Gerhard Potgieter

Today I discovered a new site dedicated to listing broaband packages. Its brand new as ISP’s are still adding their packages on the site as I am writing this entry. The site www.broadbanddeals.co.za looks like it is a MyBroadband.co.za site. The goal of the site is to list all types of broadband packages available by ISPs for the 6 types of broadband services offered in South Africa. The site has a nice control panel for ISP to log into and add packages and details about them in a convenient way. So if you are a ISP feel free to register on the site for free and help make the site a success.

After moving about a month back, I decided that I would need to get signal to my new place. Lucky for me it was only about 1km from my parents’ and los was great towards my new place.

So I modified the kit a bit, and now broadcast with a 14dbi panel towards Bellville Larochelle area.

This weekend 2 members had great success in connecting to the site, one is a brand new member and the other one just moved over from bot so pings and speed will be allot faster for him.

So if you are in that area feel free to scan and if found do the right thing and connect.

In a country like South Africa where Telkom dominate the local telecoms market, local communication is extrodinary expensive. That was untill a group of local citizens had enough and started their own wireless based network called a WUG (Wireless User Group).

The first WUG started out in Johannesburg, and then spark interest in other provinces where users started their own WUGS aswell. Recently JAWUG (Johannesburg Area Wireless User Group), PTAWUG (Pretoria Wireless User Group) and PWP (Pretoria Wireless Project) finally got to a point where they could link up their networks and bring their total connected nodes to just over 200 and covering +-140km of area.

If you are interested in finding out more about a WUG in your area please visit wug.za.net for a complete list of wugs in South Africa.

For a complete article about the networks check out the MyBroadband article.

With the increased popularity of wireless technology today more and more homes and businesses are starting to use this technology.

What most of these users don’t know is that if you don’t secure your wireless network anybody within range of the network can gain access to it if you don’t have security measures in place.

A while back Telkom started giving away free wireless ADSL routers to all new self install users signing up. This move contributed to a even larger percentage of unsecured wireless networks out there, and these networks are unsecured without the users even knowing it.

If you are into wifi like I am, every now and then you would do a scan just to see how many networks is in your area. With these scans almost every time I picked up at least 2 unsecured wireless home networks. Just to mention I can then easily connect to these networks and then use the ADSL, some cases I could even log in to the wireless router with the default username and password. In a country like South Africa where bandwidth is so expensive there are allot of people out there that exploit these unsecured wireless networks and use up all the bandwidth there is, leaving the owner flabbergasted to hear from his ISP that he used up all his bandwidth.

So I thought it would be a good thing just to list a few things you can do to ensure that your wireless network is protected from unauthorized use.

1. First thing you do when you receive your wireless router is to always change the default username and/or password.
2. Enable some form of security, like WEP, WPA, WPA2, or MAC authentication. This will ask new users to the network for a passkey to be able to connect to the network, or the user’s mac must be enabled on the router.
3. Use static IP addressing rather than a DHCP server. This will make it harder for an intruder to guess your IP range and Gateway IP for internet use.
4. If you are a large business running advanced wireless network use RADIUS to authenticate your users.
5. And last if you can check your router logs as often as possible to see attempts of unauthorized access.

If your are still not sure how to secure your network feel free to leave comments and I’ll try and direct you into the right direction to help you secure your wireless network.

Remember a wireless network is never safe from unauthorized access but you can always make it harder for a person to be able to access it. Always remember a form of security is better than none at all.

During the past few weeks I have received numerous requests about users asking me to help them set up a PPTP VPN tunnel between two Mikrotik devices to share internet, so I thought it couldn’t do any harm in writing a nice little how to.

We are going to start with the Mikrotik router providing the internet, please make sure that the router is already internet enabled and that you can ping internet sites from it.

Log in to the router using Winbox, and click on the PPP link to open up the PPP settings page. First we enable the PPTP server on the router by clicking settings button and ticking enabled and then apply.

After enabling the PPTP Server we need to create a login for the router wanting the internet. Go to the secrets tab, click the +, a screen will open up where you will fill in all the details. Name is the username, Password the password, profile choose default-encryption. Now for the most important part, the IP’s. Local Address is the IP the dialing router will have in the router providing Internet, and Remote Address the IP the dialing router will have in its own side. The remote address is important cause we will use it to masquerade the internet. Click apply and you should now have a login setup.

Now we must set up the Masquerade rule, so that the dialing router will be able to surf the web. On the main menu go to IP -> Firewall. Click the NAT tab and then the +. In chain select srcnat, src address is the remote address we used in the login setup above. You can either just use the ip or you can use a whole range if you have more than 1 router dialing.

