After some consideration, I’ve decided to replace my consumer router at home with an OpnSense box I control, and use the consumer router as just an access point. The model I have doesn’t seem to support OpenWrt but the default firmware supports access point mode complete with mesh functionality, otherwise I would have just installed OpenWrt on it. I still like the consumer router’s mesh Wi-Fi capabilities, especially the wireless range extender, but don’t trust it enough to let it be the actual root device separating my home network from the open internet. My reasoning is that by having it behind the OpnSense router, I can monitor and detect if it’s exfiltrating any “analytics” data and block them. Worst case scenario I realize it’s too noisy with the analytics and buy a proper business grade access point, or an M.2 Wi-Fi 6 card with some beefy antennas.
Now I’m trying to decide if I should use one of my old mini PCs or if I should get a brand new one with an up to date processor and microcode. The biggest reason I don’t want the consumer router to be the root device anymore is because I don’t know how well they patch their firmware against attackers constantly scanning the internet for vulnerable devices. I imagine an open source router OS with tons of eyes on it and used by actual professionals would inherently be more secure than whatever proprietary cost cut consumer firmware my current router has. I’ve already picked out a suitable mini PC I’m not using and the reason I even started down this rabbit hole is because I have it, but after thinking more about it, I’m worried that whatever security I gain might be undermined by the underlying hardware being old and outdated, especially since the processor is definitely pre Spectre/Meltdown and I doubt it’s still getting microcode or firmware updates.
Again, the reason I ask is because the internet really wants me to think old disused computers are perfect for converting into routers, and I really don’t want to buy a new computer if I don’t have to. How important is the hardware for a router? Can I expect OpnSense to have sufficient security on pretty much any hardware or will a sufficiently old computer completely defeat the purpose of even switching away from the consumer router?
Alternatively, I also have another mini PC with a Ryzen 5 from 2020, and I can reposition it from its current job to router duty, though it would definitely be overkill and wasting the hardware capabilities. Would that be substantially more secure than an older Intel processor?
I also have a Raspberry Pi 4 I can put OpenWrt on, would that somehow be more secure than an x64 computer?
You’re getting bad advice.
If you don’t expect to actually be shuffling packets back and forth or doing any kind of quality of service or vpn or really anything then the pi will be the better choice just barely because of its super low power consumption at idle. In that situation you would be at idle enough to actually justify using the pi. It would suck in the same way that using a pi for stuff usually sucks but you could justify it maybe.
If you plan to have a bunch of hosted stuff, a seedbox, qos, manage vpn connections and especially upgrade your lan to 1gb + later on down the line, the mini pc will actually be more efficient per cycle. In that circumstance you’d be at idle less, and the mini pcs more powerful processor, wider bus and expandability would make it less of a bottleneck presently and down the road.
Risc CPUs like the arm in the raspberry pi are really good at not doing anything, or doing a really small subset of things (it’s in the name!), but x86 is great at doing some stuff and being able to do a wide variety of stuff with its big instruction set. If you raise an eyebrow at my claim, consider that before gpus were the main way to do math in a data center it was x86. If the people who literally count every fraction of a watt of power consumption as billable time think it’s most efficient it probably is!
With ~08+ CPUs ability to turn cores and functions off at the clock tree and communicate back and forth with the os to orchestrate and coordinate it, there’s not as much daylight between the power usage of a pi and a mini pcs as some of these comments might make you think.
The long and the short of it is that you’ll most likely have a better time using the mini pc than the pi and claims that it’ll bankrupt you with power bills are greatly exaggerated.
In terms of privacy, I’d go for the mini pc. All your packages are most likely going to be open source, but the x86 stuff gets more scrutiny and isn’t as “magic blobby” as the arm world is.
Source: I have used over twenty different pi variants including knockoffs, wrote for microcontrollers before they were called sbcs, host a bunch of services on x86 which are monitored for their power usage using a power distribution controller by my lovely wife who keeps an eagle eye on the bills and I literally registered an account because people were telling you the wrong thing on the internet.
If you wanna verify that for yourself, get a cheap plug em in power meter and try both units running the package you choose under some artificial load like managing qos between a device streaming 4k and one torrenting 50 different Linux isos.