| docker | ||
| routlin | ||
| ADMINISTRATORS_GUIDE.md | ||
| debug_leases.py | ||
| FUNDRAISING.md | ||
| PRO_FEATURES.md | ||
| RADIUS_CAPTIVE_PORTAL.md | ||
| README.md | ||
Routlin
Turn any Linux machine with two NICs into an enterprise-grade router and firewall. Ditch vendor-gated appliances and opaque firmware while keeping your machine fully multipurpose and under your control. Manage VLANs, NAT, DNS, DHCP, VPN, RADIUS, mDNS, and content filtering through a modern web dashboard - all built on battle-tested Linux tools you already trust.
Designed to integrate seamlessly with existing enterprise and prosumer networking hardware.
Why Replace Your Router?
Consumer and prosumer router appliances are constrained by OEM firmware. Security patches depend entirely on the vendor's release schedule, features are limited by design, and devices that reach end of life get abandoned with no further updates - leaving permanent security holes on your network.
Running your router on a general-purpose Linux machine gives you:
- Faster speeds - Use real computer hardware that outperforms consumer appliances
- Full flexibility - Any configuration that Linux supports
- Better security - Patch your kernel and packages on your schedule, not the vendor's
What Routlin Does
Routlin installs and manages battle-hardened Linux networking software - dnsmasq, nftables, freeradius, wireguard, avahi, and chrony - using a configuration file and a web dashboard. The scripts are not daemons; they configure the real software and get out of the way.
VLANs and Network Segmentation - Slice your network into isolated segments: a trusted LAN, a guest Wi-Fi, an IoT VLAN, a camera network. Each VLAN gets its own DHCP pool, DNS resolver, and firewall rules. Devices on different VLANs cannot reach each other unless you explicitly allow it.
DNS Filtering and Content Blocking - Block ads, malware, and trackers at the DNS level across your whole network. Apply different blocklists to different VLANs - strict filtering on the kids' network, none on the server VLAN. Blocklists update automatically on a daily schedule.
WireGuard VPN - Connect remotely to your home network from anywhere. Routlin configures the WireGuard server, generates keypairs, and produces ready-to-import client config files. Per-peer split-tunnel and full-tunnel routing supported.
RADIUS and 802.1X - Assign devices to VLANs dynamically based on their MAC address using your managed switch or access point. No more manually configuring per-port VLANs on your switch - plug in a device and it lands in the right network automatically.
DDNS - Keep a hostname pointed at your home IP even when your ISP changes it. Supports Cloudflare, No-IP, and DuckDNS with automatic rotation across multiple IP-check services.
Web Dashboard - A clean, modern interface for managing everything without editing JSON by hand. Changes are validated, queued, and applied to the live system automatically.
Two Editions
Routlin CE - Free for Individual Use
Routlin CE is the core product and is free for personal, non-commercial use. It includes everything described above: VLANs, DHCP, DNS filtering, WireGuard VPN, RADIUS/802.1X, DDNS, mDNS reflection, port forwarding, the web dashboard, and more.
Routlin Pro - Paid License
Routlin Pro is a paid license tier with advanced security and monitoring features suited for businesses, managed networks, and power users who need deeper visibility and control.
Deep Packet Inspection and Device Identification - See exactly what every device on your network is doing. Routlin Pro automatically classifies devices and identifies traffic types in real time - streaming, gaming, P2P, VoIP, and more - feeding into a Security Insights dashboard and per-device traffic rules.
Intrusion Detection and Prevention (IDS/IPS) - Monitor your network for known threat signatures across all traffic, not just DNS. Choose alert-only mode or automatic blocking. Signature database updated regularly, with an optional extended commercial threat feed.
SSL/TLS Traffic Inspection - See inside encrypted HTTPS traffic for security monitoring and content filtering. Routlin Pro decrypts, inspects, and re-encrypts on the fly, enabling IDS/IPS and anomaly detection to work on traffic that would otherwise be completely opaque.
Traffic Flows (Session Logging) - A full log of every TCP and UDP connection through the router: source, destination, port, bytes, and timing. Filter, sort, and save presets. Invaluable for diagnosing bandwidth problems or investigating unexpected activity.
Anomaly and Pattern Detection - Routlin Pro watches for unusual behavior automatically: unexpected large transfers, SYN flood indicators, overnight activity on idle devices, new device types appearing, and more. Anomalies surface as dashboard alerts and can trigger automated responses like device isolation or rate limiting.
Restricted VLANs - Prevent devices on a VLAN from ever contacting the internet. Perfect for IoT devices, security cameras, NAS, printers, or anything that should never phone home. Works alongside inter-VLAN exception rules so you can still reach quarantined devices from inside the LAN.
Supplicant-Based 802.1X Authentication - Go beyond MAC-based authorization. Routlin Pro adds full EAP-PEAP, EAP-TTLS, and EAP-TLS support, letting devices authenticate with credentials or certificates. Revoke individual device access without changing network passwords - and block anyone spoofing a known MAC.
Captive Portal - Turn any VLAN into a captive portal with a splash page, time-limited vouchers, or full RADIUS login using your existing user accounts. Ideal for guest networks, venues, or any situation where you need to control and track who gets access.
Software Dependencies
install.py checks for these and will prompt to install any that are missing.
| Dependency | Purpose |
|---|---|
python3 |
Runs all scripts |
systemd |
Service, timer, networkd, and timesyncd management |
dnsmasq |
DHCP and DNS |
nftables |
Firewall, NAT, and port forwarding |
chrony |
NTP server for the router and VLAN clients |
freeradius |
RADIUS server for dynamic VLAN assignment |
avahi-daemon |
mDNS reflection across VLANs |
wireguard-tools |
WireGuard VPN (when VPN VLANs are configured) |
docker |
Runs the Routlin Dashboard container (dashboard only) |
caddy |
Reverse proxy for external HTTPS access to the dashboard (optional) |
Hardware Requirements
- A Linux server with at least two Ethernet NICs
- One NIC connected to your ISP modem or ONT (WAN)
- One NIC connected to your internal switch (LAN)
For command-line usage without the dashboard, see ADMINISTRATORS_GUIDE.md.