Coffee Shop Wireless

[Lugztaz]

I'm doing a little investigation work for one of the coffee shops I regular.

At times it gets very busy and the wireless just can't keep up. From what I have been able to discover they seem to be on a Windstream 10MB/1MB internet hookup & a Linksys WRT160Nv2.

Network setup looks like Modem(Bridge Mode, doing DNS) > Router (doing DHCP).

()()() > Modem (192.168.1.254) > Router (192.168.1.1) > Clients (192.168.1.*)

Every once in awhile users are unable to retrieve an IP address. My first suspicion was that the DHCP allow range was set to low but I still don't have an answer for that. There is sometimes 25-30 laptops are online.

Anyway the network seems to be coming to a drag at times. Obviously the internet is going to be slow depending on the type of request are being sent to the internet. I guess what I'm asking is if this particular router is able to handle DDWRT well if I wanted to do QoS to block torrents.

Also what would be the best way to determine if it's the router under pressure or the internet? I know sometimes these routers have a fit after so many connections.

 

[knothead34]

doesnt tracert show how many hops and such? i believe it shows how much info the router is being bombarded with. i assume this is a free wifi hotspot at this coffee shop. if so i wouldnt doubt someone piggy backing off the wireless signal. if your seing an amber light on the router means there are collisions.

 

[InvisiBill]

My first guess is that it's too much work for the router. If it's bogging down, it's possible the DHCP server might not be able to respond to client requests. It would also obviously be a cause for general slowness.

I really like my DD-WRT, and think it could very well solve your problems. However, I don't think there's enough info to say for sure. If you have a spare router or can get one cheap, putting DD-WRT on that and swapping it in (with all the same wireless settings for the customers' benefit) might be the easiest way to test it.

 

[Lugztaz]

doesnt tracert show how many hops and such? i believe it shows how much info the router is being bombarded with. i assume this is a free wifi hotspot at this coffee shop. if so i wouldnt doubt someone piggy backing off the wireless signal. if your seing an amber light on the router means there are collisions.

Tracert shows the hops but I don't believe it would really show much more info.

It is a "free" hotspot but it is WPA(2 maybe) and they will give you the key when you ask so chances are slim that there's an issue there.

My first guess is that it's too much work for the router. If it's bogging down, it's possible the DHCP server might not be able to respond to client requests. It would also obviously be a cause for general slowness.

I really like my DD-WRT, and think it could very well solve your problems. However, I don't think there's enough info to say for sure. If you have a spare router or can get one cheap, putting DD-WRT on that and swapping it in (with all the same wireless settings for the customers' benefit) might be the easiest way to test it.

I was looking at the reviews for that particular router and they really weren't that great. Is there a particular router out there that would perform better (more RAM, CPU) with DD-WRT?

 

[Database]

The DHCP problem could be caused by a lease time that is too long... with so many clients in and out of the coffee shop it could run out of addresses to lease...

For example if the lease time is 8 days he'll run out of ips after 250ish ips have been leased in that time...

He should knock the standard lease time down to 8 hours or so.

 

[Lugztaz]

The DHCP problem could be caused by a lease time that is too long... with so many clients in and out of the coffee shop it could run out of addresses to lease...

For example if the lease time is 8 days he'll run out of ips after 250ish ips have been leased in that time...

He should knock the standard lease time down to 8 hours or so.

Oh, wow that idea totally blasted past me. I will defiantly try this.

Alright, more ideas on the slow internet, could the router cause it with so many active connections?

 

[InvisiBill]

The WRT54G-TM is the good ol' WRT54G with T-Mobile branding. It has 32MB of RAM and 8MB of flash, which allows for running DD-WRT Mega (every possible option thrown in). T-Mobile had a "clearance" fiasco a while back and some places were selling them for $20, so there were a huge number on eBay. Some had coolers added to the CPU and came with DD-WRT installed and overclocked (for a hefty markup). Really, anything that can handle the Mega build should probably be good.

