Hacker News new | past | comments | ask | show | jobs | submit login
LibreRouter: Powering community networks with free and open hardware (apnic.net)
290 points by xuande on Dec 19, 2018 | hide | past | favorite | 86 comments

I bought a libreCMC router [1] from Think Pinguin [2] years ago. The firmware is well maintained [3]. The IRC support has been excellent when needed. It is by no means a high end router, but I did not purchase it with that expectation to begin with. Overall, I have been super happy with it.

[1]: https://librecmc.org/

[2]: https://www.thinkpenguin.com/gnu-linux/librecmc-free-softwar...

[3]: https://gogs.librecmc.org/libreCMC/libreCMC/releases

I bought a libreCMC router [1] from Think Pinguin [2] years ago

This looks very cool, but do they sell a router with everything installed and ready to go? I don't see a "buy it now" button on their page.

I suspect there are a lot of people like me who are happy to buy this stuff but would like to have it ready to go, out of the box.

Hi jseliger,

The libreCMC router from Think Penguin did come ready to go out of the box. Of course I made a few tweaks. At the very least you will want to set a good passphrase.

Unfortunately I don't think the model that I purchased is still being sold. Think Penguin is now selling a newer model (Wireless-N Mini VPN Router (TPE-R1100)) with preconfigured vpn tunneling that is FSF certified [1]. Though I have not used that particular model, it is running the same libreCMC firmware :-). You can read more about their VPN service here [2], but I can't comment on it since I have never used it.


[2]: https://www.thinkpenguin.com/gnu-linux/penguinvpn-subscripti...


Seems the search string you were looking for is "buy think penguin router"...

Cool work being done here. I particularly like that it uses mini-PCIe cards as the 5Ghz antennas! [0]


I think that's more or less a Qualcomm reference design, and an old one at that. It's a little surprising that they went with a 2013 MIPS based SoC instead of ARM. The PCIe wireless cards are also a bit disappointing - QCA9582, which only does 802.11n. In theory, if the PCIe cards are really socketed, you could swap in a faster wireless card, but I suspect that the SoC wouldn't keep up.

I am a big believer these days in letting radios be radios - if you want a high capacity, relatively low cost 5.x GHz band PTP link, something like two ubnt AF5XHD radios and a pair of RF Elements Ultrahorn antennas. Put the routing intelligence and anything that requires a good amount of CPU and RAM in something dedicated to that purpose at each site, such as a Mikrotik RB3011 or RB4011 ($199).


Or a home-made hacked together x86-64 system running VyOS or FRR, if you want, which can be assembled for zero dollars in many cases. Or zero dollars plus the cost of a few Intel 1000BaseT NICs.

They're probably using 802.11n WiFi because all 802.11ac NICs require proprietary firmware, but Qualcomm-Atheros 802.11n hardware doesn't, and can be used just with fully open-source drivers.

I was fine with MIPS (which Ubiquity uses as well) until I found out that Linux/MIPS doesn't support ASLR/DEP. [1]

[1] https://cyber-itl.org/assets/papers/2018/Linux_MIPS_missing_...

It looks like the librerouter.org ssl certificate expired 15 minutes ago.

Correct. [1] Hopefully someone will email them.

[1] - https://www.ssllabs.com/ssltest/analyze.html?d=librerouter.o...

I sent them a message via their Contact page form.

They goofed their letsencrypt renew cron job.

Eh? "as the antennas"? That's not what that schematic shows, is it? AFAICT there's a PCIe connection to the NIC (Atheros QCA9582), which, as an 802.11 NIC, naturally has antennas.

Very broadly, in the same category as these, which is a single board computer with multiple minipci slots into which you can install 802.11n or 802.11ac based radio interface cards. Typically with 50 ohm coaxial u.fl connectors to coax pigtails going to external antennas.




Slightly different purpose, but it's a reminder that Omnia Turris exists: https://omnia.turris.cz/en/

100% Open hardware, comes with OpenWRT and it is easy to modify



The Turris is a luxury toy for rich techies to play around with. Librerouter is outdoor infrastructure for remote developing areas. Their purposes could not be more different and the only thing they have in common is that the both contain radios and run OpenWRT.

Does LibreRouter have pricing yet? I've never seen an open hardware product with competitive pricing (except maybe Arduino).

