Ask the Wi-Fi Guru: Episode XIV

By Aaron Weiss

April 16, 2009

In our April 2009 installment of this monthly Q&A series, the Wi-Fi Guru covers a wide variety of Wi-Fi networking issues, including range boosters and why Macs and PCs sometimes can't get along--and asks for readers' help in solving them.

awhead.pngMany years ago I thought that Alex Trebek was the smartest man in the world. After all, he knew the answers to everything! Well, it turns out the answers are fed to him. I know, right? Who knew? Now I wonder who told him to shave his mustache. My point is, it only seemed like Alex Trebek knew everything. Likewise, it is only natural that each month, I tend to choose wireless networking questions for which I think there's a good chance I know what to say.

But, I also receive questions that are real stumpers. Some are stumpers because they ask for the impossible, like "can you tell me the password to my neighbor's Wi-Fi network?" No, I can't, even if I knew it (which I don't). Others are more like head-scratchers. I may have an inkling what the problem might be, but can't really be sure. Enter the wisdom of the crowd. So this month, we take a look at a few questions that I kinda maybe perhaps have a thought or two about, but could really use your input on. Of course, you're always welcome to share your two cents about anything you read here, but this month especially, we invite your ideas!

Q: I have to set up a temporary Wi-Fi hotspot at a seminar in a hotel. I would like to have some sort of bandwidth limit and an acknowledgement splash page, but no authentication. I would also like to have to bring as little equipment as possible.(Chilispot and other hotspot servers mostly require another computer to run on. I'm hoping to find something I can run on a router). I found NoDogSplash, which seems to fit my situation, however it likes OpenWRT. It seems like DD-WRT is a much more polished firmware. Do you think NoDogSplash will run on DD-WRT? – Jason

A: Let's first unpack this scenario—you want to setup a single piece of hardware that will give nearby users wireless Internet access. But, you want to force them to see a splash page upon connecting (such as ads from sponsors), and you want to define limits on their upload and download speeds, presumably so that no single user can hog all the available bandwidth to the Internet.

As you have discovered, NoDogSplash meets all of your needs, but with one catch—it runs on OpenWRT, which is a less user-friendly router firmware than, say, DD-WRT (or Tomato). The OpenWRT learning curve is considerable compared to these others, and although it is quite powerful, it may not be the most inviting choice for a turnkey solution.

Unfortunately, it does not seem like anyone has posted a successful report of installing NoDogSplash on DD-WRT or Tomato. However, there are two alternative approaches to consider:

  • Flash your WRT54G-family router to CoovaAP. This open-source firmware is actually based on OpenWRT and includes a captive portal (for your splash page) and traffic shaping (for bandwidth limiting). But unlike OpenWRT, CoovaAP also includes a relatively user-friendly Web-based administration interface.
  • Stick with DD-WRT and use NoCatSplash for the splash page, which can be hosted on an external Web server. Limiting bandwidth is slightly more complex (unless you buy the paid version of DD-WRT, which includes bandwidth management in the GUI). You can create an iptables script for limiting bandwidth by IP/MAC or other criteria using the nifty Windows app WRT54G Script Generator. Follow the step-by-step wizard to generate an iptables script which you can paste into DD-WRT's firewall script section.

Like Jason says, most captive portal solutions require interacting with an external server, most typically a RADIUS server. But for a simple, quick-n-dirty hotspot with bandwidth control, but without user management, what other solutions come to mind? Click on my byline above to send us your feedback, or use the Comments tool below.

Q: I have a Cradlepoint MBR1000 gateway that is wired to the desktop and works fine.  I use it wirelessly to connect to a laptop and that works fine, but when I try to get my Vaio PCG Z1VA to connect, it shows in the task bar that it has a good signal, but I can't connect to the Internet. I get a message that states "Windows was unable to find a certificate to log you on to the network." Can you you help me out? - Brad

A: You have to admire Microsoft for keeping its "Unhelpful Error Message Department" busy, continually inventing new and ever more cryptic ways to tell you that what you want to do doesn't work. The clue here is "certificate" because, chances are, your wireless network does not use a certificate. And the problem is likely with the client PC—in this case, your Sony Vaio, which may be misconfigured to look for a different kind of network than the one that you have.

It isn't clear whether you are connecting to the wireless network using Windows' built-in wireless management or the Intel PROset wireless connection utility pre-installed on the Vaio. If you are using the Windows connection utility, I would first try to switch to the PROset utility instead.

Failing that, two things to consider:

  • The Vaio may be trying to establish a WPA-RADIUS connection rather than WPA-PSK (or WEP), depending on what kind of security you have in place on the Cradlepoint router. If the Vaio is mistakenly trying to make a WPA-RADIUS connection, and you aren't actually using a separate RADIUS server (which is almost certainly the case), this error may appear. 
  • Disable IEEE 802.1X authentication on the wireless adapter for the Vaio. Open the available wireless networks, right-click on your network, choose Properties, and look for the "Authentication" tab, where you can hopefully uncheck 802.1X.