I've had no problems with my Asus WL-520GU or my Buffalo WHR-G54S (now at the girlfriend's place), and even DD-WRT Micro on a VxWorks WRT54G has been fine for my parents and little brothers (PCs, Wii, DS, 360, my laptop and iPhone when I visit, etc.).

 

[InvisiBill]

Alright, more ideas on the slow internet, could the router cause it with so many active connections?

Too many connections could most definitely cause problems. A while back, the stock Linksys firmware would completely crash if you made too many connections (common with BitTorrent users). Even if it's not a specific bug like that, mediocre firmware could definitely lead to sub-obtimal results.

 

[Lugztaz]

I will most defiantly take a look into that. I have an extra 54G around that I will play with and see if I can get that in one night.

 

[YeOldeStonecat]

An entry level budget home grade router....trying to support 20-30 clients? Eeek..talk about going elephant hunting with a BB gun.

I would step up to some wireless hardware that's at least business grade...has a bit more horsepower.

Flashing the existing unit with DD might help "a little bit"...but facts are, the CPU is still the same, RAM is RAM, to put it bluntly...you can only polish a turd so much...and while DD or Tomato are decent alternatives for home users to squeek a "little bit" more performance out of their hardware, it ain't going to make that little overworked wireless router turn into superman.

 

[Lugztaz]

An entry level budget home grade router....trying to support 20-30 clients? Eeek..talk about going elephant hunting with a BB gun.

I would step up to some wireless hardware that's at least business grade...has a bit more horsepower.

Flashing the existing unit with DD might help "a little bit"...but facts are, the CPU is still the same, RAM is RAM, to put it bluntly...you can only polish a turd so much...and while DD or Tomato are decent alternatives for home users to squeek a "little bit" more performance out of their hardware, it ain't going to make that little overworked wireless router turn into superman.

What are some good starting points for better wireless gear? They obviously don't want to spend a ton but something is needed to fix this.

 

[YeOldeStonecat]

What are some good starting points for better wireless gear? They obviously don't want to spend a ton but something is needed to fix this.

Another guy on this forum got me to bookmark this site..
http://www.wirelessnetworkproducts.com/

I've been interested in the EnGenius and the PepWave products. They seem to step quite up to biz class, but without an enterprise price tag.

 

[ElvisG]

Your uplink on the business ISP and your router is most likely the cause. Like Mr. Kitty Kat said, trying to support 30 wireless users with that setup is most likely the cause.

Your uplink is rated at 1 Mbps. So divide 1,000 \ 8 and you get 125. Now take the 125 and divide it by 30 (max users) and you get 4.2. So each user is going to experience a 4.2 Kbps on their uplink. Of course, this is a worst case scenario but it's best to understand what you are dealing with.

Like others have said, I would do the following to fix the issue...

Fix lease times so fresh IP's can be released when requested.
Since the business is mostly likely not going to purchase a faster uplink then you have to implement some kind of QOS so each user has a better Internet experience.
Get a better router that supports DD-WRT so you can implement a QOS per IP range.
Buy a business class router.

*More Info

If the company is also sharing this bandwidth then you better provide a VLAN for the inside and one for the wireless ASAP. I came in to a trailer park and fixed their network. They had the whole network on one subnet with no VLAN's. The owner lived in a house on the park. He had someone come in and put a Linksys router with an external antenna.

 

[turb0]

side note to everyone's suggestions. It's not just laptops these days anymore. Anyone living close by could be using this as their main connection, and the new smart phones like the iPhone and such can pickup wireless g signals and add to the barrage of network traffic.

I would do like everyone suggests with the LEase Time and knock it low... to like 2 hours. Seriously... if you are in a coffee shop longer than 2 hours... you need to get an office or pay rent!

I'd also look at the connecting computers every other hour or so... see if a computer name is popping up all day long (leecher from nearby apartment or business). Block those MAC addresses and call it a day.

only other thing I could think of is have a handy flier in the coffee shop with a simple 64 bit WEP address and change the WEP weekly or something to keep the low tech minded leechers at bay.