I jumped from a Turris Omnia to Unifi kit after the Turris broke during an update (sorry, I need my stuff to work all the time). Funnily enough I miss it, but the decision to use knot as the resolver is very, very strange. The Omnia is based on the Espressobin, which is also worth looking at.

I don't like that cz.nic decided to make something so different than vanilla OpenWRT. I use my Turris Omnia with vanilla OpenWRT and it kinda works. I still have an issue with /dev/urandom failing to return anything that I'm working on.

In general I don't understand why so many commercialized open source products end up forking an OSS project and then reinventing the wheel so much. The Turris folks wrote a lot of code and spent a lot of effort that they could have used to better the OpenWRT project and I don't really understand why.

I doubt I'll buy another product from cz.nic again.

> I don't like that cz.nic decided to make something so different than vanilla OpenWRT.

They said it so themselves. When TurrisOS was made (don't forget that it also runs on the older Turris routers), openWRT was stagnating (that was before LEDE came to life) and there were no clear indications on what it would happen.

The version 4 is going to be rebased on the latest OpenWRT, and for MOX a lot of things are being pushed upstream (so I'm being told).

Not affiliated with cz.nic in any way, but I am an Omnia owner.

Mine has worked almost flawlessly since I got it 2 years ago. I have not had a single problem that a simple reboot has not fixed. The only bad thing in the device was the thingies where you screw the antennas. In my router they were somehow loose and I had to open the router case to tighten them. Otherwise I could not have been happier that I bought mine.

The turris team actually started another kickstarter project last summer: https://mox.turris.cz/en/overview/ I instantly backed that project too. Not because I needed a new router, but because I have a soft spot for any Open Source / Open Hardware projects and I wanted to support them.

Having a diverse set of DNS software is a great thing, I'm not sure why you think that's strange. Why have every single router vulnerable to the next BIND bug?

BIND? Who still uses that? Its dnsmasq and unbound all over.

Bind is still very heavily used. Dnsmasq is popular in many of the container deployment models. I love Unbound, and hope that it gains more popularity. ISC (Bind) refuses to implement the min-ttl feature of Unbound. Unbound has better query (request and response) logging than Bind.

BIND 9.14 will have min-cache-ttl and min-ncache-ttl options


Oh wow, I wonder who convinced them to consider it. Nice!

> Who still uses that?

The top 100 largest ISPs in the world, as measured by CAIDA ASRANK.

Why is it strange for cznic to use a resolver they developed in their product? Does it have problems on that hardware?

It never broke for me, but my update config allows installing update a week after it was published, so I get probably more polished packages. Omnia also has command `schnapps` which allows to take snapshots of / and rollback system after failed updates/experiments.

I still have mine, but the software didn't support the IPv6 mode I needed (6rd) and ended up getting an ASUS RT-AC3200.

Turris supports ipv6 out of box, unless I misunderstood your comment?

When I tried, it supported IPv6 on static and some other modes, but not the 6RD mode, which ATT uses.

How is it open hardware if they're using an ARM CPU? I don't see a link anywhere to the open source firmware, but I'm admittedly on mobile.

Colloquially, schematics, board layout files, and the ability for the user to replace any firmware that the developer can is the bar for open hardware.

Here's their firmware: https://gitlab.labs.nic.cz/turris/openwrt

Also of note is the specific SoC used by the Omnia -- Marvell A385. It's a really neat chip that you can fully bring up not only without vendor binary blobs, but even using strictly the mainline versions of u-boot, and linux.



Is it really 100% open hardware? Did they release the design files yet? They did release them for older Turris products and placed them under Cern OHL [1], but last time I checked they did not do so for the Turris Omnia [2]. I was a bit disappointed about that, since they promised it to be open hardware during the crowdfunding.

[1] https://project.turris.cz/en/hardware-documentation

[2] https://forum.turris.cz/t/turris-omnia-hardware-documentatio...

I love it...is there something similar to this with specifications taken down a notch which would help decrease the price a little bit?

Did you tried it, is it worth it?

I've been using it for almost 3 years at home with domoticz, NAS, OpenVPN gateway for all clients at home, QoS and bandwidth splitter.

And funnily its from cznic while the op's router is from apnic.

Actually it's not apnic's, the blog is just writing about it. These are the people working on it: https://librerouter.org/team

Thanks, failed to notice that. Will need to come back later to their site though:

"librerouter.org uses an invalid security certificate. The certificate expired on 19. Dezember 2018, 18:11:42 GMT+1."

