Cease and Desist!

My ISP (Speakeasy) sent me a nice letter recently informing me the Eurpopean Union's copyright infringement division was displeased with me. The said that based on these allegations, I would be in violation of the Speakeasy Acceptable Use Policy. "How can that be?", thought I. I buy my music on iTunes, I do not partake in bittorrent, limewire or any other version of the now dead Napster (old school version not the new subscription based system) music/file-trading system Hell, I pay for stuff!. I have encoded all my purchased CD's and boxed them away but I keep them to myself. In fact I am a true supporter of "legitimate" digital music use via iTunes or any other service that, in some way, supports the artisits that create the music I love. This includes freely distributed music a la Radiohead.

So why was the European Union comin after me? Speakeasy's Tech Support and Security groups were very helpful in pointing out to me that they could track streams of file sharing originating at my IP address. So I thought deeply about this (for 2 seconds) and arrived at the most logical conclusion. My neighbors were connecting to me via Free The Net, the Meraki based San Francisco free wifi network and uploading/downloading music to their hearts content. I have 2 repeaters on my roof and 4 others in houses nearby providing firewalled access to the Internet. This made me sad. I was very pleased to provide an un-asked for service to my neighbors who may not have - or may not be able to afford - Internet access. I wrote to Meraki explaining my dilemma and asked of there was someway to restrict my neighbors from conducting file trading on my network.

People in my hood are sharing music over my wireless network and
abusing my speakeasy acceptable use policy. Speakeasy.net has warned
me that any continued abuse will result in disconnection of my
service. Therefore I must inform you that unless you can lock it
down so only port 80 is being used I will have to disconnect the
Meraki repeaters and access points from my network.

I am very sorry. This seems like a real shame. I was very eager to
participate in "Free the Net" but now I am a bit saddened that folks
are abusing it.

Please get back to me and let me know if there is anything you can do
on your end.

They replied back with...

Hey Bruce,

grr. that's really irritating. but actually what's surprising is that
we haven't had to address this issue so far. as far as blocking
everything but port 80: I don't think any of us would be happy with a web-only Internet connection, so that doesn't seem like a good answer. to me it seems the real solution here would be to figure out who the culprit is and block them.

I looked on your gateway and didn't see anyone transferring an
inordinate amount of traffic. do you happen to have any idea who it is? do you know if it is bittorrent they are using? maybe they are using a different gateway at least part of the time (probably mine, hehe).

next week I guess we can figure out how to set up the right counters on your gateway so that we can figure out who it is (any insight or additional info you can provide would obviously be super helpful). hopefully Speakeasy can wait that long. if you need to unplug, we understand, but leaving your repeater plugged into power would at least soften the blow.

ugh,

So far they have found no way to track or stop the activity and I love my Speakeasy service. So I have no choice. Until such a time as I can trust my neighbors not to conduct activity that the European Union deems as illegal or until Meraki finds a way to filter this traffic out, I must disconnect my network from "Free the Net". I still have repeaters on my roof but they are no longer connected to my network, file traders now siphon off some other guys pipe or tube or truck that backs up and unloads Internet.

Comments and suggestions, as always, are very welcome.

WiFi Enabled Bag!

OK, Admission. The previously lauded WiFi enabled Shirt SUCKED! It had this big plasticky velcro'y patch on the front. I just couldn't wear it. I thought it would be more integrated. So...

My wife the genius (BTW, she is a geek, too. She really wanted me to order her one. So I did). She takes one look at her shirt and says, " I am not going to wear this but I have an idea."

She tears the shirt apart and buys herself a new bag/backpack/purse. She cuts a hole in the front of the bag for the cable. Sews the felt backing used to secure the velcro to the front of the bag. Puts the battery pack and cable into an internal pocket and away we go. WiFi enabled bag!!!

This is way more cool than the lame shirt. Now she carries this to work proudly, letting all around her know if they can surf via WiFi or not.

WiFi enabled shirt?!!!

As if some geeky clothing designer and an Uber-RF-Nerd had a dorky lovechild, ThinkGeek has launched the first WiFi enabled SHIRT!!!

I am not kidding. this a a wearable WiFi detector that illustrates the strength of the WiFi signal with glowing bars and antenna and the words, "802.11" underneath.

I cannot wait to wear this to the next, "I can't get a date with nobody/Star Trek/D&D/comic book/video game/networking convention"

Look, Drool and count the days till it is released.

WLAN IDS and the bizarre world of security exploits

If you make security software (or any software, for that matter) sooner or later you will create what I technically refer to as a booboo. A security vulnerability in your software that raises the ire of your customers and make you feel foolish and sad. Not to worry, mateys, this happens to all software manufacturers. The important thing to remember here is how you handle it. Are you going to be a Pro or a shmuck? Recently, AirDefense (why no dot com?), a WLAN IDS manufacturer had just such and incident. Is this uncommon? Relatively so. Is it dire? Not really. Are you just sniping at your competitor? Kind of, but in the interest of disclosure, we had an incident a long time ago as well so, dear friends, I feel their pain.

Let's talk about what happened first. The vulnerability as explained here happens when you send a specially crafted HTTPS request, which will cause the HTTPS service on the system to crash. It appears from my quick glance as if you need to authenticate first and also be on the segment from which you can administer the system. So what is this? Granted it can bring down the sensor but actually it appears to be a "tempest in a teacup". You need to be the admin or snarf the admin login in order to cause a denial of service to one of probably many tens or hundereds of sensors. Unlikely at best.

So how was this handled? Professionally, in my humble opinion. AirDefense contacted the people who reported the exploit and directed them to a patch for it as reported here, "Solution: Update to the latest firmware version"

AirMagnet had a similar experience Last October. And we handled it the same way. Here is our official response to the problem from back then:

Re: Airmagnet management interfaces multiple vulnerabilities
AirMagnet vendor response below -

(1) The vulnerabilities are tested against an over-a-year old AirMagnet Enterprise product,
(2) Some of these vulnerabilities have been patched and fixed in AirMagnet Enterprise version 7.0.x,
(3) All vulnerabilities are now completely fixed by AirMagnet Enterprise version 7.5 build 6307 and later.
(4) AirMagnet customers can download patches from MyAirMagnet support web site (http://www.airmagnet.com/my_airmagnet/index.php)

So to summarize, there are a lot of security professionals out there who are trying to make a name for themselves and do it in an industry, like the WLAN industry, that is going places. They spend all their time looking for these exploits and I, for one, am glad they do. They keep us honest and ensure that we are doing our very best to protect our customers. Are their motives pure? Debatable but mostly. Do they sit down afterwards and talk amongst themselves about what l@m3rz those software guys are? You bet! Should I take it personally? Nah.

Meraki - Staunton, VA

Another great grass roots wifi project is being lead by a group of folks out in Staunton Virginia. With 19 nodes up as of today, the 3rd of May, it looks like it is doing well.

Again, I must say, citizens and grass roots efforts beat out commercial or governmental efforst all the time. Less bloat, less waste. These efforts are similar to the way we as world citizens take it upon ourselves to act responsibly on the road, or by taking the effort to recycle our bottles and cans. It is also parallel to the user created content wave sweeping the Internet. Not only do we want to get news and opinion our own way we want to get services our way too. And just like we don't mind spending some of our time to create that content we do not mind spending some our time and bandwidth to add wifi services.

Drop in on Staunton VA and take a look at http://www.stauntonwifi.org/ and let them know what a great job they are doing!

WiFi on the highway: Avis to offer 3G-to-802.11 bridge

Start-up Autonet Mobile and car rental giant Avis are partnering to offer renters a device that will provide laptop users with WiFi access on the road. You can take "on the road" literally in this case, as the device is designed to create a WiFi hot spot accessible from within

read more | digg story

So I am driving down the road. I have my Bluetooth headset "un-wired" to my Blackberry (I know, I should've gotten a Pearl but I am waiting on the iPhone). I am receiving email on that same Blackberry and answering it, of course. I have my iPod plugged into cigarette lighter and tape player with an adapter and I am selecting music to accompany my travels and sometimes watching the strange conclusion to Battlestar Galactica season 3.5 (Damn! next episode is in 2008). I have a GPS talking to me and showing me where to go for my next appointment at the latest geek-fest. And now I have a rolling 3G/WiFi hotspot allowing me complete access to the web so I can blog about the experience. Of course my Homies are riding shotgun so we start up a LAN party and start blowing each other away in CounterStrike. Wooooeeee! Maybe we should play Full Auto(tm) 2: Battlelines?

Man, I am in sensory overload and I haven't even looked up to see where I am going yet.

Meraki AirMagnet Stats

Some folks have requested more technical details on the Meraki nodes so I am uploading some AirMagnet Laptop Analyzer images for your perusal. Let me know what you think.

(Click an image to enlarge it)

Here, for example is the AirMagnet Start screen showing the 3 nodes I have up

And here we have the Infrastructure page showing how they are viewed.

But the details that most folks have been asking for is here on the Channel Page (notice the bytes and frames. Very good data speeds for the most part. Since the beacon interval is set to 500ms I have the channel scan time set to 750ms)...

...and here on the main portion of the Infrastructure page. I also had the Spectrum Analyzer integration enabled. For this image I selected the main "root" node to analyze.

Meraki - Dallas freenet

Entrepenuership in action. If you want to see how another mesh deployment is going, cruise on over to http://www.dfwfreenet.org/ and see how they are doing. they have a great wiki and a node map up and running. So far they only appear to have 5 nodes up and running but I could see this going big. Support them by laying out a measeley $49 bucks for your own node and go to town!

Meraki Node - Management Details

The Meraki mesh node I got has been up for a week now and here are my thoughts. Well, first of all, It is pretty neat. 'nuff said. I had some questions that I posed to Ben Chambers of Meraki and here are the answers.

The first thing I wanted to know was why it beacons every 500ms instead of 100ms. Twice per second did not seem very much and considerably off the norm. Ben stated that, "As far as the beacon interval goes, the reason is basically that if you have a fairly high number of repeaters (say, 20) within range of each other, 10 beacons per second per node gets pretty excessive." This makes total sense to me.

The next question was whether there was a way to configure the node or at least monitor it. I was told that because it was a free node belonging to the Meraki "Free the Net" project I would not be able to configure it but I would be able to monitor it in a variety of ways:

1. I can see if it is up by associating with it and browsing to http://my.meraki.net/ where I would see a splash page. Click on each image to see a larger version of the image.

2. I can Select the "Advanced" link in the upper left and get a page that lets me run a throughput test to the internet.

3. I can select another link on the advanced page that allows me to set a static IP and some other functions.

4. I can also get to a page that is just for my repeater at http://sf.meraki.net/myrepeater/00:18:0a:01:10:b3 which looks like this:

5. I can also get more data from a more public view of the Meraki network from this URL http://sf.meraki.net/overview which shows me connected to another mesh node way over in Potrero Hill, at least a mile away.


6. I was also pointed to a site where there is XML data for Google earth. http://sf.meraki.net/earth . You must save the source as a KMZ file on you hard drive and open in Google Earth.

After which, it now looks like this in Google Earth. Notice the mesh links (I made them yellow, the better to see them with.)

Which now allows me to go down to sea level and see the line of site to the other link

Pretty impressive. My next step would be to get some Meraki Minis and connect them to the mesh and see how they work out. More fun for next time :-) Talk to you then.

My Own Mesh Node - Meraki comes through!

Here is the view from my roof of downtown San Francisco. Looks like a good place for a Mesh Node!


Last Thursday, Ben Chambers and Jessica showed up on my doorstep from Meraki Networks with APs in hand. I was psyched! We were about to hook up an outdoor node to the Meraki San Francisco trial.

They brought over a Meraki outdoor AP, a toolbox and a lot of cable and got right to work. We went up on the roof to check it out and find a spot to put it. Then we went indoors and talked about how/where to bring the cable in. The unit is powered by a proprietary POE (Power over Ethernet) injector which I plugged and hooked up to my switch.


Ben went back up onto the roof and connect the AP to a plumbing vent pipe. It came with what appears to be a 12dbi antenna (I will check and get back with the details).


It got link and pulled a DHCP address from my home router and started broadcasting the SSID FreeTheNet and we were done.














We chatted awhile and then they left. The were super nice and obviously loved their jobs. Later the unit started upgrading itself and is now running a newer OS than what it originally had. I checked that evening and found I was up on the website at http://sf.meraki.net/ but unfortunately none of my neighbors had a Meraki node close enough to attach to mine. I am going to drop in on Ritual Coffee later this week and get them to join the network as well as some of my neighbors.

Meraki Wireless Repeater Makes Extending WiFi Easy!

Meraki is now offering a great way to extend you WiFi network. Inexpensive repeaters. The Meraki Mini is a $49 (there is also an outdoor model for $99) AP you just put in your window and connect it to a MuniWiFi network or your own internet connection and then, according to their site, you just add more repeaters to make a mesh, "The more Minis that are out there, the bigger the network. And you can plug right into the repeater instead of going wireless."

I like this idea a lot. So much, in fact, that I use something somewhat similar myself. But is has a few drawbacks that are not mentioned on the website.

In my house we have one AP/Basestation/Router at the DSL D-marque and 3 WiFi repeaters throughout the house. I use the Apple Airport system so I have one Airport Extreme connected to my DSL router and 3 Airport Expresses connected using WDS (wireless distribution system) which mean none of my Airport Express units need a cable drop. It works really well, I can connect to any of the APs and surf the internet and I can stream music from my desktop or any connected laptop to any of them using Apple's AirTunes, even my Dell. The drawback is that every hop from the repeater reduces the bandwidth considerably as each device, with only one radio, has to spend half it's time talking to your laptop and half forwarding the signal. Wikipedia states, "...throughput in this method is inversely proportional to the number of "hops", as all traffic uses the same channel. For example, client traffic going through one relay station before it reaches the main access point will see at most half the maximum throughput that a directly connected client would experience." For me, this is fine as I only have 3Mb/s internet access but for larger mesh networks it begins to be a problem. Meraki suggests, "To boost the signal, connect every tenth one to the Internet." It is unclear from Meraki's documentation if the use separate channels or radios for the back haul.

The system also has a really great web-based management application called Dashboard which they give away for free. Dashboard allows the Network admin to monitor the network, change it's configuration and it has a built in billing feature if you wish to setup a hotspot or be your own neighborhood service provider.

The last really great thing about the Meraki solution is the ability to repeat the relatively weak MuniWiFi signal and project it into your home. This will allow users of these networks, especially one's in older homes with Lathe and Plaster or Stucco and chicken-wire construction to get a lot more signal strength and thus increased speeds. In fact, Meraki is already working in San Francisco to implement a Mesh network in and around my neighborhood. I have signed up for it and we will see where it goes. I will blog about it as it happens. Check it out at http://sf.meraki.net/

Anaheim Muni-Fi and Earthlink ready for Wi-Fi Phone Beta Testing - We need details!

The New Earthlink VOIP service is now ready for beta testing. Users in Anaheim may sign up now and get a free handset with the service during the tsting period according to Glenn Fleischmann over at WiFiNetNews

Good news for those of us watching the VoWLAN emergence but I have some questions:

It appears as if the service is tied to their phone. There is this quote in the release, "'What separates our Wi-Fi phone from others is its ability to work over EarthLink's municipal Wi-Fi networks,' said Steve Howe, EarthLink's senior vice president of voice."

• Does this mean that other SIP phones or dual band phones will not work?
  
• Is this an attempt to control the hardware and service.
  
• Has anyone tried using a different phone over the Anaheim network?

If this is true and we are locked into an Earthlink/Accton solution, it could spell doom for rapid adoption and raise the hackles of the "Free the Airwaves" folks.

Later on it also mentions that the Accton system is and ATA (Analog Telephone Adapter) based system. This would be similar to Vonage's home adapter. Again, more questions, can you use the handset while roaming about the network or just when in range of your own ATA base station?

Lastly (and in my opinion, most importantly), is it encrypted or are folks going to be able to sniff my call and play it back with VoiPong or something similar? Why do people always think of security last?

There are many questions we still have no answers to. If you know any, drop me a line.

RFID Tags for Apple devices. Wi-Fi Enabled Apple Remote, iPod and Other Peripherals

While setting-up wireless Wi-Fi network in your home now is much easier then it was few years ago, configuring all devices and establishing sufficient security protocols can still be pain in the … for average user. Now Apple has a solution how to make everything easy, automatic and secure - RFID tags.

The idea, described in Apple’s patent “RFID network arrangement” is simple. Put RFID transceiver into a network wireless base station such as Airport Express or Airport Extreme and put RFID tags on other devices that you want to connect to Wi-Fi network.

All network configuration information, including communication parameters, SSID info, radio channels, encryption keys, etc; can be stored in the base station. When RFID enabled network device is brought in to close proximity of the base station, RFID transceiver collects this information and writes it to read/write RFID tag on the network device. When this device is turned on, it reads configuration data and security keys from RFID tag and establishes secure network connection.

That’s it. From a user stand point - you just bring you Macbook within a feet of your Airport Express and the network is set up. You don’t even have to have a Macbook on at the time. RFID info to the tag can be read/written without additional power source. Then you turn your laptop on and it’s already on the network.

RFID tags also solve the problem of how to connect various “dumb” devices that don’t have appropriate user interface (like screen or keypad) for easy configuration:

• This may be the final piece in the puzzle to make Wi-Fi iPod a reality. Put WI-Fi chip inside, add RFID tag and that’s it. You take your iPod to your base station and then turn it on. Your iPod is another device on the network. Of course, passing Wi-Fi synchronization data to the iPod was already technically possible. But RFID tags make the process so much easier.
• One of applications mentioned in the patent is Apple Wi-Fi Remote for:
  

  “… controlling the operation of the iTunes music software provided by Apple computer… Such a remote control might have buttons for a variety of playback-oriented functions, such as play, pause, skip forward, skip back, volume control, etc, but such a device might not include an alphanumeric keypad or display device suitable to allow configuration of the device to operate over a wireless network. Using the teachings herein, such a remote control could be configured merely be bringing it into proximity with the computer or network base station…”

• Extending your WI-Fi network. You can have RFID transceiver on Airport Extreme and RFID tags on Airport Express. Then you just sync them and plug Airport Express where you need extended Wi-Fi coverage.
• Wi-Fi enabled network printer and any other peripheral. Again, put Wi-Fi chip in it, slap RFID tag on, sync. Your printer is another device on the wireless network

Looks like Apple did it again. The basic idea is so simple and obvious in hindsight, yet it opens so many new possibilities that there will be lot of people wondering “Why didn’t I think of that earlier”.

Building a Voice Capable WiFi Network

Building a wireless network that supports data traffic is hard enough but trying to support VOIP over your WLAN (also known as VoFi) can be a nightmare. To make matters worse, when you ask your vendor how to make Voice work on your WLAN they explain you will need 2X-3X as many APs as you needed for data. "Sure I do", you respond. Confident that the sales person from your vendor just wants to sell you more APs. Or, better yet, you turn to your trusted VAR and he suggests another site survey. "Right, another one", you say, with that knowing look in your eye and a sinking feeling that you are being strung along. You feel like the guy who brings his car in for a tune-up and gets told he needs a complete overhaul.

Well, I have nothing to sell you and no agenda that I will benefit from by saying this but your infrastructure vendor and your VAR are absolutely correct. You probably will need more APs and you sure as heck will need another survey. Lets find out why, shall we?

Unlike Email and web access, slight lags or delays in traffic or small losses in connectivity will completely destroy calls. A person who has access to the Internet durring a meeting in a conference room is far less likely to lose his cool for small delays than when he is on the phone with an important client.

You see, wireless handsets are much lower powered compared to the access points they talk through. A typical AP is usually set to communicate at 100milliwatts (mw) whereas the typical handset is roughly 5mw. This makes it very easy for the handset to hear the AP but very hard for the AP to hear the handset when it is far away. Also they are far less resilient to fragmented packets, retries, packet loss etc.

So what can I do? Well the simplest thing to do would be to ensure that the handset is always at the same power as the AP. That means either increasing the power on the handset or, more likely, lowering the power on the AP. This will mean, of course, that you will need more APs to cover the same area.

For example here are 4 APs at 100milliwatts:

Here are the same APs but now set to 5mw instead, notice the gaps in coverage:


In order to compensate, we must add many more APs to fill in the holes, all configured to run at 5 mw:


As you can see, much better. Now, though, our main issue is channels. APs that overlap thier signal on the same channel take away from the usable bandwidth. We want to ensure we do not trample the signal from another AP so we must adjust the channel plan.
Also, remember we only have 3 channels to work from.

Cisco, at this point recommends the following:


That explains why I limited the seen signal to -67dbM making all the other signal fall off and appear grey.

In a week or two, we will discuss debugging Voice issues and setting MOS scores.

How to Increase Your Wi-Fi Signal

OK, this guy is dorky and the tin-foil hat/antenna he made is so ghetto BUT his thing on carrier waves and the CAT 5 wrapped cell phone - pure genius.

Repost: Why Would Anyone Think Wireless Is Easy?

I really love this post over at Tech Dirt. It illustrates the fallacies that most people have about implementing Wireless VOIP. The VOIP guys think all they have to do is plop down an AP and shebang! VoWiFI. http://news.techdirt.com/news/wireless/article/6905

I especially love this sentence, "When we begun developing the mobile phone version we didn't realize the number of technical obstacles. It is challenging and is taking much longer than expected"

What are some undiscussed issues surrounding San Francisco's Metro WiFi plans?

I am a San Francisco resident and I have been pondering this Google/Earthlink deal for quite awhile. I authored a couple of postings at Glenn Fleischman's WiFiNetNews site and Om Malick's GigaOm and I am just reposting because I feel that I did not get a sufficient answer to them , although there were some interesting comments later. Here are some open questions to the world at large:

How does the SF WLAN look to affect existing WLANs? What about the businesses that are in and around SF that already have WiFi? Is this new network going to stomp all over the existing networks? Causing co-channel and adjacent channel interference? Are employees of these networks going to connect to the free network while still connected to the wired Ethernet cable of their company's network. Possibly opening up a security hole? What if your company has a "No Wireless" policy, will you be able to just sit by a windows and connect to the MetroWLAN to check your stocks, Gmail account etc? What kinds of security/ authentication system (if any) are going to be used in the big Muni wireless deployments like Philadelphia and San Francisco to ensure the privacy of your internet communication.

Many companies have invested a great deal of time and money into putting up wireless networks in their offices. Some financial companies spent up to a million dollars on their WLAN. This new network may cause a whole host of problems for them. Did anyone consult with any of the existing businesses in downtown SF and/or Mountain View as well? [Editorial Note: I later learned there was an open forum and the results were hilarious. I have also learned that the City's Board of Supervisors is less than optimistic about the whole plan, regardless of the PR steamroller that The SF Chronicle has implemented] Should citizens and businesses have a say in how their "airspace" is used?

It sounds honorable and good to provide free WiFi to the community. I live here in SF and nobody asked me nor did they put up a votable resolution, They are just doing it. This was proposed years ago for a fraction of the cost it would take to implement now by the BARWN folks but was dropped. Why?

I still have to pay for Water, Trash, Phone, Streets, Schools etc. Why should I get free WiFi? I would rather get free trash pickup, or lower local taxes. (We liberals love taxes ;-)

If Gavin Newsom, Mayor of our fine city, has so much buy-in, or Mountain View as well, then why are so many of the companies in these areas scared to death that their investment of hundreds of thousands of dollars might just have been for naught. I have personally spoken to several IT people in Mountain View that really do not want Google's WiFi to tempt their users to connect to it instead of the encrypted and authenticated network that is provided for them.

I also have heard that people who are near one of the Metro WLAN APs cannot use their internal WLAN because the free city WLAN is MUCH LOUDER than their own (Caps are intended). So now what do they do? The Tropos APs that are being implemented in Mountain View and are being considered for San Francisco, are 1 watt (4 Watt effective output) transmitters. thats 40x more powerful that a default configured Cisco unit (which comes at 100mw). Additionally, there are only 3 non overlapping channels, so chances are 100% that this network will stomp all over the internal WLANs of Wells Fargo, PG&E, Charles Schwab and whoever else has offices downtown.

Similarly, in SF we already have around 100 APs per block, residentialy. We have been unwired for years. Heck, every coffee shop in town, of which there are legion, has free WiFi. So why do we need all this other WiFi drowning everything else out?

I actually asked a gentleman that works for a Mesh AP firm about this, He said not to worry about it, that the skin of the building would block a majority of the signal. Then after I distracted him with a tangential question I brought him back around with this question, "how do get access to the signal from my house, this is supposed to provide the community with Internet Access. will I be able to hear it from the core of my building?" and he replied, "...of course you will we will be transmitting at 4W (effective). It will be like I was right there in your living room."

T-Mobile WPA (Without nasty client sw)

I finally found a tip on the Internet about using t-mobile with WPA without the nasty t-mobile connection software. Those groovy geniuses at TheShmooGroup have a member who did it. The post follows from their forums.

Jouni Malinen jkmaline at cc.hut.fi

Sat Sep 3 13:33:19 MDT 2005

Some time ago, there were couple of questions on how to use wpa_supplicant with the WPA-enabled version of T-Mobile wireless network.

Finally, I had a suitable chance to test this a bit while waiting for my flight at SFO and the connection is indeed working fine. As a proof, this email is actually send over the WPA encrypted T-Mobile network ;-).

The SSID for the network is tmobile1x and it is configured for WPA-Enterprise with TKIP. Authentication is done using EAP-TTLS/PAP using the normal T-Mobile username/password. It was enough to just complete WPA authentication, i.e., no need to go to any web portal page. It took me some time (maybe five or so scan attempts) to find tmobile1x SSID even though I saw six or so APs with tmobile SSID at the same time. Anyway, once the correct SSID was found, association and authentication went through fine.

This network block worked fine (at least at SFO) with madwifi:

network={
ssid="tmobile1x"
key_mgmt=WPA-EAP
scan_ssid=1
identity="username"
password="password"
eap=TTLS
phase2="auth=PAP"
}

--
Jouni Malinen PGP id EFC895FA

I got this working with the Intel ProSet Wireless supplicant. Here are screen grabs of the setup, Insert your own T-Mobile username as required. Also, feel free to click the image for a larger version.