mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linuxrouter/FUNDRAISING.md
Matthew Grotke 47b0e98e31 Development
2026-06-05 21:28:05 -04:00

182 lines
9.8 KiB
Markdown
Raw Blame History

# Routlin Kickstarter Fundraising Goals
Routlin is a home router management platform built to give home users and small offices the kind of network control typically reserved for enterprise equipment. This document outlines what a fundraising campaign would go toward and why each item matters for the project.
---
## Goal 1: Dedicated Testing and Integration Server
**Purpose:** Test changes against varying network environments.
Currently, I use my own PC for 100% of development and testing. In order to do proper testing, I need a dedicated server. This would allow:
- Trying out a wide variety of network configurations without affecting my home network.
- Running the software on different distros to test the install/uninstall capabilities on different platforms and package managers.
- Running changes in isolation before deploying to production.
- Reproducing bugs without affecting connected devices.
- Running unit and integration tests.
Realistiaclly I'd also like to get a ARM-based device with two ethernet ports that would be suitible for running as a router because I know many people would want that setup due to low-power and low-noise. Example hardware I'd be interested in obtaining would be NanoPi R5S/R6S and Rasberry Pi with a 2nd ethernet expansion.
---
## Goal 2: Second ISP Connection
**Purpose:** This is network software. A real WAN connection is required to test DHCP client behavior, failover, DDNS, firewall rules against live traffic, and VPN tunnels. Every time I test features or try to repoduce bugs, I risk losing my home internet connection, which makes troubleshooting and resolving very annoying and difficult. Luckily, multiple ISPs are available in my neighborhood, so I could get a 2nd connection dedicated to testing! But I need funding to pay for a 2nd one.
A second ISP provides:
- A dedicated WAN for the test network, completely isolated from my home network.
- The ability to test dual-WAN and failover scenarios.
- Safe environment for testing a wide variety of configurations without disrupting my primary connection.
---
## Goal 3: Assortment of Network Equipment (Switches and Access Points)
**Purpose:** This is one of the most important goals. I currently use a Unifi switch and Unifi access points for 100% of testing and development. I've already noticed several "quirks" with Unifi, especially relating to RADIUS, 802.1X, and VLAN tagging. I expect different vendors will have subtly different quirks as well.
Funding would go toward acquiring equipment from additional vendors, including:
- **Managed switches:** Cisco (SG series), Netgear (Plus/Pro), TP-Link (Omada), MikroTik (in bridge mode), Aruba (Instant On).
- **Unmanaged switch:** A consumer-grade unmanaged switch to test on, which will not have certain capabilities such as VLAN tagging, 802.1X port authentication, or RADIUS-based dynamic VLAN assignment - ensuring Routlin degrades gracefully when advanced switching features are unavailable.
- **Wireless access points:** TP-Link Omada, Aruba Instant On, MikroTik, OpenWrt-compatible hardware
- **Budget/prosumer gear** that home users are likely to own
Each vendor has its own implementation of WPA-Enterprise, MAC-based 802.1X, VLAN assignment via RADIUS attributes, and huntgroup behavior. Testing against a realistic cross-section of hardware is the only way to ensure Routlin works reliably for users who do not own Unifi equipment.
---
## Goal 4: Router Hardware Targets
**Purpose:** Routlin runs on the router itself. Different hardware platforms have different constraints, driver availability, and performance characteristics.
Target hardware for testing:
- **x86 mini PC** (e.g. Protectli, Topton N100) - most capable, common for dedicated router builds
- **Raspberry Pi 4/5** - popular ARM SBC, limited NIC options, different network stack behavior
- **Additional ARM SBCs** (e.g. Orange Pi, Banana Pi) - lower-cost targets common outside North America
---
## Goal 5: Development Time
**Purpose:** The largest real cost of advancing this project is sustained developer time to implement new features, test, fix bugs, and respond to user feedback.
A successful campaign would allow meaningful blocks of development time to be dedicated to Routlin rather than worked around other obligations.
---
## Routlin Pro: Paid License Features
Routlin Pro is a paid license tier planned for future development. Early Kickstarter backers will receive a Routlin Pro license as an investment incentive.
The core Routlin software will always remain free for individual use. Pro features are advanced capabilities that require ongoing maintenance, threat database subscriptions, and significant development investment to build and sustain.
