Tuesday, December 12, 2006
Friday, December 08, 2006
The end of year is meant to wind down, not up!
Reaching record number of calls and faults and all in addition to excessive amount of work and controversy.
A number of AccessEzy sites are supplied by RedMedia DSL connections, the typical 1.5Mbit style ones. These have been up and down over the past two days for more than 12hrs at a time thanks to a extremely poor planned and executed changeover of hosting facilities by RedMedia. So you can think of 31 sites down with multiple customers per site all raging at us.
In addition to that turmoil there's this ongoing issue with one of our oldest student accommodation sites. We have been supplying students in-room Internet access at Unicentral for quite sometime. We have always fought to reduce prices and efforts to make things easier for the students, the on-site management and us. We have even lasted through 4 changes of management...
Now the current management wish to ditch us outright in exchange for a new wireless carrier that has recently grown a presence in the area. They seem to think all the infrastructure belongs to the body corporate when in fact it was installed and paid for by us... I'm leaving it to the legals before flexing my technical powers to reduce them to nothing.
On a positive note I have been dealing with the Curtin University in organising the take over of their Student Accommodation Internet services. Everything seems good - they already have a top quality infrastructure in place (Cisco 2950 and 3550 series switches), 100Mbit to each room and its all managed by the Uni. I simply have to install an access controller and they do the rest. Of course I need to organise the backhaul internet feed and backend management software/hardware, but this is looking a lot more easier than micro-managing the site itself.
Got to do a plan to set up wifi in a hotel in Adelaide and inspect a new site in Noosa. Plus do a site revision at another inherited site in Mooloolaba :/ I go on holidays soon too :(
A number of AccessEzy sites are supplied by RedMedia DSL connections, the typical 1.5Mbit style ones. These have been up and down over the past two days for more than 12hrs at a time thanks to a extremely poor planned and executed changeover of hosting facilities by RedMedia. So you can think of 31 sites down with multiple customers per site all raging at us.
In addition to that turmoil there's this ongoing issue with one of our oldest student accommodation sites. We have been supplying students in-room Internet access at Unicentral for quite sometime. We have always fought to reduce prices and efforts to make things easier for the students, the on-site management and us. We have even lasted through 4 changes of management...
Now the current management wish to ditch us outright in exchange for a new wireless carrier that has recently grown a presence in the area. They seem to think all the infrastructure belongs to the body corporate when in fact it was installed and paid for by us... I'm leaving it to the legals before flexing my technical powers to reduce them to nothing.
On a positive note I have been dealing with the Curtin University in organising the take over of their Student Accommodation Internet services. Everything seems good - they already have a top quality infrastructure in place (Cisco 2950 and 3550 series switches), 100Mbit to each room and its all managed by the Uni. I simply have to install an access controller and they do the rest. Of course I need to organise the backhaul internet feed and backend management software/hardware, but this is looking a lot more easier than micro-managing the site itself.
Got to do a plan to set up wifi in a hotel in Adelaide and inspect a new site in Noosa. Plus do a site revision at another inherited site in Mooloolaba :/ I go on holidays soon too :(
Monday, November 27, 2006
AccessPlus Captive Portal User Interface
The following are screen shots of my Hotspot User Interface:
UserLogin: The first screen presented to the user when they connect and attempt to go to a website (their session is hijacked by the Access Controller).
ErrorGeneration: Errors are generated on a per screen basis.
CreateUser: Since the new user does not have an account yet, they can click on 'Create User' and make their own account.
UserStatus: Once a user has logged in, or has created a new account they will be presented with a screen that shows the status of their account. The image provided here shows a "transient" account that has 1.26Hrs of Session Time and almost 4.3Gb of data remaining. A new user will have zero values, and a "subscriber" will have an expiry date instead. A voucher user will have both a Session Time and a Expiry date.
UserInfo: Optional user information and be viewed and edited by the user via the UserInfo screen. This is mostly used for subscriber/longer term accounts.
ProductList: This screen lists the available products for the given location. These are separated into categories; Packages are a combination of Data/Time, Data is just that, and Subscription is time. So they can purchase a combination or pick and choose their own.
CartList: Selected products are added to the users cart.
Payment: Once a user has completed selecting various products and updating their cart, they will then 'checkout' using the payment screen.
PostPayment: After a successful payment they are presented with a before and now summary screen.
Other features:
Receipts are e-mailed (will allow users to generate copies)
Purchase history is kept (will eventually allow users to browse this information)
Usage History is kept (will allow users access soon)
Various processes etc are logged on the server
Multi-Location support (with custom templates/pricing plans etc)
Currently Compatible with Mikrotik RouterOS and Colubris MSCs
Supports Multiple Payment Gateways
Supports Roaming Users with opt-in/opt-out location support
Various other features not listed.
UserLogin: The first screen presented to the user when they connect and attempt to go to a website (their session is hijacked by the Access Controller).
ErrorGeneration: Errors are generated on a per screen basis.
CreateUser: Since the new user does not have an account yet, they can click on 'Create User' and make their own account.
UserStatus: Once a user has logged in, or has created a new account they will be presented with a screen that shows the status of their account. The image provided here shows a "transient" account that has 1.26Hrs of Session Time and almost 4.3Gb of data remaining. A new user will have zero values, and a "subscriber" will have an expiry date instead. A voucher user will have both a Session Time and a Expiry date.
UserInfo: Optional user information and be viewed and edited by the user via the UserInfo screen. This is mostly used for subscriber/longer term accounts.
ProductList: This screen lists the available products for the given location. These are separated into categories; Packages are a combination of Data/Time, Data is just that, and Subscription is time. So they can purchase a combination or pick and choose their own.
CartList: Selected products are added to the users cart.
Payment: Once a user has completed selecting various products and updating their cart, they will then 'checkout' using the payment screen.
PostPayment: After a successful payment they are presented with a before and now summary screen.
Other features:
Receipts are e-mailed (will allow users to generate copies)
Purchase history is kept (will eventually allow users to browse this information)
Usage History is kept (will allow users access soon)
Various processes etc are logged on the server
Multi-Location support (with custom templates/pricing plans etc)
Currently Compatible with Mikrotik RouterOS and Colubris MSCs
Supports Multiple Payment Gateways
Supports Roaming Users with opt-in/opt-out location support
Various other features not listed.
Thursday, November 16, 2006
Another hotspot
A new hotspot is now located on top of the Sirocco building, Mooloolaba. It is simply tacked onto a 2.4GHz to 5.8GHz wireless bridge - had a spare wireless interface so I decided to use it.
It is currently attached to a 15dBi Yagi antenna pointing west. This should offer coverage to the new buildings located on the 'mountain view' side of the Sirocco building. I will look at replacing this antenna with a 180° sector with a down tilt bracket.
While this hotspot is running the same system as the various Maroochy hotspots I have in place, it wasn't requested by the Maroochy Shire Council. I will change it over to an alternative interface as soon as I've completed all the changes.
I have been slowly revamping my hotspot user interface. It's okay, but I can see that it needs a considerable amount of improvement and I should be making it a lot more modular. I guess I'm just trying to get something that works out into production first and then work on re-writing large chunks of code into reusable modules. I should also be rolling it up into a nice installer...
It is currently attached to a 15dBi Yagi antenna pointing west. This should offer coverage to the new buildings located on the 'mountain view' side of the Sirocco building. I will look at replacing this antenna with a 180° sector with a down tilt bracket.
While this hotspot is running the same system as the various Maroochy hotspots I have in place, it wasn't requested by the Maroochy Shire Council. I will change it over to an alternative interface as soon as I've completed all the changes.
I have been slowly revamping my hotspot user interface. It's okay, but I can see that it needs a considerable amount of improvement and I should be making it a lot more modular. I guess I'm just trying to get something that works out into production first and then work on re-writing large chunks of code into reusable modules. I should also be rolling it up into a nice installer...
Wednesday, October 25, 2006
Mudjimba Hotspot Up and Running
Installed a WRAP2 Hotspot AP/Router on the Santorini Building last week, Don just installed the Netgear WG102 repeater at the actual Park this morning. Everything is go and that concludes the rollout of hotspots to each of the Maroochy Council's Caravan Parks.