(i know WEP is not the answer, but it's a simple solution)

 

[Dzero]

+ 2 on YeOldeStonecat.

 

[marley1]

Another guy on this forum got me to bookmark this site..
http://www.wirelessnetworkproducts.com/

I've been interested in the EnGenius and the PepWave products. They seem to step quite up to biz class, but without an enterprise price tag.

that other guy was me =)

local for me great guys.

look at pepwave gear as you want something for a business.

also is this on the same network as your work equipment?

whats the budget like?

 

[Lugztaz]

After I got looking into this, I was finishing school so I didn't have time to go but I am back.

After coming the last few days it looks like this is still an issue. The biggest problem I've had today was random(and many) disconnects. It seems as if there is a local computer company here that is providing the tech support, but obviously not concerned with this part.

Lease times are 24 hours, internet is provided by Windstream DSL.



Would the double NAT cause any of these problems?

 

[keenan]

You can check if the lease time is an issue, just go like at the active DHCP lease list and see if it appears to be full of stale leases. I imagine that could be an issue in a coffee shop, but there's not really any reason not to set it really low, like 30 minutes or something. It'll generate a bit more network traffic, but clear out users who've moved on a lot sooner.

I'd recommend replacing the AP with something a little more serious, but you might not have to if you can get it out of doing anything but wireless duty. My suggestion would be to install a pfSense box to do routing, DNS, DHCP, QoS & other 'router' duties, and captive portal might make sense for you as well, and just leave the WRT54G to do wireless bridge duties. The WRT54G should suffice for this usage, especially the relatively beefy variant you've got. If you still have issues, go get yourself an HP or Cisco access point and keep the pfSense box doing routing.

It sounds to me like you're running into a combination of state table limits, DHCP lease limits and possibly some other resource issues on the router.

 

[djBon2112]

An entry level budget home grade router....trying to support 20-30 clients? Eeek..talk about going elephant hunting with a BB gun.

I would step up to some wireless hardware that's at least business grade...has a bit more horsepower.

Flashing the existing unit with DD might help "a little bit"...but facts are, the CPU is still the same, RAM is RAM, to put it bluntly...you can only polish a turd so much...and while DD or Tomato are decent alternatives for home users to squeek a "little bit" more performance out of their hardware, it ain't going to make that little overworked wireless router turn into superman.

This precisely.

It's not the Internet connection; you're just WAY over the capacity of that little unit! For every packet that leaves or enters the WAN side of the router it has to do NAT, and with 25-30 users that's a LOT of work for such a low power CPU to handle. My suggestion is to get a (relatively) modern desktop machine and put pfSense/IPcop/Untangle on it as the router (make sure it has 2 NICs), then use the current router simply as a wireless access point.

I had this exact issue happen on my own network (though it was mostly wired traffic killing it), and I solved it as I just suggested. Haven't had a problem since, either with connectivity or the wireless signal.

 

[elektronisch]

My first guess is that it's too much work for the router. If it's bogging down, it's possible the DHCP server might not be able to respond to client requests. It would also obviously be a cause for general slowness.

Bing, we have a winner. I'd look for a more commercial router. DD-WRT is great and all, but at the end of the day you are still using the same hardware. If it is a firmware issue, well then problem solved.

However, I think it's the hardware not the firmware.

 

[Lugztaz]

I've got an extra Linksys WRT54G here and I'm going to setup pfSense/IPcop/Untangle and play around with that. Have to make sure it's all setup "perfect" so there is little to no downtime during business hours.

 

[SpaceHonkey]

I've got an interesting test for you. In times where it's slow, trying pinging the local gateway. I'll bet it's slower than you'd expect.

Don't forget that WiFi puts all clients in a single contention domain. For one host to transmit, it literally sends out an all stop message to announce it's about to transmit. With 30 clients and a large number of time sensitive packets, well you get the gist.

My .02...

 

[Lugztaz]

Alright

I'm doing some testing at home (getting things ready) and so far I have DSL Modem > Untangle Box > Linksys Router

Modem is doing its thing, Untangle is doing PPPoE, NAT, DNS, DHCP and the Router/AP is doing only wireless access.

