)

  LastChip 23:38 17 Apr 2014

pfsense is awesome, but it needs a bit of learning.

You need as a minimum a WAN port and LAN port, but a DMZ is also a good move. So does your laptop have two wired network interfaces? I doubt it.

I'm not sure how you could use pfsense on a Debian box. pfsense is a Freebsd based system in its own right. You can integrate a wireless card into pfsense.

How do you connect to the Internet? Is it PPPoE? If it is, you need a method of initiating the connection and passing your log-in credentials. It's not just about ports. How are you going to initiate a firewall? Maybe use Shorewall in Debian, but then you need to integrate the whole lot together - not for the faint hearted!

If you've just a cable modem, it just modulates packets to pass them down the line. In most cases of itself, it won't connect you to your ISP, so you probably need a router to carry out that function. Even if it uses a MAC address to identify you, you still need the ability to spoof the MAC address or re-register it.

In essence, I think your plan is flawed and it's not something I would attempt. The pfsense developers are high level and extremely talented and have probably spent hundreds of thousands of hours developing their solution. Can you hand on heart say you could match them? By your own admission, your Linux networking knowledge is "not very strong".

I've just initiated a new pfsense installation and it goes like this:

Cable modem --> pfsense box --> gigabit managed switch --> local network

and via the DMZ:

Cable modem --> pfsense box --> DMZ --> gigabit switch --> server(s).

I'm afraid you just have to grin and bear the power costs.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?