Now I will concentrate on improving the service and obtaining as much feedback as possible. I will contact a few of the larger privately held caravan parks in the immediate area and see if they are interested in implementing the service. At about $2.5k a pop, it isn't exactly expensive for the service offered, plus it delivers income etc.
Now I will concentrate on improving the service and obtaining as much feedback as possible. I will contact a few of the larger privately held caravan parks in the immediate area and see if they are interested in implementing the service. At about $2.5k a pop, it isn't exactly expensive for the service offered, plus it delivers income etc.
Tuesday, September 19, 2006
Cotton Tree Caravan Park Upgrade
Don and I have recently installed a wireless repeater at the Cotton Tree Caravan park Maroochydore. This is to boost the existing signal from the main Access Point at the Administration Building to the western parts of the park.
Now only a small black spot is remaining near the South West corner - we will have to gauge demand to see if installing another repeater is feasible.
The repeater is a simple Netgear WG102 Access Point configured as a WDS repeater. The antenna we used for this install is a Hills 4+4 slot (double sided) wave guide. The WG102 is a nifty little Access Point - it supports all the necessary standards and has a excellent feature set for its size and cost ($200RRP AUD). It also supports 802.3af compliant Power over Ethernet - we had to use a Linksys POE12 kit ($100RRP) with it as Netgear doesn't supply anything similar.
I housed the WG102 in a small weather proof enclosure which is screwed directly to the antenna mast.
All up it was a fairly simple exercise and didn't cost all that much - about $800 in total. Took us 3hrs to do the install. Making it all neat and using conduit etc is what takes the most time.
Now only a small black spot is remaining near the South West corner - we will have to gauge demand to see if installing another repeater is feasible.
The repeater is a simple Netgear WG102 Access Point configured as a WDS repeater. The antenna we used for this install is a Hills 4+4 slot (double sided) wave guide. The WG102 is a nifty little Access Point - it supports all the necessary standards and has a excellent feature set for its size and cost ($200RRP AUD). It also supports 802.3af compliant Power over Ethernet - we had to use a Linksys POE12 kit ($100RRP) with it as Netgear doesn't supply anything similar.
I housed the WG102 in a small weather proof enclosure which is screwed directly to the antenna mast.
All up it was a fairly simple exercise and didn't cost all that much - about $800 in total. Took us 3hrs to do the install. Making it all neat and using conduit etc is what takes the most time.
Monday, September 18, 2006
Some Maroochy Hotspot Statistics
Here is a chart generated from the database via some query wizardry (and sadly, MS Excel)...
Over 13 weeks 1220.34Hrs and 6652.20Mb used and $1,673.00 total income (retail). That equates to about $1.37/Hr or $0.25/Mb. However that doesn't take into account unused prepaid data, which brings it down to about $0.12/Mb.
Over 13 weeks 1220.34Hrs and 6652.20Mb used and $1,673.00 total income (retail). That equates to about $1.37/Hr or $0.25/Mb. However that doesn't take into account unused prepaid data, which brings it down to about $0.12/Mb.
Sunday, September 17, 2006
Various updates
Quick run down on what's happening.
Mudjimba Caravan park installation is progressing slowly. Mainly because it is tied up with some silly in building cabling requirement. So the AP won't be installed until the cabling has been done. The AP will be the actual Hotspot/WRAP2 one so the hotspot service will be available throughout most of the Mudjimba beach area. The Caravan park will be using a Netgear WG102 AP set to WDS repeater.
Colubris have been in contact with me regarding the non-standard use of radius attribute values. I've provided them with comparisons with Cisco products etc - they still want more details such as packet captures :/ Odd how I'm expected to prove to them that they're off standard, I'M THE ONE PAYING FOR THE PRODUCT.
Soon I will possess a few newer ThinLinx devices that are considerably less buggy than these test units we currently have. So I will be posting a mini-review on those soon.
Paul from Yawarra has informed me that he's getting closer to having a few functional Commell LE-564 and LE-565 Embedded Industrial i386 platforms to sell to the Australian market. I will be using them as PPPoE Access Concentrator for in-building subscriber networks. Also I will use them as mini-servers to host AAA services to these buildings - so it will be a turn key package, I hope.
Maybe one day I won't need a central backend service - just have many little ones distributed across multiple sites. The backend will simply turn into a monitoring and administration thing. Have to figgure out the best way to get FreeBSD operating well on these little devices and self update from a central package repository. Shouldn't be too difficult.
Mudjimba Caravan park installation is progressing slowly. Mainly because it is tied up with some silly in building cabling requirement. So the AP won't be installed until the cabling has been done. The AP will be the actual Hotspot/WRAP2 one so the hotspot service will be available throughout most of the Mudjimba beach area. The Caravan park will be using a Netgear WG102 AP set to WDS repeater.
Colubris have been in contact with me regarding the non-standard use of radius attribute values. I've provided them with comparisons with Cisco products etc - they still want more details such as packet captures :/ Odd how I'm expected to prove to them that they're off standard, I'M THE ONE PAYING FOR THE PRODUCT.
Soon I will possess a few newer ThinLinx devices that are considerably less buggy than these test units we currently have. So I will be posting a mini-review on those soon.
Paul from Yawarra has informed me that he's getting closer to having a few functional Commell LE-564 and LE-565 Embedded Industrial i386 platforms to sell to the Australian market. I will be using them as PPPoE Access Concentrator for in-building subscriber networks. Also I will use them as mini-servers to host AAA services to these buildings - so it will be a turn key package, I hope.
Maybe one day I won't need a central backend service - just have many little ones distributed across multiple sites. The backend will simply turn into a monitoring and administration thing. Have to figgure out the best way to get FreeBSD operating well on these little devices and self update from a central package repository. Shouldn't be too difficult.
Monday, September 04, 2006
Mudjimba Hotspot on the way
Finially progress has been made to get the final Maroochy hotspot in place at the Mudjimba Caravan park. It was a case of asking the body corporate of the Santorini building very nicely if we could use their roof as a repeater point for our wider area wireless network.
This way we have managed to put 5 of the 6 sites on our own infrastructure. Only Coolum relies upon a third party DSL service that is currently running at 99.18% availability as opposed to the 99.99% average the others are getting.
I will focus on installing similar hotspots in Noosa and if applicable - Caloundra. That way will have key coverage in most areas along the coast. Who knows, I may target other parks in SE QLD.
This way we have managed to put 5 of the 6 sites on our own infrastructure. Only Coolum relies upon a third party DSL service that is currently running at 99.18% availability as opposed to the 99.99% average the others are getting.
I will focus on installing similar hotspots in Noosa and if applicable - Caloundra. That way will have key coverage in most areas along the coast. Who knows, I may target other parks in SE QLD.
Saturday, September 02, 2006
Praise!
I'd like to say a special thank you to Ben Johns for going out of his way to help solve a problem I had logging on to AccessPlus at the hotspot in Coolum (at the caravan park). He was especially patient, and talked me through several possible solutions on the telephone. When these didn't work he went to Coolum to check the hotspot was functioning properly, then even came to check out my laptop. I now have it working smoothly. After doing all this, I, for one, know a bit more about wireless networking, and I am sure Ben will have more answers when the same problem happens to someone else.
The hotspot is a great service, especially as I am able to get information I need while away on holiday.
Thanks for the initiative.
Gratefully
Deanna Ross
The hotspot is a great service, especially as I am able to get information I need while away on holiday.
Thanks for the initiative.
Gratefully
Deanna Ross
Friday, September 01, 2006
Colubris not playing the game
Many people who operate 'with' the Internet, such as the poor individuals who slave away in the background to make sure you can read this blog, know of and generally abide by RFCs.
An RFC is a 'Request For Comment'. The wikipedia definition is as follows:
These RFCs assure a level of interoperability which is what makes the Internet tick. If two entities do not know how to communicate you can be assured that nothing will be achieved. RFCs offer a way for two entities to learn how to communicate with each other. Its comparable to a language dictionary.