I have set the lease times to 7400 seconds, are there any other recommendations on settings or ideas?

Also, would a second AP help at all? Have one on the west half of the building and one on the west to help keep the load off one AP? Or would that not help since we already took DNS, DHCP, NAT off of it?

 

[Lugztaz]

Ping statistics for 192.168.254.254:

Packets: Sent = 120, Received = 114, Lost = 6 (5% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 271ms, Average = 14ms

Control-C

Ping statistics for 192.168.254.254:

Packets: Sent = 736, Received = 694, Lost = 42 (5% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1121ms, Average = 19ms

To add to all of this fun, while I was doing more research I noticed that my DHCP server was 192.168.1.1 and the DNS server was 192.168.254.254. Ok.. So after I had been here for awhile and the internet was slow as hell, one of the employees went and restarted the router. I get disconnected and jump back on. DNS & DHCP are now both 192.168.1.1

 

[keenan]

Is this with the existing setup or the new Untangle etc?

Adding a second AP may help, put it on a different channel with the same SSID (1,6,11) and make sure it's physically connected to the same network segment.

 

[Lugztaz]

The Untangle is a setup I am testing at home so it's new.

I just (2 minutes ago) talk to the owner and she said she is most defiantly interested in my proposal.

I have a Desktop Gateway at home that I set this all up on that I could sell her but 1) it runs hot 2) uses quite a bit of power.

"ALL" of the equipment is setup in a small office and I though that adding another PC(Untangle) to the mix would create lots of heat.

Are there any proven solutions for Untangle or any Cisco Small Business routers that could help handle things? From what she remembers and from what I could tell from the initial view of hardware the registers and credit readers are on a private network.

 

[keenan]

I'm not sure about Untangle, but pfSense runs great on ALIX SBCs (available in the US from NetGate, they also have a complete kit with case/PSU/CF). These consume a few watts, are small, and pretty powerful for what they are. No trouble with 'normal' internet use up to 50+mbit, though I wouldn't try and run all the stuff Untangle can do (a lot of which pfSense can do as well) like Snort or Squid. However as a gateway for this type of use they work great. They work pretty well as a low-bandwidth VPN gateway as well, but obviously can't push a ton of traffic with their weak CPU. Cisco RV042 should be up to the task as well, but personally I'd rather have pfSense.

Probably Untangle will run on this hardware as well, but getting it installed and configured on the embedded platform might be a bit of a pain. A technique I've used with pfSense is an IDE->CF adapter in a regular PC (or a card reader), install the OS and configure the LAN IP address and then swap the CF into the embedded machine.

 

[Lugztaz]

I'm not sure about Untangle, but pfSense runs great on ALIX SBCs (available in the US from NetGate, they also have a complete kit with case/PSU/CF). These consume a few watts, are small, and pretty powerful for what they are. No trouble with 'normal' internet use up to 50+mbit, though I wouldn't try and run all the stuff Untangle can do (a lot of which pfSense can do as well) like Snort or Squid. However as a gateway for this type of use they work great. They work pretty well as a low-bandwidth VPN gateway as well, but obviously can't push a ton of traffic with their weak CPU. Cisco RV042 should be up to the task as well, but personally I'd rather have pfSense.

Probably Untangle will run on this hardware as well, but getting it installed and configured on the embedded platform might be a bit of a pain. A technique I've used with pfSense is an IDE->CF adapter in a regular PC (or a card reader), install the OS and configure the LAN IP address and then swap the CF into the embedded machine.

What exactly makes you rather have pfSense over the RV042?

I may not worry about the PC's heat/power and just try to figure out the best distro to use. Untangle seems heavy compared to pfSense or IPCop, is PFSense the better suggestion for doing as little as it will be doing?

 

[keenan]

What exactly makes you rather have pfSense over the RV042?

pfSense is much more flexible and easier (and cheaper...) to deploy. I also find that the management tools are better, things like the web interface, traffic monitoring options etc. are much better in pfSense. Having tcpdump available to diagnose issues is indispensible. It's also continually developed and has a good community around it, so things actually get fixed and features added as time goes on.

