|
I've been asked if I can set up a wifi hotspot for someone. Details are: Outdoors (It's a boat yard) They want to be able to charge people to use it They want it to be a 'budget' solution. I believe that laws state that you have to record the email address and details of customers using your public wifi because of terrorism laws? Any suggestions on hardware / software that I could use for this? I originally quoted for a Rukus solution but they didn't "want to fork out that much money" *sigh*
|
#
?
Sep 1, 2014 21:24
|
|
|
|
| # ? Apr 23, 2024 22:29 |
|
|
http://forums.somethingawful.com/showthread.php?threadid=3460935 For your budget though it's probably going to be UniFi and a lot of hair tearing.
|
|
#
?
Sep 1, 2014 21:39
|
|
|
Thanks Ants posted:For your budget though it's probably going to be UniFi and a lot of hair tearing. I'm assuming by that you mean it is a nightmare to configure / maintain?
|
|
#
?
Sep 1, 2014 23:51
|
|
|
In my experience when they work they work well. Any little issues will slowly piss you off more than they should as you hit dead end after dead end attempting to resolve them. If you're just trying to do a free hotspot for some people then it's not a bad option. I wouldn't want to provide any sort of guaranteed service using them, it would use up more time than just buying better APs would have cost.
|
|
#
?
Sep 1, 2014 23:56
|
|
|
fair enough! I'm waiting for some quotes. it may be that my customer won't even want to open their pockets wide enough for it. But hey ho...
|
|
#
?
Sep 2, 2014 01:19
|
|
|
PfSense can do the captive portal stuff. Combine that with a handful of apple airport extremes in bridge mode for access points and you'll be done lickity split.
|
|
#
?
Sep 2, 2014 16:56
|
|
|
Just turn the job down. If you do build a solution to meet their 'budget' you'll be miserable supporting it. You can do it right the first time and spend little time supporting it, or you can half rear end it and bleed them to death charging them by the hour to support it. Either way they're going to pay, so I would stress they should do it right the first time. edit: Especially if they plan on charging for it. People are pretty tolerant about 'Free WiFi', but if someone pays 14.99 a day or something, they want it to work and work well. skipdogg fucked around with this message at 17:19 on Sep 2, 2014 |
|
#
?
Sep 2, 2014 17:12
|
|
|
I would ping the ISPs -- comcast and all are dying to get into this stuff and are rolling out the interesting commercial options. You might be able to get it done as a "we install for free and take a big cut of the profits" thing.
|
|
#
?
Sep 2, 2014 22:39
|
|
|
If you really want to roll-your-own, Mikrotik has a "User Manager" package that could hook into PayPal and authorize.net to accept payments from users. Basically, you get one extra router and install the user-manager package, and it acts as a RADIUS server; you configure all your wireless APs to check with it for AAA purposes. I set this up for a "hotel" (and by "hotel" I mean "hourly rates") a few years ago, and it actually worked, but having not worked for a WISP for a couple years I can't vouch for how well it might work today. The downside is that you'll get the Mikrotik Experience (TM) including all manner of inscrutable bugs and the finest tech support in Latvia.
|
|
#
?
Sep 2, 2014 22:48
|
|
|
They're the only networking equipment vendor that describes their products as "character building".
|
|
#
?
Sep 2, 2014 22:49
|
|
|
wwb posted:I would ping the ISPs -- comcast and all are dying to get into this stuff and are rolling out the interesting commercial options. You might be able to get it done as a "we install for free and take a big cut of the profits" thing. He wants to charge for it though, comcast and the other MSO's are broadcasting Cablewifi and their own branded SSIDs. There are some outdoor venues which have a paid portal but these are large venues (ie: public parks, stadiums, and concert halls). We give business customers a free wifi router to broadcast our SSID but if they want a captive pay portal they need to set their own stuff up. Sepist fucked around with this message at 23:02 on Sep 2, 2014 |
|
#
?
