Please excuse my late reply.I am network engineer (Cisco and Juniper big routers/switches) and I recently did a review of about eight router-type Linux/BSD distros, all run under KVM on a virtual test network. I also recently started contributing some code to LEDE (OpenWRT). I do router-y/switch-y kinds of things on a daily basis.
I found that almost all of these router distros pretty much suck. The web UIs were not functional/practical and they often had web UIs that looked like they were straight out of the 90s. I'm not talking about minimalism -- I'm talking about bad design and poor judgement.
PFsense was overwhelmingly the best and was the only one that I had a positive opinion on or would otherwise consider using in a business environment. It's FreeBSD based.
Untangle is Debian based but it's basically for-profit garbage that has confused a router with an iPhone.
Endian was interesting but also locks you out of some features unless you buy a support contract. Might be as good as PFsense some day if they keep trying, but I doubt it. Also Debian based I think.
IPfire, IPcop, and Shorewall all looked like they ten years old and there was obvious missing functionality in the web UI. They looked more like weekend projects than anything professional like PFsense.
When it comes to router-web-UI distros, the only thing I could recommend was was PFSense. Everything else was disappointing.
That being said, a regular old Debian box would make a fine router if you are a command-line oriented person. There is plenty of ITX-sized and smaller hardware out there to meet your needs. This seems to be the way you were headed anyhow.
It should be noted that Ubiquiti firewall/routers are Debian based and drop you right into a bash shell. They are worth looking at. Their web-UI isn't bad either, but it doesn't have feature-parity with command line yet (maybe never will). I would highly recommend any network engineer to pick up their little $50 ERX to play with.
As several people have already mentioned PCEngines boards are awesome and I think they even have models that have a SFP for optical.
Good luck! Come back and share what you get and how you feel about it. On 11/23/2016 06:54 AM, Daniel Pocock wrote:
My ISP is upgrading my connection to gigabit on Friday and I suspect my current router may struggle with it. My existing router runs OpenWRT but I've found the firewall and IPsec setup is a little bit constrained in that environment and it is tempting to move to a router running a full OS. I've seen a lot of discussions about making DIY routers running a free OS like Debian, FreeBSD or OpenBSD and I was tempted to go with something like that running Shorewall, strongSwan, DHCP and DNS. Maybe it will also do wifi or maybe the existing router will be a bridge to wifi. Can anybody share any comments or links about this topic? - quiet (fanless), low-power and low cost hardware suitable for Gigabit routing and maybe use as a NAS too. It would also be useful to have fibre support in the router and avoid using a media convertor. - are there any live builds or other out-of-the-box solutions that address this use case particularly well? - any blogs or other articles that provide a good example of how other people already did this? One particular concern for me is minimizing the number of components. I've got a media convertor and fibre transceiver already, but that has its own plug-pack PSU and those are all extra things that can fail at some random moment in the future. Having a self-contained solution without a bunch of plug-pack PSUs would hopefully be easier to support and make less clutter. Regards, Daniel