Now click on the Action tab and for Action select masquerade. Click apply and then you are done setting up the server side of the PPTP VPN.

Next we log into the Mikrotik router dialing to the router providing the internet. Log in using Winbox, go to PPP menu. Click the + and select PPTP Client. Go to the Dial Out tab and in the Connect To box enter the IP of the router providing the internet, User and Passowrd will be the username and password set up on the server side. Under Profile select default-encryption, tick Add Default Route and then Apply.

That it you should now have a fully working VPN link to the router providing the internet and should now have internet. Just remember that DNS settings could perhaps not be set up and thus your internet could not be working.

Please take not that this tutorial was written for Mikrotik routers on the CTWUG network but should also work for other networks. If you have any questions or queries please leave comments and I’ll respond.

DD-WRT has for long been the custom firmware of choice for many Linksys WRT owners. The initial target was just a modification of the original Linksys Firmware for supporting simple Radius Authentication. But the creator decided to add some more small tools and fancy things, just for fun.

Today it has become one powerful firmware and most Linksys WRT owners run it on their devices. To date DD-WRT V23 SP2 was the release that seemed to have the biggest success and many people still use it to date. At the time of DD-WRT V23 SP2 release the creators also started porting the firmware to other platforms like Avila Gateworks, X86, FON Fonera and whatever was comming to the dev table. (about 90 different router types so far).

Today I’m proud to announce the release of DD-WRT v24 packed with even more features.

DD-WRT v24 offers many new features, on of the most important is support of Atheros wlan chipsets and SOC designs. By supporting special features of the Atheros wireless designs like half- and quarter channels and extended channel support DD-WRT is now perfectly suited for long range wireless links. With this DD-WRT is now also supporting the whole Ubiquity line of wireless products using all available features the hardware offers.

Highlights of DD-WRT v24:
- Virtual SSIDs, Virtual DHCP-Servers, PPTP over WAN enhencements, Bridging + VLAN support, VDSL Support, OLSR-Routing / Freifunk, My Ad Network (powered by AnchorFree), Quaqqa instead of Bird (in X86 + Xscale default),  PPPOE-Server, EOIP-Tunnel, Network configuration enhencements, UP-Downstream (QOS), New Packet Scheduler HFSC, Save & Apply, extended DDNS options, extended status information, New Languages, Sipwerk integrated Milkfish into the new release, turning every DD-WRT router into a SIP-aware firewall.

New hardware platforms:
- X86, Avila Gateworks, Cambria Gateworks, Atheros Soc (for a list, please look into the Download Section), Compex,Senao, Fonera, Ubiquiti

I will certainly be upgrading my DD-WRT v23 SP2 to the new one as there is some nice new features aswell as support for longer distance links now. Or with the support of X86 I’ll even consider turning an old pc into a nice RouterPC with some Atheros cards.

Can you say 30ms pings? CTWUG certainly can now. Yesterday some of the guys braved the cold rain and marble sized hail and went out to install the latest addition the the CTWUG high site family namely Jupiter.

Jupiter is situated on top op Tygerberg Hill and cuts the hops in more that half to go from one side of the network to the other side. It boast backbone links to Saturn and Neptune, also another new site, aswell as a 5.8 sector and 2.4 panel towards Durbanville/Brackenfell area. What is great is the latency, its the lowest the WUG has had so far and this is a great plus point for all the gaming enthusiasts.

Just want to give a great thanks to the guys that made this possible in the weather, we as a WUG greatly appreciates it. As for all the users on the WUG, hope you have your KY ready!

During this weekend some of the guys from CTWUG went out to do some maintenance on our Mars high site. During this time they also thought it would be a good opertunity to sort the backbone link to LoemWug.

LoemWug is a Wireless User Group operating in the Southern Suburbs of Cape Town, they have about 40 users according to their admins. CTWUG en LoemWug have been negotiating now for a long time to link up and the day has finally arrived.

CTWUG and LoemWug are now officially linked via the Mars high site, so it safe to say the the combined user total of both WUGS are now almost 100 users. All that has to be done now is sort the routing as the 2 WUGS run on different ip ranges, but I’m sure this will be sorted anytime soon.

And some other news, CTWUG will be putting up its Tygerberg Hill high site tomorrow. After the completion of this site we will have our own fully owned backbone reaching from one point of the network to the other end. The site will provide a one hop link to the other side of the hill which should drop latency quite a bit, it will also have 1 5.8 sector covering Durbanville Brackenfell side of the hill aswell as a 2.4 panel cover the same area. The site will be called Jupiter and will link to Saturn and Pluto via Rellik for now.

Good luck to the team going up tomorrow, hope everything goes smooth and as planned. We are really starting to build a kick ass network now.

With the routerboard 433 already shipping to suppliers, Mikrotik will soon make available the bad brother of the 433. The RB433AH is a more powerfull version of the standard RB433. The 128MB DDR will be capable
of supporting new RouterOS features coming. The microSD slot supports an additional memory card that can be used for a Dude database and other features to be announced in during Spring ‘08.

The 680MHz Atheros MIPs 24K CPU, that can be overclocked to 800MHz, with a 64KB/32KB instruction/data cache is probably the fastest CPU used in low cost wireless access points.

The three Ethernets and mpci slots give you ample data interfaces to put the big CPU power to work.

The RB433 and RB433AH replace the RB133 and RB333 positions of the mikrotik product line.

CPU Atheros AR7130 680MHz network processor (Tested at 800MHz)
Memory 128MB DDR SDRAM onboard memory
Boot loader RouterBOOT
Data storage 64MB onboard NAND memory chip and microSD
Ethernet Three 10/100 Mbit/s Ethernet ports with Auto-MDI/X
miniPCI Three MiniPCI Type IIIA/IIIB slots
Extras Reset switch, Beeper
Serial port One DB9 RS232C asynchronous serial port
LEDs Power, NAND activity, 5 user LEDs
Power options Power over Ethernet: 10..28V DC (except power over datalines). Power jack: 10..28V DC. Voltage monitor.
Dimensions 10.5 cm x 15 cm, 137 grams
Power consumption ~3W without extension cards, maximum – 25 W, 16W output to cards
Operating System MikroTik RouterOS v3, Level5 license

The expected shipping date of these units are still to be made public, but I’m sure WUGs arround South Africa will scoop up these units as soon as they arrive.

So this is the NanoStation2, it gets described as “The Ultimate CPE for the Global WISP Community” but lets see what makes its manufacturers think that this device is so leet. Firstly this is the NanoStation2, where the hell was the NanoStation1? Me being part of CTWUG I have all my doubt in this little device as all devices I know that really packs a punch in the wireless industry is Mikrotik Routerboards. So lets have a look at the NanoStation2 specs as given by the Ubiquiti website.

• Processor Specs: Atheros AR2316 SOC, MIPS 4KC, 180MHz
• Memory Information: 16MB SDRAM, 4MB Flash
• Networking Interface: 1 X 10/100 BASE-TX (Cat. 5, RJ-45) Ethernet Interface
• Wireless Approvals: FCC Part 15.247, IC RS210
• RoHS Compliance: Yes
• TX Power: 26dBm, +/-2dB
• RX Sensitivity: -97dBm +/-2dB
• Antenna: Integrated 10dBi Dual Pol + External SMA
• Outdoor Range: over 15km
• TCP/IP Throughput: 25Mbps+
• Max Power Consumption: 5 Watts
• Power Supply: 12V, 1A (12 Watts). Supply and injector included
• Power Method: Passive Power over Ethernet (pairs 4,5+; 7,8 return)
• Operating Temperature: -20C to +70C (System PCB optimized for hi-temp)
• Operating Humidity: 5 to 95% Condensing
• Shock and Vibration: ETSI300-019-1.4
• Weight: 0.4 kg

Out of personal experience with wifi networking I dont think this devices comes close to the Mikrotik Routerboard 133c, and just to mention the 133c is not being produced anymore as its being replaced with the RB411 that packs a powerful 300Mhz Atheros Networking processor. And the lack of a high gain antenna puts me off, as 10dbi is not worth it for a CPE. The throughput listed there is hard for me to believe, maybe in a lab at a distance of 5m but still then i have my doubts as a 175Mhz Atheros cpu maxes out at about 14mbps. Sure it has a kinda powerful radio, but that anway illegal in South Africa. If I must take a guess the NanoStation would retail at about R700 - R900 here in South Africa and for that price I would rather buy a custom Routerboard CPE from scoop. All in all the NanoStation looks good from the outside but with the multitude of CPE enclosures you get nowadays there is better designs out there.

Just to sum it up, I dont forsee this device competing with any Mikrotik produk in the near future as Mikrotik has a good OS on their devices and has allot of power behind their devices that overtakes the NanoStation by far.