ESPRESSO-hole: ESPRESSObin-based personal router with ad blocking.
This project was born as a solution to a set of requirements for a home box/router.
- gigabit router
- several (>2) ethernet ports
- external disk storage for server/media
- linux supported
- some USB ports
Network wish list:
- PI-HOLE ad-blocker
- traffic redirected through VPN
- WIFI access point
- media server
The ESPRESSObin is provided without power supply or case. I'm using an old router power supply, and a 3D printed case. An SSD disk -to reduce noise- is installed using the SATA connector, and WiFi capabilities are enabled using a WiFi dongle.
The ESPRESSObin supports an external drive through a SATA connector. However, in v5 of the board the power connector is a molex-type connector (in v7 this has been replaced by a proper SATA power connector). An adaptor to SATA power can be easily done, and no soldering habilities are required.
For wireless connection a USB WiFi dongle based on RT5370. Notice that not any dongle will work, or will be able to work in AP mode.
3D printed case
The ESPRESSObin comes without a case. A number of slutions are available, I specially like this one. The STL file provided includes the two parts together, so I provide a folder with two separated parts.
The case is designed with room for a 25mm fan like this one. On normal operation I find the fan too noisy and temperature levels have never been dangerous without the fan.
The ESPRESSObin is fully supported by ARMBIAN. Installation can be done easily as explained here. The installation process can be controlled from a USB serial connection to a host computer running kermit using this config file.
The plan is to have an ESPRESSObin routing all the network traffic. The ESPRESSObin has 3 ethernet ports. A
wan device is connected to the router, and two other devices
lan1 serve home traffic. The pi-hole is going to be in charge of serving DNS and DHCP, after segmentation of the home network.
An additional port
wlan0 is used by the WiFi dongle. These 3 inside ports
wlan0 are grouped in a bridge device. The router subnet
126.96.36.199 will be visible through
wan device set at
192.168.0.2 fixed IP. The home network is now
192.168.22.0 and the bridge address is set to
The network is configured using
iface wan inet static address 192.168.0.2 netmask 255.255.255.0 network 192.168.0.0 gateway 192.168.0.1 iface br0 inet static bridge_ports wlan0 lan0 lan1 address 192.168.22.1 netmask 255.255.255.0 network 192.168.22.0
To reroute traffic from
wan we have to forward the traffic:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
In case we set up a VPN connection from the ESPRESSObin, the device name has to be replaced in the iptables entry, i.e. with a
tun0 device on the VPN:
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
The PI-HOLE will take charge of virtually all inner network configuration. Any device getting DHCP configuration from the ESPRESSObin will have unwanted traffic blocked :)
Two important configuration fields have to be set in the pi-hole installer. The device used by the pi-hole is
br0 from the list. Also, the gateway used to route traffic to the internet is the router gateway
Wireless AP service
The WiFi dongle creates a Wireless network using Hostapd. The network properties are defined in
ssid=ARMBIAN interface=wlan0 hw_mode=g channel=1 bridge=br0 driver=nl80211 ignore_broadcast_ssid=0 wmm_enabled=1 wpa=2 preamble=1 wpa_psk=******** wpa_passphrase=******** wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0
Uploading some files to the ESPRESSObin and installing PLEX turns this box into a media server with web interface. Other options tested (i.e. OpenMediaVault) were not so compatible with other devices -TV or network speakers- running at home.