Since I've had zero issues with it over the 2 years I've been using it in production and I feel it offers much more functionality, I strongly recommend it. IMO the RV042 is a glorified consumer router.

As far as Untangle vs. pfSense, I feel the same as you. Untangle seems really bloated and too commercially motivated for my preference in an open-source project. It seems like a decent product, but not the type of thing I want as my firewall. If I want all those features I'd rather put them into a separate machine. I've had good experience with pfSense though, and it's suited my needs very well, so I haven't explored the alternatives much.

 

[Lugztaz]

I may install PFSense and get things setup there. It would be nice to be able to have a smaller appliance like the Cisco router there but this should work fine and I can make more money off of it.

Anymore tips and tricks I should be thinking about before i write up my proposal? For now I think I'm going to stick with 1 AP to see how things go.

 

[keenan]

Run the 1.2.3 release candidates, they're much improved over 1.2.2 and very solid. 2.0 is absolutely not ready for production.

If you go with the ALIX hardware you get an appliance similar in size to the RV042 (smaller actually). It's good hardware and I recommend it. I don't really recommend putting the wireless in the same box though, I've just had plenty of problems with it, I just assume an external AP whenever I deploy it now.

Grasping the QoS in pfSense takes time. If you plan on using it, give yourself a while to play around and learn how it all works. pfSense 2.0 has much improved QoS, but unfortunately it's still buggy enough that I only use it at home. Once you get everything configured and running it's solid, but lots of features are buggy or don't work properly as you've configured them.

If you have pfSense questions, feel free to ask here or in PM, I've used it at quite a few clients' for a couple years now and I know it pretty well.

 

[Lugztaz]

I got 1.2.2 setup before you posted so we'll see how that goes.

Right now I don't think I will be running QoS.

One thing I am curious about is AP Isolation. If that is enabled, how will that effect user performance?

 

[keenan]

One thing I am curious about is AP Isolation. If that is enabled, how will that effect user performance?

Shouldn't really have an impact. Your users aren't going to be communicating with each other over wireless, it's all going to be router<->AP<->client communication, so all it should do is add a bit of security for your patrons.

 

[Nate7311]

Shouldn't really have an impact. Your users aren't going to be communicating with each other over wireless, it's all going to be router<->AP<->client communication, so all it should do is add a bit of security for your patrons.

The only thing that bugs me about this solution is lack of segregation between wireless clients in a publically accessible wireless environment. I.e. the (potential) ability for anyone with networking knowledge to "hack" (I hate that word) his neighbors in the coffe shop. If you're ok with that, then you absolutely cannot beat this solution for it's price . If anyone is paranoid about that possibility, then hang a small basic disclaimer next to the Free Wifi sign.

 

[Lugztaz]

The only thing that bugs me about this solution is lack of segregation between wireless clients in a publically accessible wireless environment. I.e. the (potential) ability for anyone with networking knowledge to "hack" (I hate that word) his neighbors in the coffe shop. If you're ok with that, then you absolutely cannot beat this solution for it's price . If anyone is paranoid about that possibility, then hang a small basic disclaimer next to the Free Wifi sign.

What would be a cheap or free solution to this problem? I assume there has to be something I can add to PFSense to help prevent this, although I don't see it as being a huge problem as there is nothing like this currently implemented.

 

[keenan]

What would be a cheap or free solution to this problem? I assume there has to be something I can add to PFSense to help prevent this, although I don't see it as being a huge problem as there is nothing like this currently implemented.

Just enable AP isolation. It should be sufficient. Might want to test that it actually works if you're using a consumer AP...

 

[Lugztaz]

Just enable AP isolation. It should be sufficient. Might want to test that it actually works if you're using a consumer AP...

I'll test it then, again, I'm not that worried about it at this point. I'm just running over other PFSense services and through the AP to see if there is anything else I may need to help improve the overall quality but I can't think of a whole lot past the basics.