With that in mind imagine how surprised I was when I discovered that a these Colubris CN3200 Access Controllers I'm playing with do NOT abide by the applicable RFCs. They do something that is very sinister and anti-competitive to say the least.
What they have done is alternated the values sent back to the RADIUS. "So" you might say? These two values are AcctInputOctets and AcctOutputOctets (same for packets, but that doesn't bother me as much). These values are Uploads and Downloads - everything done upon the Internet involves a combination of these two activities. The particular RFC is 2866 if you're that bored.
Now I work with Cisco and Mikrotik software and hardware. Both of which abide by the appropriate RFCs thus playing by the rules. Toss in a Colubris unit and it complicates and undoes this harmony. Now I have to run up another RADIUS box with special modifications to allow me to translate the swapped values to the correct ones in my database. A waste of time and resources when they can simply do what is expected.
Their response when I queried them about this was that "99% of their customers don't have a problem". You can guess my reaction.
My suggestion to you is that if you are in the market for Hotspot Access Controllers - avoid Colurbis. They're welcome to do innovative things but voiding industry accepted practices is unnecessary.
UPDATE:
Well that was a whole lot of time and effort for nothing. I jumped through all the hoops identifying and providing all the evidence they wanted. Compared it against Cisco accounting methods and everything.
Got a call from their Australian product engineer saying "it's a matter of interpretation". He's referring to the RFC and from what perspecting the accounting to be taken. I guess Cisco isn't a good enough de-facto standard.
They're going to try and put it through as a 'product enhancement request' but there has to be a valid business case behind it - and apparently mine isn't particularly valid - bearing the fact that data usage is what costs money in Australia, not time.
My suggestion at this stage - DO NOT USE COLUBRIS if you wish to run multiple brands of NASs with data based accounting.
FreeRADIUS Debug Output:
Output from FreeRADIUS Debug:
Cisco Router:
Colubris CN3200 (4.1.1):
An RFC is a 'Request For Comment'. The wikipedia definition is as follows:
In computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies.
Wikipedia
These RFCs assure a level of interoperability which is what makes the Internet tick. If two entities do not know how to communicate you can be assured that nothing will be achieved. RFCs offer a way for two entities to learn how to communicate with each other. Its comparable to a language dictionary.
With that in mind imagine how surprised I was when I discovered that a these Colubris CN3200 Access Controllers I'm playing with do NOT abide by the applicable RFCs. They do something that is very sinister and anti-competitive to say the least.
What they have done is alternated the values sent back to the RADIUS. "So" you might say? These two values are AcctInputOctets and AcctOutputOctets (same for packets, but that doesn't bother me as much). These values are Uploads and Downloads - everything done upon the Internet involves a combination of these two activities. The particular RFC is 2866 if you're that bored.
Now I work with Cisco and Mikrotik software and hardware. Both of which abide by the appropriate RFCs thus playing by the rules. Toss in a Colubris unit and it complicates and undoes this harmony. Now I have to run up another RADIUS box with special modifications to allow me to translate the swapped values to the correct ones in my database. A waste of time and resources when they can simply do what is expected.
Their response when I queried them about this was that "99% of their customers don't have a problem". You can guess my reaction.
My suggestion to you is that if you are in the market for Hotspot Access Controllers - avoid Colurbis. They're welcome to do innovative things but voiding industry accepted practices is unnecessary.
UPDATE:
Well that was a whole lot of time and effort for nothing. I jumped through all the hoops identifying and providing all the evidence they wanted. Compared it against Cisco accounting methods and everything.
Got a call from their Australian product engineer saying "it's a matter of interpretation". He's referring to the RFC and from what perspecting the accounting to be taken. I guess Cisco isn't a good enough de-facto standard.
They're going to try and put it through as a 'product enhancement request' but there has to be a valid business case behind it - and apparently mine isn't particularly valid - bearing the fact that data usage is what costs money in Australia, not time.
My suggestion at this stage - DO NOT USE COLUBRIS if you wish to run multiple brands of NASs with data based accounting.
FreeRADIUS Debug Output:
Output from FreeRADIUS Debug:
Cisco Router:
rad_recv: Accounting-Request packet from host 10.2.1.160:1646, id=9, length=138
NAS-IP-Address = 10.2.1.160
NAS-Port = 4294967287
NAS-Port-Type = Virtual
User-Name = "bjohns@accessezy"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000003"
Framed-Protocol = PPP
Framed-IP-Address = 10.2.70.102
Acct-Terminate-Cause = User-Request
Acct-Input-Octets = 44538
Acct-Output-Octets = 276365
Acct-Input-Packets = 265
Acct-Output-Packets = 320
Acct-Session-Time = 61
Acct-Delay-Time = 0
Colubris CN3200 (4.1.1):
rad_recv: Accounting-Request packet from host 192.168.129.221:32770, id=181, length=219
User-Name = "bjohns@accessezy"
NAS-Port = 1
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "R039-00443"
NAS-IP-Address = 192.168.129.221
Acct-Status-Type = Stop
Calling-Station-Id = "00-0B-DB-1A-F7-77"
Called-Station-Id = "00-03-52-02-98-DF"
Event-Timestamp = "Sep 13 2006 04:03:39 UTC"
Acct-Delay-Time = 0
Acct-Session-Id = "171fbc13"
Acct-Authentic = RADIUS
Acct-Session-Time = 29
Acct-Input-Octets = 218357
Acct-Input-Gigawords = 0
Acct-Input-Packets = 286
Acct-Output-Octets = 34912
Acct-Output-Gigawords = 0
Acct-Output-Packets = 212
Acct-Terminate-Cause = User-Request
Framed-IP-Address = 192.168.1.2
WISPr-Location-Name = "Colubris Networks"
Monday, August 28, 2006
That's out of the way
Well I've done it. I've successfully integrated the Colubris CN-3200 series access controller into my hotspot scripty thingy. The MSC-3200 'should' work too... I'll test that soon.
The hardest part was trying to decide on where to set the access controller type. I could have set in in the NAS table in the database which would make sense but that would mean doing something on the server side whenever you installed one of these things. So I did it on the other end. On the access controller you simply pass 'nas_brand=mikrotik/colubris' back with the rest of the user authen data. My scripts read that and tweak things in the background to suit.
The tweaks are mainly what to set in the database for the radius reply for that user and the slight modifications of the template files with the differences in login forms. I think I must have done something right for the start because doing this wasn't difficult at all.
Now I just have document the changes, make a pretty howto (not much to do there) and create suitable location content that reflects the corporate identity of accessEzy.
The hardest part was trying to decide on where to set the access controller type. I could have set in in the NAS table in the database which would make sense but that would mean doing something on the server side whenever you installed one of these things. So I did it on the other end. On the access controller you simply pass 'nas_brand=mikrotik/colubris' back with the rest of the user authen data. My scripts read that and tweak things in the background to suit.
The tweaks are mainly what to set in the database for the radius reply for that user and the slight modifications of the template files with the differences in login forms. I think I must have done something right for the start because doing this wasn't difficult at all.
Now I just have document the changes, make a pretty howto (not much to do there) and create suitable location content that reflects the corporate identity of accessEzy.
Wednesday, August 23, 2006
Colubris CN/MSC-3200 Access Controllers
I've been working on a hotspot backend system for the last three months and its been in production for almost two months now. Since it has been working so well they want me to adapt it for use in hotels.
The currently installed hotels use a Colubris CN-3200 or a MSC-3200 Access Controller. These units can interact with a backend service in a number of ways. Currently they use a "NOC" method where they simply pass everything to a remote server and then the remote server authenticates the user so the user never actually uses anything on the access controller itself.
The method which I use is that the access controller makes the initial connection and then passes the user through to a remote server. The remote server then passes the user back to the access controller which then authenticates against the remote server. This might sound like more effort/waste but it offers far more flexibility - for example I can have a remote web server and a separate authentication server. This is identical to how the Mikrotik RouterOS systems work.