Ath9k is not going to win any performance awards anymore, but it is still pretty rock solid chipset and more importantly has afaik the very best foss drivers.

Bit odd that they are basing their firmware on OpenWrt 15.05, which is over three years old now. I guess flashing in 18.xx shouldn't be that hard

hi NicoEchániz here, project coordinator for the LibreRouter.

The current development version of LibreMesh[1], the LibreRouter firmware, is based on OpenWRT 18.06.1.

The soon to come first batch of production LibreRouter units will come with this version pre-installed.

[1] https://github.com/libremesh/lime-packages.git

These are cool and all, but here's a naive question. Where do these community networks connect to the internet at large? Wouldn't this violate some sort of ToS from the provider?

hi NicoEchániz here, project coordinator for the LibreRouter.

There are many different realities regarding the connectivity from a community network to the rest of the Internet. In the case of AlterMundi - the organization steering LibreRouter - , the communities that are connected in our region in Argentina are registered as a national non-profit operator, we have our own ASN and public IP ranges and we do BGP peering with other networks in the region.

So... no ToS violations.

Thank you very much for taking the time to explain that to me.

I am very interesting being the mesh handle then special access nodes that the BGP session has with other providers? do you use eBGP? iBGP?


In general, those ToS would likely be struck down under precedent. Additionally, it's bad news for an ISP to cut off their low-cost, ethical competition that will only help your cause. Source: I built the internet backbone for this: https://www.nycmesh.net/. If your city is on this list: https://en.wikipedia.org/wiki/Internet_exchange_point, you can buy data center internet like we did. It runs about $1,000/mo and can serve about as many people (by over-selling the bandwidth 20X as is standard in industry).

Depends on who you're buying from. In general, home/consumer usage is cheaper, less reliable, and comes with those restrictions compared to a business use.

So, basically some small, rural township would buy the access then share or several individuals would pool their funds and do it?


Either fibre or wireless link(s) to an upstream provider. Non-residential connections don't have the same sort of ToS that residential broadband does.

The cost of those links (or link) is then shared by the community wireless organization. So typically, subscribers pay a small monthly fee to join the mesh, which covers the cost of Internet connectivity and any other shared resources in the community network (ie. rooftop space for a central node, etc).

Production is about to start. Phase II is around the corner.

Contact us through the contact form at http://librerouter.org/contact if you wish to keep up to date with the project.

libremesh supports a few models:


ubnt's devices are not that expensive and may be the easy way out, unless you really want to do all the firmware testing, equipment in a water-proof enclosure etc. Plus this project is in lack of a web GUI to manage the nodes, you have to use CLI to do that, might be hard to find qualified IT workers in remote areas.

I also agree that point-to-point, or point-to-multipoint might be a better, simpler and more robust way to service the remote areas via wifi.

regular LibreMesh provides luci web admin interface.

The LibreRouter version of LibreMesh uses a simple UI[1] that has been tested in existing community networks managed by non-tech people.

The LiMe App provides a simple view of the node, neighbors and mesh status, it helps with antenna alignment, mapping and general diagnosis. This system will be coupled with the remote support platform currently in development under the LibreRouter Phase 2 project funded by Internet Society.

[1] https://github.com/libremesh/lime-app

Looks like their security certificate expired a few days ago.

thanks for noticing. will fix

I'm sure the 20,000 network users around the world tried "the easy way" before investing considerable time and resources into developing "the better way."


From a WISP point to multipoint radio perspective, pure mesh is a really bad idea (due to half duplex medium and CSMA hell).

I admire the internet research work that APNIC does but it looks to me like they're re-inventing the wheel here, versus mature and stable, relatively low cost commercial 5 GHz band point to multipoint radio platforms like the Ubiquiti Rocket5AC gen2 and its associated CPEs, Cambium PMP450/PMP450i, ePMP series, and the various 802.11n and 802.11ac based Mikrotik solutions for point-to-multipoint 802.11 based last mile. Or Mimosa's 802.11ac based 4x4 MIMO platforms.

If you want to have a community WISP that operates with purely open source software, and are willing to forgo running an OS you can mess with on the radio itself, there's nothing stopping you from doing all of your network management and backend operational software on purely GPL, BSD and Apache licensed software.