Has anyone else seen this cryptic "certificate" error and, if so, found another solution to (or explanation for) the problem? If so, click on my byline above to send us your feedback, or use the Comments tool below.

Q: I had a nagging problem with my son's MacBook dropping wireless with a "security compromised" message. Turns out, my wife's laptop (XP) was corrupting the network with VPN. As soon as I switched to AES versus TKIP the problem disappeared. Not sure if Macs don't do TKIP well, or XP doesn't... but AES is quite stable. – Al

A: Perhaps we ganged up on Microsoft error messages too soon. A good number of Mac users have reported frustration and confusion with the infamous "Your wireless network has been compromised" error. What's worse, in fact, than Microsoft's empty rhetoric is that this message actually causes OSX to disable your wireless network for one minute. Gee, thanks Apple!

Of course, OS X thinks it is doing you a favor. After all, it has decided that your wireless network is being hacked by a nasty intruder, and so taking your machine offline is for your own good. The only problem is, chances are, that there is no intruder.

Little seems to be known about the exact cause of this error, and Apple has yet to address it despite reports dating back to at least 2004. Some users are affected frequently—as in repeatedly, every day—while others have never seen this error. Based both on my personal experience with this error and other user reports, it appears that the trigger involves the presence of a PC-based wireless client using WPA-TKIP.

For example, at a friend's house I had setup a wireless network using WPA-TKIP, and configured both her MacBook and my PC to the appropriate settings. The MacBook would connect to the network, but as soon as my PC would connect, the Mac would throw the security error and shut down her connection.

As Al discovered himself, changing all parties involved—the router and the clients—to WPA-AES encryption solved the problem and everyone got along happily.

The question remains, though, is TKIP encryption tickling a bug in OS X? Have you seen this error on a Mac and found any other solution and/or explanation? Considering how widely used TKIP is (as the default WPA encryption scheme in most wireless routers), it seems odd that this bug would persist in OS X for so many years. If you have insight to share, click on my byline above to send us your feedback, or use the Comments tool below.

Q: I am grappling with the concept of the Wi-Fi booster. For example the Hawking HSB2 is an RF signal amplification device with many fans boasting magical improvements--but how? It's surely easy enough to boost output power and thus be seen as a stronger signal from farther away. But the device comes with a paltry 2dbi antenna, leaving us all with the cosmic mystery of how the return signal becomes suddenly adequate. I suppose that the receiver within the booster could be extra adept at rooting around in the tall grass to extract signal, but if there is that much SNR left over, why aren't the "quality" component manufacturers exploiting it already? – Ron

A: Although my expertise in RF is limited, I am inclined to agree with the sentiment in Ron's first paragraph. These so-called "Wi-Fi boosters" are basically amplifiers that make the transmitted signal "louder" (if you think about it in radio terms). But unlike a radio, the client is not a passive receiver—it, too, sends signal back to the wireless transmitter. The client is limited by the power output of its own transmissions. In other words, the Wi-Fi booster may let your client "hear" the wireless router from a further distance than it would otherwise, but the client itself might not be strong enough to send anything back—leaving you in the same boat as if you couldn't see the wireless network at all. Or more specifically, dangling an SSID that you can see, but not associate with.

Also remember that when you amplify signal you also amplify noise. Many users have reported that, when cranked to max output, these Wi-Fi boosters can actually hinder performance of nearby clients, whose own receivers essentially "drown" in the noise. To minimize this problem, one may need to compromise by setting the Wi-Fi booster to a mid-range power level—say, 100 to 200 milliwatts. Of course, this will also reduce its maximum range, and so what's the point?

The point, according to those who have evaluated these boosters, is to better fill in your existing wireless range. In other words, if you expect the booster to give you a strong signal much further away than you could before, this may not pan out. But, if you would like to give a boost within the range you already experience—and maybe catch some of the "dark corners" that are otherwise too weak—a signal booster set to a mid-range power output could very well do the trick.

An entirely different way of using a Wi-Fi booster would be for creating a long-range fixed wireless link. In this case, you don't care so much about clients near the receiver, so you can pump up the power output. Plus, you would want to use a pair of boosters, one at each end of the link, so you don't wind up with the asymmetrical power problem described above. Finally, you would also want to replace the "paltry" 2dbi antenna with a more powerful directional antenna. You'll always get the longest range using directional antennas precisely aimed at one another, but of course this will not provide much or any signal outside their straight-line path.

Have you tried any Wi-Fi boosters and, if so, have they helped? Click on my byline above to send us your thoughts, or use the Comments tool below.

Aaron Weiss is a freelance writer, book author, and Wi-Fi enthusiast based in upstate New York. To submit your questions to the Wi-Fi Guru, simply click on his byline (above) and put "Wi-Fi Guru" in the subject line. Click here to read last month's column. For more by Aaron Weiss, read "How to: Monitor Bandwidth with Tomato Firmware." For definitions of unfamiliar term, visit our searchable glossary.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.