Given this tweaking my application isn't too difficult. Just a case of either setting or detecting which access controller is in use and make the necessary adjustments to the templates and database. I should have this done in a few weeks since I have to revamp some bits to optimise the process.
It would be interesting to try some more access controller brands and see if I can achieve some across market compatibility. Although I'm happy with the RouterOS and Colubris units - together they cover pretty much every purpose I can think of.
The currently installed hotels use a Colubris CN-3200 or a MSC-3200 Access Controller. These units can interact with a backend service in a number of ways. Currently they use a "NOC" method where they simply pass everything to a remote server and then the remote server authenticates the user so the user never actually uses anything on the access controller itself.
The method which I use is that the access controller makes the initial connection and then passes the user through to a remote server. The remote server then passes the user back to the access controller which then authenticates against the remote server. This might sound like more effort/waste but it offers far more flexibility - for example I can have a remote web server and a separate authentication server. This is identical to how the Mikrotik RouterOS systems work.
Given this tweaking my application isn't too difficult. Just a case of either setting or detecting which access controller is in use and make the necessary adjustments to the templates and database. I should have this done in a few weeks since I have to revamp some bits to optimise the process.
It would be interesting to try some more access controller brands and see if I can achieve some across market compatibility. Although I'm happy with the RouterOS and Colubris units - together they cover pretty much every purpose I can think of.
Tuesday, August 15, 2006
Mooloolaba Beach WiFi
Completed the installation of the fourth Maroochy Hotspot site. Located at the Mooloolaba Beach caravan park it provides coverage to a large chunk of what is one of Australia's favourite tourist destinations. Google Maps link
Installation is the same as the others, however it receives its backhaul signal from us via a repeater located on top of the Raffles Resort Hotel just east of its location. Not the best situation to be in as I hate relying upon untrusted third parties for a mission critical feed. However the alternatives are limited - to run a phone line would be next to impossible and setting up a repeater point elsewhere would take time and money.
Now we have reasonable Hotspot coverage of the Mooloolaba/Maroochydore beach front. We also cover a large part of the northern Coolum beach frontage.
Mudjimba Caravan Park is still pending installation. We are talking with the owners of a few residential blocks nearby - we might be able to gain a feed from one of these locations into the park.
I have also updated the software versions running on the Mikrotik routers - they're now running 2.9.28. This new version introduces a new licensing scheme where the update period is now version based, not time based. Meaning that I can continue updating the routers up to the end of RouterOS v3 which could be 10 years from now. The old method was that you had 1 or 3 years to do updates.
Installation is the same as the others, however it receives its backhaul signal from us via a repeater located on top of the Raffles Resort Hotel just east of its location. Not the best situation to be in as I hate relying upon untrusted third parties for a mission critical feed. However the alternatives are limited - to run a phone line would be next to impossible and setting up a repeater point elsewhere would take time and money.
Now we have reasonable Hotspot coverage of the Mooloolaba/Maroochydore beach front. We also cover a large part of the northern Coolum beach frontage.
Mudjimba Caravan Park is still pending installation. We are talking with the owners of a few residential blocks nearby - we might be able to gain a feed from one of these locations into the park.
I have also updated the software versions running on the Mikrotik routers - they're now running 2.9.28. This new version introduces a new licensing scheme where the update period is now version based, not time based. Meaning that I can continue updating the routers up to the end of RouterOS v3 which could be 10 years from now. The old method was that you had 1 or 3 years to do updates.
Sunday, August 06, 2006
Coolum Beach Caravan Park WiFi
I can safely say that the Maroochy Council Coolum Beach Caravan Park now has wireless Internet access. Making a total of four Maroochy Parks enabled, two more to go.
The install was a bit involved as it required a separate Internet feed. We brought ADSL in to a phone point near the intended Hotspot location, set it up with a router and Access Point which transmits it to the actual Hotspot router located on the roof of a nearby building (the high point of the site). The DSL router and Access Point are located on the outside of a demountable building in a weather proof enclosure.
This saves everyone the hassle of digging trenches and running conduit and cables.
The equipment used is as follows:
Netgear DG834 ADSL Modem/Router
Senao NL-2611CB3 PLUS (Deluxe) Access Point w/5dBi antenna
WRAP2 w/8dBi planar directional and 10dBi Waveguide omni-directional antennas
The install was a bit involved as it required a separate Internet feed. We brought ADSL in to a phone point near the intended Hotspot location, set it up with a router and Access Point which transmits it to the actual Hotspot router located on the roof of a nearby building (the high point of the site). The DSL router and Access Point are located on the outside of a demountable building in a weather proof enclosure.
This saves everyone the hassle of digging trenches and running conduit and cables.
The equipment used is as follows:
Netgear DG834 ADSL Modem/Router
Senao NL-2611CB3 PLUS (Deluxe) Access Point w/5dBi antenna
WRAP2 w/8dBi planar directional and 10dBi Waveguide omni-directional antennas
Monday, July 31, 2006
The limited abilities of the Prism chipset
I've come to the conclusion that the Intersil Prism chipset is only good for the purposes it was originally manufactured for. That is a simple wireless client and maybe a very basic wireless access point. Use it for anything else and it 'might' work but generally it won't.
But even then it has its issues as I have discovered. When used within a Mikrotik RouterOS system it has issues with connecting to Access Points with WEP enabled. For example I attempted to connect to a Netgear DSL modem/router/AP and it would work fine for about 10min and then just stop responding even tho it is still associated. I managed to overcome this issue by using a seperate Senao Access Point, even then it didn't work 100% as it didn't want to talk to its wireless client neighbours, only the AP and the router behind it.
For now on I will be using CM9's and SR5/9 miniPCI cards, which are all Atheros based.
I wish there were more wireless chipset vendors that catered for this particular market - but I guess we can't have everything and consolidation was bound to occur.
But even then it has its issues as I have discovered. When used within a Mikrotik RouterOS system it has issues with connecting to Access Points with WEP enabled. For example I attempted to connect to a Netgear DSL modem/router/AP and it would work fine for about 10min and then just stop responding even tho it is still associated. I managed to overcome this issue by using a seperate Senao Access Point, even then it didn't work 100% as it didn't want to talk to its wireless client neighbours, only the AP and the router behind it.
For now on I will be using CM9's and SR5/9 miniPCI cards, which are all Atheros based.
I wish there were more wireless chipset vendors that catered for this particular market - but I guess we can't have everything and consolidation was bound to occur.
Monday, July 17, 2006
Thursday, July 13, 2006
Mikrotik RouterOS + Netgear WG102AU
A good combination for a hotspot + repeater setup on a reasonable budget.
As you know I have been working on setting up hotspots in a bunch of local caravan parks. A couple of these parks are spread over a large area with quite a few trees in and around potential client locations. Therefore a repeater will be necessary for full coverage of these locations.
Wireless Distribution System is a method for allowing APs to repeat of one another. Its not certified by the WiFi Alliance so it can be 'hit and miss' when getting two different Access Points talking to each other using this system. The Netgear WG102 works with the Mikrotik RouterOS 2.9.27 using a Senao 2511 (200mW) card.
The configurations are as follows.
RouterOS:
/ interface wireless set hotspot name="hotspot" ssid="hotspot" wds-mode=dynamic wds-default-bridge=wds_bridge
/ interface bridge add name="wds_bridge"
/ interface bridge port add interface=hotspot bridge=wds_bridge priority=128 path-cost=10 comment="" disabled=no
The mac address of the RouterOS hotspot interface is: 00:02:6F:39:58:4E
This is using the dynamic WDS mode - meaning that RouterOS will automatically add APs that wish to participate in a WDS style connection. It will also automatically add the dynamic WDS interfaces to a bridge interface to share with the physical wireless interface.
Netgear:
Under Security click Security Profile Settings. Select the first profile and click edit.
Set the Profile Name to repeater or whatever you like and then set the SSID to hotspot.
You can opt to have Wireless client Security Seperation if you do not wish to have clients talking to each other.
Within the Advanced group in the main menu on the left side, click Access Point Settings.
Check the box for Enable Wireless Bridging and Repeating on Security Profile 1.