There are significant performance advantages to using a 'mature' commercial WISP PTMP radio platform, one example of which would be:

1) ubnt rocket 5ac gen2 radios

2) RF elements 30, 60 and 90 degree horn antennas

3) ubnt powerbeam AC ISO gen2 CPE radios.

The PDF spec sheet for this apnic thing shows that it's running on a 7-year-old 802.11n based chipset, functionally equivalent to 802.11n cards I could buy for Mikrotik routerboards in the year 2011, best possible modulation is 64QAM 5/6, while the current generation of PTMP radios mentioned above are all capable of 256QAM (much better bps/Hz in a given TDMA channel size like 20 or 40 MHz) and are 802.11ac or 802.11ac wave2 based.

One of the problems with mesh is that you end up with antennas that have very, very spread out RF patterns, because every node needs to talk to multiple neighbors. It ends up crapping all over the 5 GHz noise floor in a given area, and eventually becomes a CSMA nightmare. Whereas if you have a system with focused, shielded sector antennas for AP sites (or horns), and directional parabolic dishes for client antennas, you can scale to a much greater degree.

Dedicated purpose WISP PTMP AP radios like the Mimosa also adapt 802.11ac chipsets to the unique timing, timeslicing and TDMA contention problems of having many individual clients, with different RSL levels and modulations, at varying distances located many kilometres away from an AP site. Using an off the shelf 802.11n chipset will have significant performance issues. All major PTMP AP radios nowadays have a built in GPS receiver for the AP radio, and 'slave' the CPE radios to them to coordinate timing. This greatly increased the aggregate throughput (in Mbps) and capacity of a single AP radio and sector antenna. This means that you cannot connect a generic 802.11n or 802.11ac client such as a laptop or tablet to a ubnt airmax or mimosa gps-synced radio system, and that's an intentional part of the design.

If you want a mesh for resiliency, a common topology is to connect various AP sites together for backhaul purposes by dedicated point-to-point links (again with tight RF pattern parabolic dishes, or something like the rf elements ultrahorn, or licensed band radios), put a router at each POP, and form a "mesh" at layer 3 with common OSPF and BGP network topologies in a private AS.

Your half-duplex points literally do not apply to the librerouter. It has 2 separated 5Ghz radios and a separate 2.4 for local access.

Before you tell others how to build the network they already run, you might take 10 minutes to find out that they've managed to serve otherwise unconnected individuals and communities in remote parts of Argentina.

Sure, this isn't cutting edge tech, but it's cheap, scalable, and easy to upgrade. If you want to help these projects, you can find a 802.11ac chip with FOSS drivers. Until that happens, their hands our tied. Sorry not sorry.

I'm sorry but you're grossly mistaken, the very nature of 802.11n based radios is that an individual (typically 20 or 40 MHz wide) air channel is a half duplex medium. I'm talking about each individual radio in the unit. The multiple clients connected to each AP-functioning radio are sharing a half duplex medium. I'm well aware of the existence of 802.11 (abgn/ac) based radios that have multiple independent air interfaces in them.

You may wish to familiarize yourself with CSMA and listen-before-transmit issues, hidden node problems, etc in any half duplex air medium. I do this for a living.

It's completely disingenuous to say that because some single board computer with multiple minipci slots has multiple 2.4 and 5.8 GHz radios mounted to it, linked to different things over their 802.11n air medium, that it's a "full duplex" radio. A full duplex radio by industry definition is something like a FDD-LTE implementation for PtMP, or a point-to-point FDD radio such as in the licensed 6, 11, 18, 23, 71-86 GHz bands, in which a pair of radios listen and transmit in a high/low pair of totally separate channels, dedicated to traffic each direction.

I'm not telling people how to build their network. I'm sure this equipment is functional and providing service somewhere. I'm trying to prevent people in the year 2018 from chasing down dead ends of 8-year-old technology that will not be the most effective use of their time, effort and money.

Without disputing your points, I think it's probably a different focus that has driven the libremesh/librerouter approach.

They're aiming at price point that works for developing countries, as well as libre hardware/software.

That rules out eg. all -ac gear (I think?) and also probably means a developed-world commercial-grade PTMP solution is outside their budget as well.

One correction though: although the article is from APNIC, they don't "own" the project.

It really doesn't rule out all AC equipment, quite the opposite, mikrotik PTP and ptmp radios and small routers are wildly popular in developing nations like the Philippines, Pakistan and Nepal. People on very limited budgets do some highly creative things.