Sep 2, 2014 22:53
|
|
|
Ursoph Haz posted:They want to be able to charge people to use it I just wonder, who pays for WiFi but does not have unlimited 3G/LTE? Are these special areas with no mobile service? Interesting to note that in Japan whilst the iPhone is booming all the airport free WiFi captive portals really don't work well with iOS: normally iOS detects a captive portal and pops up the registration page. Also with "HTTPS everywhere" the common landing page of Google sites breaks too.
|
|
#
?
Sep 3, 2014 03:44
|
|
|
Mikrotik. I've been playing with an RB750 the last week or so and have it running OK as a captive portal hooked up to one of the many third party RADIUS/payment gateways. Pretty straight forward.
|
|
#
?
Sep 3, 2014 10:24
|
|
|
MrMoo posted:I just wonder, who pays for WiFi but does not have unlimited 3G/LTE? Are these special areas with no mobile service? We make about 3k a day in the NY metro area with paid wifi sales actually.
|
|
#
?
Sep 3, 2014 13:59
|
|
|
NY metro area = terrible 3G/LTE service already, plus the users are probably expensing it anyway. Similarly I'm looking forward for iOS 8 so I can use WiFi calling in NY and CT precisely because of terrible signal issues.
|
|
#
?
Sep 3, 2014 14:26
|
|
|
WiFi calling is nice, there are some performance issues though when it comes to the congested 2.4ghz spectrum compared to the less crowded 5ghz. On 2.4ghz, any overlap or co-channeling that is using a decent chunk of duty cycle is going to cause one way audio or dropped calls, and 5ghz we have been seeing performance issues when you exceed -60dBm signal strength. It's better in single family homes but apartment complexes have a lot more competing noise in the air.
Sepist fucked around with this message at 15:11 on Sep 3, 2014 |
|
#
?
Sep 3, 2014 15:08
|
|
|
We recently purchased and deployed several Unifi APs, and here are some things that might not be totally obvious before purchase. You might already know this stuff, I'm just putting it out there in case you dont. - In order to do pretty much anything with these devices you need to use their controller software. You can also SSH into them and do some stuff, but the bulk of your configuration and mangement will be done with the controller software. - The controller software runs in a browser and requires both Flash and Java. You're probably thinking, "ok, not so bad so far, I can just install the sofware on my workstation and be done with it". See the next point to find out why you're wrong  - If you want to use any of the captive portal features, the software must be running in order for those features to work. So, you're going to need a dedicated machine for the controller software if you're using captive portal features. And that machine needs to be running Flash. And Java. And running 24/7. Yep, pretty boneheaded. Let's hope that machine isnt internet facing - No ability to whitelist MAC addresses. Blacklist yes, whitelist no. Dont know why they made that decision. We can debate the efficacy of MAC address blocking, but when employed as part of a defense in depth, it's a legitimate layer of defense. - Want to use the cool "Zero Hand Off" feature they advertise prominently? Looks like you have to enable SSID broadcasting in order for it to work. I have not yet confirmed this last bullet point, but I'm testing it today. Again, this is a legitimate layer of defense when used in conjunction with other layers.
|
|
#
?
Sep 4, 2014 20:43
|
|
|
No! NEVER, NEVER, NEVER, use a Hidden SSID for public use all it does is create frustration and confusion. The only legitimate use for a hidden SSID is in a corporate setting where you have a publicly available one for general use, and a hidden one that uses 802.1x certificates so that it will automatically be joined, it's hidden to reduce confusion. White-listing is only good if you want to increase administrative overhead, pro-tip you don't.
|
|
#
?
Sep 4, 2014 20:58
|
|
|
Mr. Clark2 posted:We recently purchased and deployed several Unifi APs, and here are some things that might not be totally obvious before purchase. You might already know this stuff, I'm just putting it out there in case you dont. And putting a cheap mikrotik in front of your APs or the public VLAN will sidestep all this.
|
|
#
?
Sep 5, 2014 01:06
|
|
|
I prefer to split a project like that into working pieces before trying to add a monetizing value to it. Especially if you are the one man army and don't already have a working model to deploy. I'm with everyone saying either they will pay or you will.
|
|
#
?
Sep 5, 2014 02:15
|
|
|
Mr. Clark2 posted:- The controller software runs in a browser and requires both Flash and Java. You're probably thinking, "ok, not so bad so far, I can just install the sofware on my workstation and be done with it". See the next point to find out why you're wrong The controller is a Java server app, the GUI to configure it is Flash in a browser. Normally you stick the controller on a Linux box or VM somewhere, also well documented is sticking it in Amazon. The biggest problem I have is that you can run UniFi devices without a controller for basic functionality but with a power outage they always factory reset. What's nuts is that I have the devices behind a surge protecting UPS and it still happens and I cannot reproduce by simply pulling out the power.
|
|
#
?
Sep 5, 2014 03:59
|
|
|
|
| # ? Apr 23, 2024 22:29 |
|
|
Mr. Clark2 posted:- The controller software runs in a browser and requires both Flash and Java. You're probably thinking, "ok, not so bad so far, I can just install the sofware on my workstation and be done with it". See the next point to find out why you're wrong Not entirely correct. The controller software is Java-based to make it easily cross-platform. It'll run on pretty much anything (there are numerous people running it on Raspberry Pi or similar devices). It's administered via a web browser, and the map overview display requires Flash. Everything that actually matters works fine without it, you just lose a fancy map. No Java at this end. quote:- If you want to use any of the captive portal features, the software must be running in order for those features to work. So, you're going to need a dedicated machine for the controller software if you're using captive portal features. And that machine needs to be running Flash. And Java. And running 24/7. Yep, pretty boneheaded. Let's hope that machine isnt internet facing This part is mostly correct, again other than thinking the machine running the controller needs Flash. Only Java, and any Java will do, you don't need Oracle's version if you're on an OpenJDK-supported platform. Java itself is not a security hole when it's not attached to a web browser. I strongly recommend NOT running the controller on Windows. It's "quirky" at best to get set up as a service. I have built mini Debian VMs in Hyper-V to run the controller for my customers who only run Windows servers to get it to work more reliably. quote:- No ability to whitelist MAC addresses. Blacklist yes, whitelist no. Dont know why they made that decision. We can debate the efficacy of MAC address blocking, but when employed as part of a defense in depth, it's a legitimate layer of defense. Neither of these add anything over any form of encryption, even WEP64. Anyone who can break WEP can sniff the traffic over the air, and guess what that shows? The MAC addresses of anything communicating on the network and the SSID! You're only making it harder for legitimate users while doing absolutely nothing to stop attackers. Personally if I was an attacker I'd specifically focus on networks that have the SSID "hidden" because that tells me two things. 1. Someone thinks this network deserves special "protection". 2. That someone has no idea about wireless security. Anyways OP is talking about a captive portaled guest network, so regardless of effectiveness none of this is relevant to the topic. OP, I'd do this using UniFi Outdoor units and pfSense as the internet gateway. You can run the controller on the pfSense box (do a full install, appliance builds are a pain in the rear end to install third party software on) and if you don't like UniFi's captive portal pfSense offers one of its own. That said I also agree with those saying that a cheap-rear end customer is likely to be a bitchy customer when it doesn't work. MrMoo posted:The biggest problem I have is that you can run UniFi devices without a controller for basic functionality but with a power outage they always factory reset. What's nuts is that I have the devices behind a surge protecting UPS and it still happens and I cannot reproduce by simply pulling out the power. Can't say I've seen this behavior myself. Two of my sites had the controller running very intermittently for months due to the aforementioned shittiness on Windows and went through numerous power outages without any problems. I've had three UAP-LRs just straight up die on me but never had any factory reset. wolrah fucked around with this message at 04:39 on Sep 5, 2014 |
|
#
?
Sep 5, 2014 04:37
|
|