Choose Repeater with Wireless Client Association and enter the above 'hotspot' mac address in the Parent AP MAC Address fields.
As you know I have been working on setting up hotspots in a bunch of local caravan parks. A couple of these parks are spread over a large area with quite a few trees in and around potential client locations. Therefore a repeater will be necessary for full coverage of these locations.
Wireless Distribution System is a method for allowing APs to repeat of one another. Its not certified by the WiFi Alliance so it can be 'hit and miss' when getting two different Access Points talking to each other using this system. The Netgear WG102 works with the Mikrotik RouterOS 2.9.27 using a Senao 2511 (200mW) card.
The configurations are as follows.
RouterOS:
/ interface wireless set hotspot name="hotspot" ssid="hotspot" wds-mode=dynamic wds-default-bridge=wds_bridge
/ interface bridge add name="wds_bridge"
/ interface bridge port add interface=hotspot bridge=wds_bridge priority=128 path-cost=10 comment="" disabled=no
The mac address of the RouterOS hotspot interface is: 00:02:6F:39:58:4E
This is using the dynamic WDS mode - meaning that RouterOS will automatically add APs that wish to participate in a WDS style connection. It will also automatically add the dynamic WDS interfaces to a bridge interface to share with the physical wireless interface.
Netgear:
Under Security click Security Profile Settings. Select the first profile and click edit.
Set the Profile Name to repeater or whatever you like and then set the SSID to hotspot.
You can opt to have Wireless client Security Seperation if you do not wish to have clients talking to each other.
Within the Advanced group in the main menu on the left side, click Access Point Settings.
Check the box for Enable Wireless Bridging and Repeating on Security Profile 1.
Choose Repeater with Wireless Client Association and enter the above 'hotspot' mac address in the Parent AP MAC Address fields.
Monday, July 10, 2006
Three sites up, three to go
So far the Mooloolaba (Parkyn Pde), Sea Breeze and Cotton Tree parks are up and going. Five people have actually signed up and paid for the service. Ten others have signed up and not paid. So 5 out of 15 signups isn't bad considering the service has only been in existence for a matter of weeks and NO promotion has been done.
Support overheads seem quite good in these early stages. I expected at least one call for each signup to get people connected, basically teaching them how to use wireless and the particulars of the service and the Internet. However I was pleasantly surprised to see people connecting and signing up without having to contact us, which is fantastic!
I definitely need marketing materials for each site. The park manages do find it difficult to explain the service to people on top of the rest of what they have to tell guests. The council should have met us halfway with this and worked with us on some material that was deemed suitable by their standards. I think I will take an active role in this side of things and get something out the door.
The wireless coverage of the Cotton Tree park is less than I had originally hoped. It is the largest park and I am only covering the western half. Its bad only partially covering a given location - it creates disparity and people in the non-covered areas become hostile towards the service. I will push forward our plans to install a repeater within the western side of the park. This means rapidly sourcing and testing a compatible Access Point.
Mudjimba and Coolum Parks are troublesome. Coolum requires a bit of fancy wireless work to get DSL distributed to the Hotspot. Mudjimba has a problem where getting DSL to the site is difficult - it may need to be sourced outside the park and beamed in wirelessly.
Support overheads seem quite good in these early stages. I expected at least one call for each signup to get people connected, basically teaching them how to use wireless and the particulars of the service and the Internet. However I was pleasantly surprised to see people connecting and signing up without having to contact us, which is fantastic!
I definitely need marketing materials for each site. The park manages do find it difficult to explain the service to people on top of the rest of what they have to tell guests. The council should have met us halfway with this and worked with us on some material that was deemed suitable by their standards. I think I will take an active role in this side of things and get something out the door.
The wireless coverage of the Cotton Tree park is less than I had originally hoped. It is the largest park and I am only covering the western half. Its bad only partially covering a given location - it creates disparity and people in the non-covered areas become hostile towards the service. I will push forward our plans to install a repeater within the western side of the park. This means rapidly sourcing and testing a compatible Access Point.
Mudjimba and Coolum Parks are troublesome. Coolum requires a bit of fancy wireless work to get DSL distributed to the Hotspot. Mudjimba has a problem where getting DSL to the site is difficult - it may need to be sourced outside the park and beamed in wirelessly.
Wednesday, June 28, 2006
Cheap SSL Certificates
I'm posting this here more for reference sake then for blatent advertising.
http://www.ssl-certificates.com.au
Certificates start from $32.00 AUD and are the real thing - a root signed (Equifax Secure Corp) 128bit certificate. I'm not sure if its an anomaly, but the certificates show up as 256bit under firefox, which makes sense since IE only handles up to 128bit, so maybe they are 256bit certs?
Validation is easy, automated phone and e-mail as specified in their FAQ. Payment is via PayPal or 2CO, I only used the PayPal method with a credit card.
The ordering process is a bit 'all over the place', but its streamlined and not difficult to grasp. If it worries you then you can get a FreeSSL certificate that lasts 30days and try it out - the process is identical minus the payment process. Plus when you update a FreeSSL certificate to a paid one, you get a few months bonus.
I didn't get paid to write this, I'm simply a happy customer.
http://www.ssl-certificates.com.au
Certificates start from $32.00 AUD and are the real thing - a root signed (Equifax Secure Corp) 128bit certificate. I'm not sure if its an anomaly, but the certificates show up as 256bit under firefox, which makes sense since IE only handles up to 128bit, so maybe they are 256bit certs?
Validation is easy, automated phone and e-mail as specified in their FAQ. Payment is via PayPal or 2CO, I only used the PayPal method with a credit card.
The ordering process is a bit 'all over the place', but its streamlined and not difficult to grasp. If it worries you then you can get a FreeSSL certificate that lasts 30days and try it out - the process is identical minus the payment process. Plus when you update a FreeSSL certificate to a paid one, you get a few months bonus.
I didn't get paid to write this, I'm simply a happy customer.
Sunday, June 25, 2006
More on the hotspot revamp
Well I have arrived at a point where I am satisfied that the hotspot backend. I will begin work on the administration and support interface while preparing to roll out the new sites.
Feature List:
ModPerl compatible - works with ModPerl::Registry.
Works with multiple Databases - SQL is multi-db compliant, well, it can be quite easily adapted
Data and Time tracking - tracks and charges for both time and data
Flexible payment gateway interface - I reference a payment proxy via https get/post
Only single host required - run multiple instances on a single virtual host
It only works with Mikrotik RouterOS (versions 2.8 and 2.9). I will develop another version that works with the Colubris MSC3200 series access controllers later on - but RouterOS + WRAP is far cheaper and considerably more flexible...
I have established the Marinanet variant of it and its looking the part - simple interface and quick pay and go subscriber process should make this quite the hit among our existing users.
Feature List:
ModPerl compatible - works with ModPerl::Registry.
Works with multiple Databases - SQL is multi-db compliant, well, it can be quite easily adapted
Data and Time tracking - tracks and charges for both time and data
Flexible payment gateway interface - I reference a payment proxy via https get/post
Only single host required - run multiple instances on a single virtual host
It only works with Mikrotik RouterOS (versions 2.8 and 2.9). I will develop another version that works with the Colubris MSC3200 series access controllers later on - but RouterOS + WRAP is far cheaper and considerably more flexible...
I have established the Marinanet variant of it and its looking the part - simple interface and quick pay and go subscriber process should make this quite the hit among our existing users.
Friday, June 16, 2006
Hotspots for Caravan Parks
As I have mentioned earlier, I have been working on a new hotspot system for our hotspots. This system will be initially used in the five caravan parks operated by the Maroochy Shire Council.
I have completed most of what needs to be done for the backend and router configuration. The only components left to do are receipt generation and account clean up (removing unused or old accounts). The roll out should proceed on time at the end of this month.
I will let the system run for a few months before I establish it as stable, during this time I will probably run a few tweaks etc. I need to sort out a few things with paths and file locations that I'm sure are well covered in the land of perl.
Once stable I will personally take it on to push the product into the Queensland road tourism market. Aiming mainly at the caravan parks that attract tourists and other temporary visitors. I may even try implementing the system at camping grounds - solar power and satellite?