---
### Pro Feature 1: Deep Packet Inspection (DPI) and Device Identification
Routlin Pro will analyze traffic at the packet level to identify:
- **Device categories** - automatically classify connected devices (phones, laptops, smart TVs, IoT sensors, gaming consoles) based on traffic fingerprints
- **Traffic categories** - identify streaming, gaming, P2P, VoIP, cloud backup, and other traffic types in real time
- **Per-device usage breakdowns** - see what each device on the network is actually doing
This data surfaces in a Security Insights dashboard and feeds into traffic rules, allowing administrators to block or rate-limit specific applications for specific devices or device categories.
---
### Pro Feature 2: Intrusion Detection and Prevention (IDS/IPS)
Routlin Pro will monitor all network traffic for known threat signatures using DPI across multiple network layers:
- **IDS mode** - monitors and alerts on suspicious activity without blocking
- **IPS mode** - automatically blocks detected threats in real time
- Generates a log of alerts with details on the source, destination, and matched signature
- Signature database updated regularly; an optional extended subscription provides access to a broader commercial threat database
---
### Pro Feature 3: SSL/TLS Traffic Inspection
Routlin Pro will support intercepting and inspecting encrypted HTTPS traffic for security monitoring and content filtering:
- Performs SSL/TLS decryption, analyzes packet contents, then re-encrypts using the gateway's own certificate
- Configurable by traffic category or specific domains - inspect everything or only targeted categories
- Supports a high number of concurrent sessions suitable for home and small office environments
- Requires the gateway certificate to be installed on client devices for transparent operation
This enables security features (IDS/IPS, anomaly detection) to operate on traffic that would otherwise be opaque.
---
### Pro Feature 4: Traffic Flows (Session Logging)
Routlin Pro will provide detailed logs of every network session passing through the router:
- Full connection records including source IP, destination IP, protocol, port, bytes transferred, and session timing
- Not limited to DNS queries - captures all TCP/UDP flows
- Filterable and sortable views; save custom filter presets for repeated analysis
- Useful for diagnosing bandwidth issues, identifying unexpected connections, and post-incident investigation
---
### Pro Feature 5: Anomaly and Pattern Detection
Building on DPI and session logging, Routlin Pro will surface unusual network patterns automatically:
- Large or unexpected outbound data transfers
- TCP SYN flood indicators
- Unexpected VPN or tunneling activity
- P2P and torrent detection
- High usage outside configured hours (e.g. overnight activity on a device that should be idle)
- New device types appearing on the network
Anomalies generate alerts in the dashboard and can optionally trigger automated responses such as device isolation or rate limiting.
---
### Pro Feature 6: Restricted VLANs
Routlin Pro will allow any VLAN to be designated as "restricted" - blocking all internet access for devices on that VLAN while still allowing local communication.
Use cases include:
- **IoT and smart home devices** - devices that need to talk to each other locally but should never reach the internet
- **Security cameras** - local NVR access only, no cloud uploads
- **Guest networks** - complete WAN isolation
- **Kids' devices** - internet access blocked, local resources still reachable
- **Security and privacy** - isolate local LLMs or prevent untrusted software from dialing out
Restricted VLANs work in combination with Routlin's existing inter-VLAN exception rules, so a restricted device can still be granted access to a specific device or subnet on another VLAN (e.g. a NAS or a print server) without opening internet access.
---
### Pro Feature 7: Supplicant-Based 802.1X Authentication
Routlin currently supports MAC Authentication Bypass (MAB), where the switch or AP sends a device's MAC address to RADIUS passively - the device itself does nothing. This is easy to deploy but MAC addresses can be spoofed.
Routlin Pro will add full supplicant-based 802.1X, where the client device actively participates in authentication using:
- **EAP-PEAP / EAP-TTLS** - username and password credentials, common for corporate WiFi where employees authenticate with domain credentials
- **EAP-TLS** - client certificates installed on each device, the most secure option
- Certificate management for issuing and revoking client credentials
This allows individual device certificates to be revoked without changing network passwords, and prevents unauthorized devices from gaining access even if they spoof a known MAC address.
---
## Summary Table
| Goal | Priority | Estimated Cost |
|------|----------|---------------|
| Testing/integration server | High | $800 - $1,500 |
| Second ISP connection | High | $40 - $80/mo ongoing |
| Network equipment assortment | High | $1,500 - $3,000 |
| Router hardware targets | Medium | $300 - $600 |
| Development time | High | Variable |
| Routlin Pro development | High | Variable |
---
*Routlin is open source software for people who want real control over their home network.*
Reference in a new issue View git blame Copy permalink