Integrated portable network appliance

Above: front and back of the complete system. No banana for scale, unfortunately.

Motivation

In short: I want to have a "network in a box" that can be taken anywhere.

I usually bring several devices with me when traveling. At minimum I would have a computer and a smartphone; sometimes more than one of each, plus tablets, portable gaming consoles, etc. It's convenient to be able to create my own wireless network at the destination so I don't have to configure each device individually (and sometimes pay for internet on each device). For that, I bought a TP-Link TL-WR703N travel router and installed OpenWRT on it. It's extremely small and works fine as a wireless router. However, OpenWRT enables a lot of fancier features that the WR703N is simply too weak to run. For example, if a couple of stunnel sessions are active, the CPU simply hangs for a few seconds, then the watchdog timer kicks in and resets the router.

So, as a step up, I would like to find some system that ideally:

• is small and portable, preferably no bigger than the usual consumer wireless router;
• acts as NAT router, firewall and wireless access point (dual band);
• provides NAS for the local network with as large capacity as possible;
  • preferably has encrypted storage, so that in case the system is stolen the thief can't recover my data;
• provides a VPN tunnel back to mother base so all my devices can easily access servers back at home;
• runs any other random services I may want, such as stunnel, tor, obfsproxy, etc.

Selecting the Base Platform

From the feature list, these hardware specifications are desired:

• At least 2 Ethernet interfaces for WAN and LAN
• At least 2 WiFi radios that are suitable for master mode, for 2.4GHz and 5GHz band
  • ... and enough antennas for the radios
• Has hard drive bay(s)
  • Preferably separate storage for OS and data
• Has a reasonably powerful CPU
• Supports flexible operating systems like generic Linux distros instead of specialized ones

Builds with normal Mini ITX motherboards and cases such as the Antec ISK110 or the M350 enclosure would be way too big for this purpose: they occupy a significant portion of carry-on luggage space. Going smaller, there are various embedded systems, "book-sized" PCs, and the likes. These systems are usually limited in expansion options, and finding one that meets all conditions above is pretty difficult. Of course, some missing features can be tacked on via external USB devices, but that's just plain messy.

The hardware I ended up using for this project is a Jetway JBC320U93 system, a fanless NUC with Celeron N2930 CPU, 2 Intel gigabit Ethernet ports, a half-size mini-PCIe slot, a full-size mSATA slot, a 2.5 inch hard drive bay, and 2 antenna connectors on the back panel. Its dimensions are 116 * 110 * 65 mm, typical size for a "tall" NUC.

Some other pieces of hardware that may be of interest for a project like this:

After I bought my NUC, Jetway added the JBC375F533 barebones embedded system to their website. It is a fanless 3.5 inch SBC kit that has a Celeron J1900 CPU, 4 Intel I211 gigabit Ethernet ports, 2 full-size mini-PCIe slots plus a full-size mini-PCIe/mSATA slot, a 2.5 inch hard drive bay, and 4 antenna holes on the casing, and the entire system measures only 185 (W) * 142 (D) * 48 (H) mm. This actually looks perfect for the purpose, because it can fit all hardware components I want without any modification. However, it still doesn't seem to be available for order from anywhere consumer-oriented. (It's probably possible to order directly from Jetway.)

Zotac has quite a few small form factor systems with dual Ethernet ports. For NUCs they have the Atom-powered CI321, CI323 and others with more powerful CPUs. Their main weakness is only having one external antenna, and having an 2.5 inch HDD bay as the only storage option, so data and OS must reside on the same drive. (Most likely the Ethernet chipset is Realtek.) They also have book-sized barebone systems with dual Ethernet.

Netgate has many small router platforms that come equipped with 2 or more Ethernet interfaces plus mini-PCIe slots for wireless, but no 2.5 inch hard drive bay.

Selecting Hardware Components

The basics are simple. A stick of 4GB DDR3L SODIMM memory, a small mSATA SSD for the operating system, and a 2TB 2.5 inch hard drive for bulk storage can be installed easily.

The Jetway NUC came with an AzureWave AW-NB159H WiFi card intended for its half-height mPCIe slot. It gets tossed aside because it's based on Realtek's RTL8723BE chipset, which is 2.4GHz single band and does not have the best Linux open-source driver support. An Atheros AR5BHB116 is installed into the NUC instead. This card sports the Atheros AR9382 chipset, which is dual-band 802.11abgn, and supported by the excellent ath9k open-source driver in Linux. Similar ath9k cards are cheap and plentiful on eBay, making them great choices for building your own access point. Both RP-SMA antenna connectors on the back panel are connected to this card, and a pair of dual-band antennas complete the 5GHz radio part of this build.

What about the 2.4GHz radio? There's no PCIe ports or antenna mounts left. For a while I used a couple of AzureWave AW-NU150 USB dongles also bought from eBay. These dongles also use Atheros chips (AR9271), and are supported by the ath9k_htc open-source driver in Linux. They do have limitations though. For one thing, they are pretty small, but not small enough (like Logitech's nano receivers). They protrude about 1cm from the USB port, and I do fear they might snap in half if I leave them plugged in while in transport. For another, there's a firmware limitation that restricts the maximum number of connected clients to 8 while operating in master mode.

After scouring eBay for even smaller USB dongles that have chipsets supporting master mode in Linux and coming up empty-handed, I had to resort to modding.

Modding the Hardware

Even though the Jetway NUC doesn't have any more miniPCIe slots, it does have internal USB 2.0 headers. So I bought a RT3070 USB WiFi module from eBay. RT3070 uses the rt2800usb driver, which also has excellent support for master mode. I cut off the full-size USB port on the provided cable and soldered on 2mm female headers that plugs into the Jetway board.

The module requires a u.fl antenna connection. The NUC's back panel is already crowded, but there's still a spot on the front panel that has enough clearance on the inside to allow an RP-SMA pigtail, so I drilled a hole in the aluminum panel and installed the pigtail there. Then I wrapped the module in kapton tape to avoid shorting, and taped it to the same panel.

Looks pretty nice on the outside, like it came out of the factory that way, if I may say so myself.

Choosing Software

I installed Arch Linux on the mSATA SSD. Usually, a bleeding edge distribution like Arch is not considered suitable for a server role that values stability, but I wanted to use btrfs for storage, and that is a bleeding edge feature best used with the latest kernel.

Speaking of the kernel, it is necessary to patch the ath9k kernel modules in order to enable master mode on the 5GHz band for the consumer WiFi card used here. Probably won't have to do that if you use a "proper" card designed for APs.

All other software are fairly standard. hostapd for setting up WiFi access points on both radios, shorewall for routing and firewalling, openvpn for VPN tunnel back to mother base, btrfs on top of LUKS for bulk storage, samba for file sharing.

Deployment

So how does it work?

Wonderfully. I took it on a trip recently, and it carried out its duties very well.

Being fanless, the system does get warm. It usually settles around 45 degrees celsius, which could be slightly detrimental to the hard drive's health, so perhaps a USB-powered fan blowing at the case would be a good idea.