If you are interested in this sort of system, feel free to contact me.
Maroochy hotspot prices page
I have completed most of what needs to be done for the backend and router configuration. The only components left to do are receipt generation and account clean up (removing unused or old accounts). The roll out should proceed on time at the end of this month.
I will let the system run for a few months before I establish it as stable, during this time I will probably run a few tweaks etc. I need to sort out a few things with paths and file locations that I'm sure are well covered in the land of perl.
Once stable I will personally take it on to push the product into the Queensland road tourism market. Aiming mainly at the caravan parks that attract tourists and other temporary visitors. I may even try implementing the system at camping grounds - solar power and satellite?
If you are interested in this sort of system, feel free to contact me.
Maroochy hotspot prices page
Monday, April 24, 2006
I forgot about Roma
I wrote about Townsville and Bundaberg and not Roma... The installation there was straight forward - lots of drilling of holes and snaking cords about. Otherwise the phone guy did his job fine and that was that.
It was at the Overlander Homestead Motor Inn Roma.
It was at the Overlander Homestead Motor Inn Roma.
Saturday, April 22, 2006
Marinanet now in Townsville
The installation at the Townsville Coast Guard was finalized on Tuesday (18th April). Dave checked out the signal from the Quarter Deck which showed up as strong and very usable - meaning that the area between the Casino to Anzac Park should be well covered. You may even pick up signal further along the strand however the Mariners North building will block most of the signal in that direction.
For more information please visit the Marinanet website.
Image showing an approximate coverage area:
For more information please visit the Marinanet website.
Image showing an approximate coverage area:
Another Bundaberg Installation Completed
The completion of the Boulevard Lodge install makes three hotel sites and one marina site active in Bundaberg. It would make it the third most covered area outside of Sunshine Coast and Brisbane.
The locations are as follows:
The installation was straight forward and was fairly simple to neatly install the in-room equipment. The location of the phone system made for space constraints, had to sit the cabinet on the floor. Hardly had enough space with the inclusion of the Austar rack. Heat was a concern so I lifted a ceiling tile to allow hot air to escape.
The installation was done by Willow and myself, Phones@Work did the phone system modifications.
While time was in short supply, Willow and I still managed to go on a tour of the Bundaberg Rum Distillery. Couldn't take a camera into the place because of the amount of alcohol present (fire is a bad thing) and it was also deemed a food preparation area. Otherwise the products came a with a nice tour discount - I purchased a bottle of Royal liquor for $33AUD.
The locations are as follows:
- Boulevard Lodge (Best Western)
- Bert Hinkler Motel
- Reef Gateway Motel (Best Western)
- Bundaberg Port Marina
The installation was straight forward and was fairly simple to neatly install the in-room equipment. The location of the phone system made for space constraints, had to sit the cabinet on the floor. Hardly had enough space with the inclusion of the Austar rack. Heat was a concern so I lifted a ceiling tile to allow hot air to escape.
The installation was done by Willow and myself, Phones@Work did the phone system modifications.
While time was in short supply, Willow and I still managed to go on a tour of the Bundaberg Rum Distillery. Couldn't take a camera into the place because of the amount of alcohol present (fire is a bad thing) and it was also deemed a food preparation area. Otherwise the products came a with a nice tour discount - I purchased a bottle of Royal liquor for $33AUD.
Friday, March 31, 2006
Back on the road again
It has been nearly 5 weeks since I have done an installation. During this time I've basically caught up on things and started planning for the next set of installs.
It looks like I will be in Townsville Friday next week and then in Roma the from Tuesday till Thursday the week after. Then the week after that I will be in Bundaberg. One Marinanet and two AccessEzy installations within three weeks. It's going to be hard, but I should be able to get it all done.
I think I might stay up in Townsville for the weekend, come back Sunday. However that would mean that I would have to pay for the car hire over those extra days. Pity I have bills due...
More to talk about later.
It looks like I will be in Townsville Friday next week and then in Roma the from Tuesday till Thursday the week after. Then the week after that I will be in Bundaberg. One Marinanet and two AccessEzy installations within three weeks. It's going to be hard, but I should be able to get it all done.
I think I might stay up in Townsville for the weekend, come back Sunday. However that would mean that I would have to pay for the car hire over those extra days. Pity I have bills due...
More to talk about later.
Thursday, March 23, 2006
Ubiquiti Networks SR5 400mW 802.11a Adapter
Title says it all - this is one fkn awesome adapter. Atheros chipset and lots and lots of power makes for an excellent AP/Point-to-Point setup.
We've spoken to Yawarra and we've got one on order from them, they're going to be another Australian supplier of Ubiquiti gear (currently there's only one other).
Essentially we're going to test a single SR5 based AP with two CM9 based clients using WRAP 1-1 devices on each end. We will be tossing our Proxim gear in exchange for these rigs if they test out okay, which I'm sure they will.
The normal RRP in Australia for the SR5 from Yawarra is $195.00 each inc GST. Add the $290 for the WRAP, $30 for the regulated power pack and $100 for the RouterOS license and you have a powerful AP/Router with the works for around $615.00. Quite a bit cheaper than a what is currently available which would probably only do half of what the ladder can do anyway - trust me we've used quite a few different systems: Wi-LAN, Redline, Proxim, Cisco...
We've spoken to Yawarra and we've got one on order from them, they're going to be another Australian supplier of Ubiquiti gear (currently there's only one other).
Essentially we're going to test a single SR5 based AP with two CM9 based clients using WRAP 1-1 devices on each end. We will be tossing our Proxim gear in exchange for these rigs if they test out okay, which I'm sure they will.
The normal RRP in Australia for the SR5 from Yawarra is $195.00 each inc GST. Add the $290 for the WRAP, $30 for the regulated power pack and $100 for the RouterOS license and you have a powerful AP/Router with the works for around $615.00. Quite a bit cheaper than a what is currently available which would probably only do half of what the ladder can do anyway - trust me we've used quite a few different systems: Wi-LAN, Redline, Proxim, Cisco...
Monday, March 20, 2006
Mikrotik RouterOS 2.9.14 P2P Wireless Link
This is going to get technical as its a reference article for the masses of RouterOS uses out there.
To establish a Point to Point wireless link using RouterOS 2.9.14 and the following hardware:
2 x PC Engines WRAP 1-1 (w/64Mb CF card)
2 x Senao NL-2511MP PLUS 200mW miniPCI wireless adaptor
2 x Hills 15dBi Grid Directional Antenna
Plus various bits of hardware for mounting and connecting the aforementioned items together. I used thin RG58 coaxial cable since I had power to spare and the distances weren't large.
Since the Prism chipset doesn't support hidden SSID nor WEP correctly while in AP mode I had to make up the security using other methods. So I included mac filtering, limited subnet and ipsec - I'll also include a tightened firewall to keep out the randoms, but that can wait.
I'm in the process of having our supplier of these bits and peices source Ubiquiti Networks SR5 wireless adapters. The specs are 400mW 802.11a (5.8GHz), with 100mW@54Mbps and very reasonable receive sensitivities. These cards would be much better solution for this point to point link, however the added costs of 5.8GHz antennas, cable, connectors and the adapters themselves would put this link in the red. However it does offer an upgrade path.
All electonic items were purchased from Yawarra Information Appliances (http://www.yawarra.com.au). I highly recommend them, excellent service and prompt delivery and more than happy to assist.
Antennas and associated mounting equipment were sourced from Hills Australia - DJC Wholesale Pty Ltd (http://www.djcoulter.com.au)
Connectors and coaxial cable were sourced from RF Industries Pty Ltd (http://www.rfindustries.com.au).
Budget came to about $1,500.ooAUD.
The RouterOS configuration particulars are as follows:
Office End:
Wireless Interface (P2P):
name="P2P" mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=no interface-type=Prismprism-cardtype=200mW radio-name="office" mode=bridge ssid="xxxxx" area="" frequency-mode=regulatory-domain country=australia antenna-gain=0 frequency=2462 band=2.4ghz-b scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps basic-rates-b=1Mbps max-station-count=2007 tx-power=23 tx-power-mode=all-rates-fixed periodic-calibration=default periodic-calibration-interval=60 dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled default-authentication=no default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms compression=no allow-sharedkey=no
Home End:
Wireless Interface (P2P):
name="P2P" mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=no interface-type=Prism prism-cardtype=200mW radio-name="home" mode=station ssid="xxxxx" area="" frequency-mode=regulatory-domain country=australia antenna-gain=0 frequency=2462 band=2.4ghz-b scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps basic-rates-b=1Mbps max-station-count=2007 tx-power=23 tx-power-mode=all-rates-fixed periodic-calibration=default periodic-calibration-interval=60 dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled default-authentication=no default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms compression=no allow-sharedkey=no
IPSec (both ends, substitute 'x' for appropriate addresses):
IPSec Peer:
address=192.168.254.xxx/32:500 /
secret="xxxxxxxxxxxxxxx" /
generate-policy=no exchange-mode=main /
send-initial-contact=yes proposal-check=obey /
hash-algorithm=md5 enc-algorithm=3des /
dh-group=modp1024 lifetime=12h lifebytes=0
IPSec Policy:
src-address=192.168.x.0/24:any /
dst-address=192.168.x.0/24:any protocol=all /
action=encrypt level=require ipsec-protocols=esp /
tunnel=yes sa-src-address=192.168.254.xxx /
sa-dst-address=192.168.254.xxx proposal=default /
manual-sa=none dont-fragment=clear
IPSec Proposal:
name="default" auth-algorithms=sha1 /
enc-algorithms=3des lifetime=30m /
lifebytes=0 pfs-group=modp1024
Since the network only consists of three subnets I made do wit h static routing. Dynamic routing is possible but adds complexity in a otherwise static network.
I may include 'watch' scripts that keep an eye on the link and makes appropriate configuration changes or interface restarts as necessary.
But otherwise, thats all there is to it.
To establish a Point to Point wireless link using RouterOS 2.9.14 and the following hardware:
2 x PC Engines WRAP 1-1 (w/64Mb CF card)
2 x Senao NL-2511MP PLUS 200mW miniPCI wireless adaptor
2 x Hills 15dBi Grid Directional Antenna
Plus various bits of hardware for mounting and connecting the aforementioned items together. I used thin RG58 coaxial cable since I had power to spare and the distances weren't large.
Since the Prism chipset doesn't support hidden SSID nor WEP correctly while in AP mode I had to make up the security using other methods. So I included mac filtering, limited subnet and ipsec - I'll also include a tightened firewall to keep out the randoms, but that can wait.
I'm in the process of having our supplier of these bits and peices source Ubiquiti Networks SR5 wireless adapters. The specs are 400mW 802.11a (5.8GHz), with 100mW@54Mbps and very reasonable receive sensitivities. These cards would be much better solution for this point to point link, however the added costs of 5.8GHz antennas, cable, connectors and the adapters themselves would put this link in the red. However it does offer an upgrade path.
All electonic items were purchased from Yawarra Information Appliances (http://www.yawarra.com.au). I highly recommend them, excellent service and prompt delivery and more than happy to assist.
Antennas and associated mounting equipment were sourced from Hills Australia - DJC Wholesale Pty Ltd (http://www.djcoulter.com.au)
Connectors and coaxial cable were sourced from RF Industries Pty Ltd (http://www.rfindustries.com.au).
Budget came to about $1,500.ooAUD.
The RouterOS configuration particulars are as follows:
Office End:
Wireless Interface (P2P):
name="P2P" mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=no interface-type=Prismprism-cardtype=200mW radio-name="office" mode=bridge ssid="xxxxx" area="" frequency-mode=regulatory-domain country=australia antenna-gain=0 frequency=2462 band=2.4ghz-b scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps basic-rates-b=1Mbps max-station-count=2007 tx-power=23 tx-power-mode=all-rates-fixed periodic-calibration=default periodic-calibration-interval=60 dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled default-authentication=no default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms compression=no allow-sharedkey=no
Home End:
Wireless Interface (P2P):
name="P2P" mtu=1500 mac-address=xx:xx:xx:xx:xx:xx arp=enabled disable-running-check=no interface-type=Prism prism-cardtype=200mW radio-name="home" mode=station ssid="xxxxx" area="" frequency-mode=regulatory-domain country=australia antenna-gain=0 frequency=2462 band=2.4ghz-b scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps basic-rates-b=1Mbps max-station-count=2007 tx-power=23 tx-power-mode=all-rates-fixed periodic-calibration=default periodic-calibration-interval=60 dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled default-authentication=no default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms compression=no allow-sharedkey=no
IPSec (both ends, substitute 'x' for appropriate addresses):
IPSec Peer:
address=192.168.254.xxx/32:500 /
secret="xxxxxxxxxxxxxxx" /
generate-policy=no exchange-mode=main /
send-initial-contact=yes proposal-check=obey /
hash-algorithm=md5 enc-algorithm=3des /
dh-group=modp1024 lifetime=12h lifebytes=0
IPSec Policy:
src-address=192.168.x.0/24:any /
dst-address=192.168.x.0/24:any protocol=all /
action=encrypt level=require ipsec-protocols=esp /
tunnel=yes sa-src-address=192.168.254.xxx /
sa-dst-address=192.168.254.xxx proposal=default /
manual-sa=none dont-fragment=clear
IPSec Proposal:
name="default" auth-algorithms=sha1 /
enc-algorithms=3des lifetime=30m /
lifebytes=0 pfs-group=modp1024
Since the network only consists of three subnets I made do wit h static routing. Dynamic routing is possible but adds complexity in a otherwise static network.
I may include 'watch' scripts that keep an eye on the link and makes appropriate configuration changes or interface restarts as necessary.
But otherwise, thats all there is to it.
Thursday, March 09, 2006
Servers and more servers
It appears we suddenly have a requirement for 4 new servers. These aren't just replacing existing servers (which need replacing...) but will take on all new tasks. Two are for internal use, meaning that they'll do things like host Microsoft 'Dynamics' CRM 3.0, Exchange, MSSQL and SharePoint. One will be for the new SAB Server (http://www.wificom.com) and the other will be for a cPanel (http://www.cpanel.com) webserver.
I hate having single task boxes. I know there are pros and cons, but having racks full of hardware that sits around idle for 90% of the time shits me. I'd rather see a server at 50% load most of the time and have space to stick my wine.
I guess I should give IBM a call and see what kickbacks.. I mean deals they can cut me for getting four servers. I think we'll need another 2 more by the end of the quarter anyway.
I hate having single task boxes. I know there are pros and cons, but having racks full of hardware that sits around idle for 90% of the time shits me. I'd rather see a server at 50% load most of the time and have space to stick my wine.
I guess I should give IBM a call and see what kickbacks.. I mean deals they can cut me for getting four servers. I think we'll need another 2 more by the end of the quarter anyway.
Sunday, February 19, 2006
Townsville complete and 6 days remaining till RadTrip '06
Yes, it's only 6 days until RadTrip '06 begins. I really can't wait to take the week off and simply forget absolutely everything about work and just sit back and hang with my mates drinking and eating. I've given the BBQ its yearly going over, resetting the plates by scrubbing off the old oil and preping with good quality olive oil at 200°C.
I'm going to keep the big beer fridge for the week, but afterwards I'll be swapping over for a smaller bar fridge and building a shelf with a sink as a new prep area for the BBQ.
The installation at the Cluden Park Motor Inn went smoothly and without issue. The phone guys where there a fair bit longer than I had anticipated but the cat5 cable runs too longer due to the weird layout of the building. I have to get them back out there again to run more cables to two more computers again this week.
Because there wasn't any in-room installations to be done I had the configuration of the core equipment knocked over in short time and all the tests done by lunch on the 2nd day. So I went and did a few site inspections with the sales guys Thursday arvo just to clarify a few things.
I'm going to keep the big beer fridge for the week, but afterwards I'll be swapping over for a smaller bar fridge and building a shelf with a sink as a new prep area for the BBQ.
