I've built my own 4G/LTE routers/firewalls from widely available components for quite some time now. For example, for the 4G/LTE modem part, I use mini-PCIe modems (that use only USB 2.0 and the SIM connector signals) like Huawei 909s-120 and Mikrotik R11e-LTE. Although you can find a lot of "USB-WWAN" adapters (USB connector, a SIM card socket, and a mini-PCIe socket for such a modem), I tried half a dozen ones (all with various VCC supply and heating issues), until I found ADT-Link WS17, which works perfectly without excess heating. For rural environments, you may wish to up the VCC from the default up to 3.8V (by replacing one SMD resistor), to get better radio power without increasing the current overmuch. For USB 3 LTE modems (the ones I use are all USB 2.0), one must use ADT-Link WS18 instead. ADT-Link (
adt.link) also sells at AliExpress (
store); I've used the AliExpress store for simplicity (as they handle customs and VAT then). Note that ADT-Link's documentation on these includes the schematics; this was a huge plus for me.
For the router itself, on the cheaper end, you have Mikrotik
RPM33G,
NanoPi R3S,
Radxa Rock 3B; on the more expensive end boards like
Radxa E25,
Rock 5 ITX, ITX+, and 5 T,
NanoPi R6S,
NanoPC T6, and so on. These are only the ones I can recommend, although haven't used all of them myself. Essentially, you'll want at minimum OpenWRT (or FriendlyWRT, an open-source variant/configuration with FriendlyElec additions including eMMC stuff) and/or pfSense/opnSense support, although I prefer Debian support; and
not a forked Linux/FreeBSD distribution or an "SDK", for long-term maintenance reasons. Note that while there are perfectly good, even industrial quality routers and modems like various Teltonika models, I'm only describing self-extensible, modifiable stuff here.
One of my own use cases is above the Arctic Circle, with only 4G connectivity, to have a router with both normal interwebs use, but also reverse access to locally recorded security cams, without relying on cloud control, with good enough firewall protection. For practical reasons, this requires an LTE/4G firewall/router with at least two GbE wired ethernet connectors (as I keep the two networks physically separated for practical reasons), and a dyndns-like solution for "publishing" the firewall IP address, preferably to my own public server. As I'm rarely there myself, it has to be quite robust. I've maintained servers online for almost three decades now, the kind that is often under constant script-based attacks, so I'm quite keen to keep it secure, too. On my workstations I use stuff like Fail2Ban to drop the annoyance that is script probing; for the cam access, I've decided to shift to OpenVPN, which itself requires quite some computing power from the router/firewall (as I don't want the extra load on the cam storage server, but also don't want too much separate hardware, mostly to keep costs down).
For home stuff, Mikrotik RBM33G, although aging now, is a very interesting option because of its low cost and support for two 4G/LTE mini-PCIe modems, assuming
OpenWRT use. If you have two physically separate service providers in access range, you can have very cost-effective failover that way. And its IPsec speeds (in case you want to support OpenVPN into the home network) suffice for a couple of simultaneous users, too. It also has a M.2 M-key slot in 2242 size for NVMe SSD; I use a Kioxia 128G one in 2230 size with a 3D-printed hold-down tab.
Home
Help
Search
Login
Register