As I understand it, it's not the price that rules at -ac, it's the software licensing concerns.

On the point to multipoint problem, I think we thoroughly licked that last year (and in openwrt 17.01) and later, with: https://www.usenix.org/system/files/conference/atc17/atc17-h...

I look forward to seeing some more field results from that.

Indoor wifi is a very different thing from a ptmp AP radio that might have clients from 400m to 9km connected to it, at a variety of signal strengths and some with fresnel zone incursion. The GPS timing systems used in the radios I mentioned previously make a big difference. For wisp last mile stuff it's also possible to do things you wouldn't expect in a office or conference high density wifi setup, such as allocate 75% of the timeslices to traffic in the downstream direction, because that is the typical traffic pattern of residential singlehomed end users.

What's the use for these kinds of wireless networks? I've seen wireless networks in big campuses before and it's just a bunch of APs that sit on their own VLAN that talk back to a controller sitting a telco closet somewhere else. They just plug into the wall so the only wireless part is the connection between the user and the AP but these kinds of things seem like they are meant for a different use case.

Rural broadband, primarily. Places where there is no DOCSIS3/3.1 coax cable, beyond any reasonable copper loop length for ADSL2+ or VDSL2 over old POTS phone wiring, and the only other option is a small satellite terminal. There's hundreds of WISPs all over the US operating in their own little pockets of service area. Rural parts of eastern Oregon and nothern Idaho for instance.

High degree of venn diagram overlap with the same customer market for the SpaceX Starlink system if it does become a concrete reality.

Since you have experience with WISP, I’m personally curious, for communities that are poor, but have low labor costs at certain points of the year, would a fiber backbone be viable?

I mean if labor for wiring was free, and you only have to pay for equipment and to configure the equipment, would it be worth it?

Although I think the communities would be grateful for just 200 kilobyte/s reliable internet on sunny days.

Define "poor"?

The lowest cost per km for FTTH (whether GPON based or active-ethernet) is 100% aerial on wood utility poles. Or in a developing nation environment, on the low rise height steel lattice tower utility poles that are used for the last mile electrical grid in cities like Lahore or Dhaka.

If I had a literally unlimited supply of labor to dig trenches and install cable, sure i could do underground FTTH at low cost. But manual labor to do cut and cover trenching, even with direct burial fiber, is going to be REALLY slow. What scale/size of project are you imagining?

Ideally all the unemployed males during the dry season would volunteer for the sake of their community. So maybe a few dozen men running fiber in a region where power is provided by local generators, solar panels, and fuel oil trucks.

So, the infrastructure isn’t even there, and the central government doesn’t care about any road side construction.

You would need literally hundreds of people with shovels and pickaxes to equal the meters-day of a tracked trenching machine digging a one meter depth trench...

May not even need a meter. A foot deep could be sufficient.

PFsense on a PC Engines APU is a good alternative for now if anyone is looking for something today.

The purpose of the LibreRouter is to bring to the hardware side what we have accomplished on the software side with LibreMesh. AlterMundi and other partner organizations help build technologies for "geek free" community networks.

General purpose hardware can always be adapted if you have the skills and the money to spend on your project. We work from the global south with global south realities in mind.

A LibreRouter node, with outdoor casing, three sector antennas, GPS module, pigtails, etc. will cost around $150 and will be ready to deploy by non-expert users following simple instructions.

Oh I didn't mean that as a jab to the work being done.

More so to start a discussion on what can be done in the home today instead of a completely proprietary router.

I will be keeping my eye on this project for WWAN or site to site applications.

Thank you for the good work.


check out ALIX routers based on AMD APU. I have a few running arch doing double-duty as wired/wireless routers and fileservers:


Perhaps I missed it, but did anyone see the range for these routers?

Hi, NicoEchániz, from the LibreRouter team here.

The routers have been tested to work over 3Km links in existing mesh network deployments with very good performance.

Depending on the antennas you use range can be much more, but the LibreRouter is specifically designed for a Mesh setup where links tend to be < 3Km.

Feel free to correct me, but from memory they would be forced to stay within the <100mw range to comply with FCC in most parts of the world but with a directional antenna in both directions you can achive kms as long as no obsticles are presented.

Are you missing a 0? I thought the FCC limited it to less than 1000mW.

So is this still susceptible to throw hammer attacks?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact