Standard Access Point Project

The SocalFreenet project has tried to develop a "standard AP" that we could order and make over and over again. In the pages below we detail our first attempt. This field is changing so fast, however, that we've deviated slightly from this over time. Currently (May 2004) we like the Metrix kits which are essentially the same as our original standard AP but with an updated Soekris board and a nicer outdoor box.

It may also make sense to have an indoor, cheaper option for coffee shops etc. Soekris becomes a little pricy in this scenario. Something with the feature set of a hacked WRT54G but a better radio would be perfect. We're still looking for the perfect candidate for this.

See also our 802.11a relay project which builds on the work done here.

Standard AP - updated

Update Standard Access Point / AP3 in outdoor case with PoERecently we returned to an installation of our first standard AP to update the equipment slightly so we could reuse the parts elsewhere. This saved some money, assuming labor is free :-), and also mitigates any (unreported) problems we may have had with the m0n0wall AP powersave mode bug. I hasten to add our m0n0wall client has had no problems running trouble free for 244 days before I rebooted to upgrade the firmware!

10. Close up of the main APSince we first defined and described our standard AP, we've moved from 802.11b-based m0n0wall backhauls running on Soekris 4501 boards to 802.11a backhauls running Pebble on Soekris 4526 boards purchased as kits from Metrix.

Senao AP3 replaces Soekris

The Engenius AP3 (recently replaced with the CB3+ Deluxe) is commonly hacked to turn it into a bridge or to add PoE support, but our needs were simpler. We had already built a PoE splitter/injector that used 12V just like the AP3, so all we needed was an external antenna connector.

Standard AP updated Hacking an AP3 to work with an external antenna

The images show the simple steps needed. First open the AP3 using the four screws on the bottom. Remove the top of the case - it should come apart easily. Then remove the existing pigtail connector and add your new one. Make sure the removed connector doesn't touch any of the circuitry. You can drill a hole for a new connector, or dangle it free as we did here. We left the lid off the case to help cooling, and since it was going inside a weather resistant enclosure anyway.

Updating the AP was simple. First we configured the AP via its web-based interface. Then we got on the roof, unscrewed the Soekris board, removed the existing pigtail and then added the AP3 and its new pigtail. Then we plugged it in and ... held our breath when the LAN light didn't go on. Ugh, at first we thought we needed to add a crossover to the Cat-5 cable, but then the LAN light came on and it all started up just fine.

After that it was mostly plain sailing. While there, we updated m0n0wall to the latest firmware version. There was some odd interaction between its auto-firmware update function and the MikroTik captive portal gateway, but after we disconnected the backhaul that went away and we could upgrade first to m0n0wall 1.0 and then 1.11 succesfully.

Now we're ready to install the Soekris board, with m0n0wall, as the captive portal gateway for the 2nd DSL feed in the Golden Hill neighborhood network.

Soekris based Access Point + Relay proposal

Here's some preliminary thoughts following up on this week's SDWUG meeting discussion. I propose that we spec and build a standard relay configuration consisting of:

  1. soekris 4501 board (the 64MB miniPCI Card non-POE version)
  2. EnGenius (Senao) miniPCI radio
  3. outdoor case with N-Female, hole for cat-5 cable
  4. m0n0wall software (most likely)
  5. standard yagi or omni antenna

My thinking about the various parts of this is:

  1. Runs a bunch of stuff, low power, flexible.
  2. 160mW, good receiver, cheap, external antenna connector.
    -ve: HostAP software on FreeBSD can't turn down the power which would be handy sometimes!
  3. Plastic box that's showerproof. Should run < $50. I hate the extra connector loss but figure its worth it for the convenience of a standard connector and less worries about straining pigtails, sealing holes etc.
  4. m0n0wall is rock solid, fast, but most important, ALL the config is stored in one single text (XML) file. Need to convince myself it will do straight bridging for the relay but am 99% sure it will. Configured as an AP, m0n0wall will give us DHCP, DNS caching etc., if we want, and hopefully captive portal in the next couple of months too.
  5. yagi is easier than a panel to mount. Less obtrusive than a parabolic.

I further propose that we price all installations at flat fee of $1000. In an easy install we should aim to have $100 left over to put towards site survey equipment etc. Rough cost list including shipping & taxes is: $200 (Soekris) + $80 (Senao) + $100 (case with connector and pigtail) + $50 (POE + cat 5 cable, crimp connectors) + $70 (antenna) = $500. We could probably do a little better in quantity (e.g. Soekris drops to $156 for 5+). A fixed price simplifies quoting for landlords / whoever, and also allows us to pre-purchase in quantity without getting into all the bits of paper that reimbursement requires.

(Hmm, $1000 doesn't include mounting hardware or a tripod if need be... might be barely enough...)

A cheaper option is to put two radios on one Soekris as BAWUG/SFLan do with their kit, http://www.archive.org/iathreads/uploaded-files/AstridB-PICT0017.JPG, but I worry about interference reducing throughput as described here
http://lists.nocat.net/pipermail/nocatnet/2003-July/002138.html ,
http://lists.nocat.net/pipermail/nocatnet/2003-July/002163.html and
http://lists.nocat.net/pipermail/nocatnet/2003-September/002347.html.

Anyhow, this is long enough for one post. I look forward to some feedback!

(Edited Feb 4 to reflect change from Soekris 4511 to 4501).

Soekris based Relay - Parts and Price List

Here's a proposed parts list for a Soekris Relay. Comments welcomed! Did I miss anything?

Open questions: 1) Do we need a lightening arrestor on the Yagi / Patch relay antenna?







































































































































Item#
Description
Vendor
Qty
Price
Ext Price

15450130


net4501-30 Board only
www.soekris.com

2

161

322

31311212
Power Supply 12V, 1.25A, Mini switch mode
www.soekris.com

2

10

20

64MB CF
Compact Flash for Soekris
www.newegg.com

2

23

46

Nema box
Outdoor case
ESD / hardware store

2

~50

100

NL-2511MP
160mW Ultra Long Range Wireless miniPCI Card
www.netgate.com

2

79

158

PIG-UFL-NF-19
U.FL to N FEMALE Pigtail
www.netgate.com

2

13

26

MFB24008DT12
Omni Antenna, 8 dBi, 12deg downtilt
www.ecommwireless.com

1

75

75

WISP24015PTNF
Yagi Antenna, 15 dBi
www.ecommwireless.com

1

60

60

WISP24013PTNF
Patch Antenna, 13 dBi (in place of Yagi)
www.ecommwireless.com

1

40

40

LMR195–05–NMNM
LMR195 cable, N male to N male, 5 ft
www.ecommwireless.com

2

22

44

AL-NMNFB
N-Male-N-Female 0-3 GHz Lightning Protector
www.hyperlinktech.com

2

25

50

wall
mount
mount
Yagi/Patch to wall
hardware store

1

~25

25

peak
mount
mount
omni to roof peak
hardware store

1

~25

25

ethernet
cable
and connectors
various

1

10

10











966

Notes:

  • This list is subject to review and revision but is considered accurate +/- $100. Some prices are approximate as indicated.
  • Both a yagi and patch are included in the above list. Only one is needed. Choice is left to the building owner based on aesthetic concerns.
  • Prices exclude shipping and taxes.

  • Doubtless some odds and ends will be needed (e.g. mounting screws for the boards).
  • I've spec'd 64MB CF. We're not sure which way we'll go for the final O/S and they're only slight more expensive than, say, an 8MB CF (which is all m0n0wall needs).

Please add any comments using the link below.

Updated Feb 4 to reflect switch to 4501 (from 4511) and miniPCI radio from PC Card radio).

Building an outdoor Access Point

Controlling cost is one of the challenges of creating a standard access point. We took photos of the steps we went through to fit the Soekris 4501 into a standard 8"x8" outdoor electrical box. Here are some of them:

01 Soekris 4501 card 05 Inside the case 16 Now let's drill those boxes! 19 Final hole for the ethernet cable 20 Completed radio with Yagi, omni and LMR 400 M-M cable See all 20 images

This is part of our Standard Access Point project.

Access Point: Configuring m0n0wall


The m0n0wall project is at http://m0n0.ch/wall (fyi for those who came from google).

In our standard Access Point, m0n0wall will run on each of two radios. The basic configuration we're trying to achieve is:

  • separate subnet
  • local dhcp

Through trial and error it seems the best way to assign these roles in m0n0wall is as follows.

Prepare the Soekris

Not absolutely necessary, but we prepared the soekris boards by connecting a serial adapter, booting it, interrupting the boot sequence within 5 secs with Ctrl-P and then entered the following commands:

set conspeed 9600
set pxeboot disabled
set bootdelay 2

The console speed is set to match the default m0n0wall console speed. Disabling PXE boot seems like a good idea. And the minimum 2 seconds boot delay shaves 3 seconds off the boot time.

Radio 1 - Relay

One radio provides the relay back to 'home base'. This radio also provides DHCP services and routing. We use the WAN port to communicate to the "Home AP" and LAN is hardwired to the local AP radio. Here are the configuration steps:

  1. Start with a default configuration of m0n0wall. This has an IP of 192.168.1.1 and has DHCP enabled. Hook up a standalone computer set to DHcP to the first LAN port (for Soekris anyway). Connect to m0n0wall via a browser as usual.
  2. Click on Interfaces (assign). For WAN, choose wi0, Save.
  3. Click on Interfaces -> WAN. Change Type to static. In Static IP Configuration set the IP to an unused IP in the Home AP's range (e.g. 10.0.0.251). Set the mask to match the destination network (e.g. 24), not 31. Likewise set the Gateway (e.g. 10.0.0.1).
  4. Under Wireless Configuration, set Mode to BSS, SSID to the Home AP's SSID (e.g. socalfreenet.org).
  5. Uncheck "Block private networks" at the bottom of that page. Click Save.
  6. In Interfaces -> LAN, change the IP to reflect the local subnet desired. E.g. 10.0.5.1. Common practice is to end it in 1. Make sure the mask is set appropriately (e.g. 24) as it may change automagically. Click Save.
  7. In Services -> DHCP, update the allocated range to match your LAN IP (e.g. 10.0.5.100 - 10.0.5.199). Click Save.
  8. Go to Diagnostics -> Reboot System. Answer Yes and wait. With luck your computer will get a new IP in the LAN range.
  9. Log back in via the new LAN IP address you set above (e.g. 10.0.5.1).
  10. Go to System->General Setup. Enter the DNS server addresses. Set the timezone. Click Save.
  11. In Firewall -> NAT, click on Outbound and then "Enable advanced outbound NAT".
    Click Save. (This will effectively disable NAT so the addresses are passed through). Click Apply Changes if prompted.

At this stage your LAN computer should be able to ping the gateway computer beyond the WAN port (e.g. 10.0.0.1). It may even be able ping external links (e.g. www.yahoo.com). A couple of issues may stop this from happening. My gateway to the internet box (at 10.0.0.1) is also running m0n0wall and I had to make two changes to its config before Radio 1 traffic could get to the internet:

  • I needed to add a static route so traffic could be sent back to the 10.0.5.0 subnet. Using the values above, I did this in: System->Static Route click '+' to add new route, then enter OPT1 (wireless) for Interface, 10.0.5.0/24 for destination network and 10.0.0.251 for gateway (i.e. the WAN address of the wireless radio).
  • I had to expand the subnet from 10.0.0.0/24 to 10.0.0.0/21 (i.e. 255.255.248.0). I'm not sure exactly why this was necessary. At first it was because of a default rule blocking non-LAN IPs internally (i.e. block !10.0.0/24), but that later went away (perhaps because of the static rule above. Perhaps it was because without a wider net, no NAT was performed for the 10.0.5.0 subnet. Anyhow, expanding the subnet mask made everything work.

Radio 2 - Access Point

The AP radio is configured as a bridge. I.e. virtually none of the m0n0wall features are used.

  • step by step configuration to follow.