A couple of years ago, I embarked on a journey to procure the best home router I could reasonably afford. At the time I was using a TP-LINK TL-WR1043ND v1 running OpenWRT Barrier Breaker. While this is a fine home router and was affordable but still pretty powerful for it's time, it was not quite adequate for what I saw to be my needs for the future.
I started looking at routers that had the capability to use mini-PCIe to allow for future expansion and new wireless technologies. There are only a few out there and they were all quite expensive. Additionally, they weren't significantly more powerful than the TL-WR1043ND. I was then intrigued by an Indiegogo Campain by a small ISP/router maker in Europe called Turris. They were attempting to raise funds for a fully open-source OpenWRT capable router called the Omnia. It would run a relatively modern ARM processor with 1GB RAM and have three mini-PCIe slots.
After doing as much research as I could about the company and the router they were offering, I decided to pull the trigger and purchase the "perk" for the complete router (you could get it as just a board, or with no case, etc). There were other "perk"s offered as the campaing gained momentum, such as a NAS box with a mini-PCIe card with 3 SATA ports and storage for 3 hard drives. The additional "perk" I chose was to upgrade the RAM to 2GB. My long experience with computers of all sorts tells me you can never have enough RAM, especially if you want to keep things for a while.
It took them nearly a year to finish the project and start shipping the routers. Some folks have also had frustrations with the software and there were some issues with loose screws in the case, but from my view, this is nearly the perfect router for me. I love to tinker with software and hardware and this project affords me the ability to do both. It has allowed me to customize the way it runs to an astonishing degree with relatively little effort.
This brings me back to the title of this article, Home Network Security. I was hoping for the ability to mirror the network traffic to one of the interfaces but that hasn't been built in to the base software yet. Having a mirror port would allow me to watch all the traffic and analyze it using something like Security Onion. In the mean time they have made Suricata available as a native package but there is no associated relatively easy management included. That also means there is no easy way to view the data within the Omina. Not being terribly interested in learning how to parse json (Suricata outputs a file called eve.json), I cast about for easy to use solutions.
In the next series of articles, I will go through my process of exporting the Suricata logs to my main server and setting up an LXC container so I could run an ELKS instance to analyze the logs.