The installation at the Cluden Park Motor Inn went smoothly and without issue. The phone guys where there a fair bit longer than I had anticipated but the cat5 cable runs too longer due to the weird layout of the building. I have to get them back out there again to run more cables to two more computers again this week.
Because there wasn't any in-room installations to be done I had the configuration of the core equipment knocked over in short time and all the tests done by lunch on the 2nd day. So I went and did a few site inspections with the sales guys Thursday arvo just to clarify a few things.
Wednesday, February 08, 2006
Bounce trip to Townsville
Brisbane to Townsville and back in a day is a rather hectic affair.
The flight out of Brisbane was for 8:40am arriving at Townsville at 10:40am but it managed to arrive 10 minutes early which were absorbed by the rental car folk dealing with their crashed booking system.
Planted my arse into a Nissan Pulsar with 9,000km on the clock and took off towards Wulguru. 20 minutes later I'm walking into the reception at the Cluden Park Motor Inn and saying hi to Vicki. Now spelling Vicki with an I on the end is apparently rare. I know this because my mother has the same name. Vicki was surprised that I remembered how it was spelt.
The site inspection took about an hour. I have quickly learned to take photos of absolutely everything that is even remotely associated with a possible installation - these take time. Turns out that there isn't any method of installing the equipment into the rooms neatly. So I will have to make up kits for the guests to use to connect themselves up with. Not perfect but the best solution given the situation.
After that I called the Coast Guard and made a time to meet them at 1:30pm, this gave me an hour for lunch which consisted of HJ's Country Chicken bagettes at Tim's place. After using him for his toilet facilities and chatting about his absurd addiction to Silkroad Online I ventured off towards the Townsville Port area to have a look at the Coast Guard building.
Half an hour later I arrived at the Coast Guard. Its an odd building as it's a two story concrete box sitting in the middle of no where on the breakwater. Its destined to be relocated to another water side location so not a lot has been done with the building for quite sometime - apart from the occasional repaint. What is odd is that it was designed to have a third and possibly fourth floor added so the roof is solid concrete. This poses a slight problem for me as I can't easily stick a hole in it for the antenna cable. I'll have to run the cable outside and up for about a meter.
While at the coast guard they were keen to show me around their million dollar vessel with twin 400hp screws and spacious interior - I wouldn't mind one.
After that I had about an hour to kill before I needed to be at the airport so I went back to Tim's place and veged out a bit more. Once at the airport I dropped the keys off for the car and waited an extra 20 minutes because of some issue with some luggage some guy had on the plane :/.
The flight back was fine although the landing was a bit hairy due to a huge cross wind - the plane had to accelerate when close to the ground to defeat the wind - makes for a slightly rougher landing. I quickly made my way out of the airport and paid the $28 for parking. The trip home was pretty good, no jams and managed to keep to the full speed limit. Arrived back at home at 7:30pm.
The flight out of Brisbane was for 8:40am arriving at Townsville at 10:40am but it managed to arrive 10 minutes early which were absorbed by the rental car folk dealing with their crashed booking system.
Planted my arse into a Nissan Pulsar with 9,000km on the clock and took off towards Wulguru. 20 minutes later I'm walking into the reception at the Cluden Park Motor Inn and saying hi to Vicki. Now spelling Vicki with an I on the end is apparently rare. I know this because my mother has the same name. Vicki was surprised that I remembered how it was spelt.
The site inspection took about an hour. I have quickly learned to take photos of absolutely everything that is even remotely associated with a possible installation - these take time. Turns out that there isn't any method of installing the equipment into the rooms neatly. So I will have to make up kits for the guests to use to connect themselves up with. Not perfect but the best solution given the situation.
After that I called the Coast Guard and made a time to meet them at 1:30pm, this gave me an hour for lunch which consisted of HJ's Country Chicken bagettes at Tim's place. After using him for his toilet facilities and chatting about his absurd addiction to Silkroad Online I ventured off towards the Townsville Port area to have a look at the Coast Guard building.
Half an hour later I arrived at the Coast Guard. Its an odd building as it's a two story concrete box sitting in the middle of no where on the breakwater. Its destined to be relocated to another water side location so not a lot has been done with the building for quite sometime - apart from the occasional repaint. What is odd is that it was designed to have a third and possibly fourth floor added so the roof is solid concrete. This poses a slight problem for me as I can't easily stick a hole in it for the antenna cable. I'll have to run the cable outside and up for about a meter.
While at the coast guard they were keen to show me around their million dollar vessel with twin 400hp screws and spacious interior - I wouldn't mind one.
After that I had about an hour to kill before I needed to be at the airport so I went back to Tim's place and veged out a bit more. Once at the airport I dropped the keys off for the car and waited an extra 20 minutes because of some issue with some luggage some guy had on the plane :/.
The flight back was fine although the landing was a bit hairy due to a huge cross wind - the plane had to accelerate when close to the ground to defeat the wind - makes for a slightly rougher landing. I quickly made my way out of the airport and paid the $28 for parking. The trip home was pretty good, no jams and managed to keep to the full speed limit. Arrived back at home at 7:30pm.
Monday, January 30, 2006
Bundaberg Installations
Over Wednesday, Thursday and Friday I installed VDSL based in-room broadband systems into the Bert Hinkler and Reef Gateway motels in Bundaberg. The installation at the Reef Gateway went smoothly but the Bert Hinkler didn't have the phone line with the DSL as Telstra said it would.
The lead up to the installation was going fine until I discovered the equipment was not ordered until 2 days before hand - apparently a fax order was sent the Friday before but wasn't followed up. As the equipment did not arrive until 6 hrs after I was due to leave for Bundaberg, my entire timetable was out by half a working day, for which I had to make up for. The PFY came up with some equipment that was left behind in my rush out the door, he turned out to be of good assistance, distributing the equipment to the rooms and tidying up the install after I was done. In the end I was only 1hr behind - dropping the rental car off at 6pm instead of the intended 5pm. Thursday was Australia Day, a public holiday for most, if not all...
There is still a few things that need to be done up there which I will finalise myself tomorrow, other things involve running data cable etc and that will take time that I don't have. I will leave that task up to the local contractors.
These installations are fkn hard work. Crawling under desks and drilling holes to fit cables, screwing adaptors to the underside of tables and shifting mini-bar fridges from out of their cavities to make use of their power point isn't particularly easy nor enjoyable. I'm no stranger to hard work I stacked and sorted scaffolding/formwork and made thousands of treated pine garden products in my early days and that kind of work was great - just get in and do it. This kind of work is difficult- organise everything, resolve all issues that arise and then continuously monitor the contractors and underlings while trying to get your own tasks done. Yet somehow the clients always like me, must be doing something right.
The lead up to the installation was going fine until I discovered the equipment was not ordered until 2 days before hand - apparently a fax order was sent the Friday before but wasn't followed up. As the equipment did not arrive until 6 hrs after I was due to leave for Bundaberg, my entire timetable was out by half a working day, for which I had to make up for. The PFY came up with some equipment that was left behind in my rush out the door, he turned out to be of good assistance, distributing the equipment to the rooms and tidying up the install after I was done. In the end I was only 1hr behind - dropping the rental car off at 6pm instead of the intended 5pm. Thursday was Australia Day, a public holiday for most, if not all...
There is still a few things that need to be done up there which I will finalise myself tomorrow, other things involve running data cable etc and that will take time that I don't have. I will leave that task up to the local contractors.
These installations are fkn hard work. Crawling under desks and drilling holes to fit cables, screwing adaptors to the underside of tables and shifting mini-bar fridges from out of their cavities to make use of their power point isn't particularly easy nor enjoyable. I'm no stranger to hard work I stacked and sorted scaffolding/formwork and made thousands of treated pine garden products in my early days and that kind of work was great - just get in and do it. This kind of work is difficult- organise everything, resolve all issues that arise and then continuously monitor the contractors and underlings while trying to get your own tasks done. Yet somehow the clients always like me, must be doing something right.
Subscribe to:
Posts (Atom)