Sunday, 4 September 2016

How not to do WiFi?

Update: read to end - whilst it was unusable, they have somewhat redeemed themselves with the support.

I am in a caravan park, Hendra, in Newquay. Don't ask! Sandra and myself and our grandson (whilst his parents are on honeymoon). Yes, I know, slumming it. Very reminiscent of the holidays we had when first married with our kids, so nostalgic in a way.

They have WiFi on site by a bunch called "Camping Connect".

Now, I appreciate that providing WiFi for a physically large site is a challenge, but actually that bit they have managed. The WiFi signal seems good. I also appreciate that Internet access for a large bunch of people on a site is a challenge.

But there are things you should not just get wrong like this. It is scarily bad.

The access has a voucher system, and they do a number of days and number of devices, and you can buy on-line on the captive portal. So far so good, and pretty bog standard.

The Internet access is via a simple BT back-haul connection, no idea how fast, but in principle not unusable.

The problem is that whatever kit they have handling the double NAT going on and the authorisation sessions is very very broken. A single TCP session is lucky to last a minute before being dropped, same for a UDP (VPN) session. I cannot ssh or VPN using it. But maybe they are just expecting people to use the likes of FaceBook and Twitter.

They have a FaceBook page. It mentions what one would assume is a twitter account @CampingConnect but that is not actually on Twitter. Well, it is now, and is me...

But even such simple things are badly broken. After a few minutes they stop working. Indeed all https stops working. To fix you have to go to an http page which is redirected to a "You're online" page...


Then, once you have that, your https will work again. It is just massively broken trying to do anything.

Seriously I have had more reliable Internet using a 2400bps sat phone on a ship, and way more usable Internet at 30,000ft on a Virgin Atlantic flight.

Some updates...

Their DHCP is messed up. It answers a broadcast and issues a 300 second lease with 134 second renewal but then does not answer the unicast renewal requests so the client has to give up and rebi d. This could explain losing connection we very couple of minutes and perhaps the portal reset if tied to DHCP at all. No, it is worse, it is replying sometimes, but rarely to unicast or broadcast which means I am often losing IP totally and having to try daIscover many times and then request many times to regain an IP. The wifi signal is fine so looks like just bad network kit. No, it is more complex. It is not replying to a lot of the DHCP requests, unicast or broadcast - so often losing IP totally for minutes at a time.

This morning there is nothing working, no replies to DNS and no routing at all!

I am guessing double NAT as the wifi is on a /22 but a second RFC1918 appears before the BT DSL link, so probably a bog standard BT router doing one lot of NAT and their portal/access doing another.

Update: they called - and have whitelisted the MAC on an AP. Now ssh stays up (yay!), VPN seems to connect but does not work, and the connection is so poor I cannot even use vim. I give up.

Update: they called again - looks like lots of noise/interference, so they are going to change channels around. I am surprised that I did not know I could use ALT and the WiFi icon on a Mac to get details!


Further update: pretty usable now after much juggling..

Conclusion: The support staff tried - the service in the caravan was hampered by WiFi - so more APs would be needed I expect to do better. The service at the club house was very different, and difficult to use. Overall some key things I may have needed to do on a laptop this week would not have been possible at either location. Poor, but they tried.

19 comments:

  1. Any idea what kit they were using for Wi-Fi or the captive portal..?

    ReplyDelete
    Replies
    1. They seem to provide a list of their kit at the bottom of this page: http://www.campingconnect.co.uk/partners/

      Delete
  2. "They have a FaceBook page. It mentions what one would assume is a twitter account @CampingConnect but that is not actually on Twitter. Well, it is now, and is me..."

    Facebook recently seems to be referring to their own page usernames as @names.. Very confusing. I've visited several recently and thought "that's cool, didn't know they were on twitter" only to find that one of my pages also showed an @name underneath the page title! Yet it isn't on twitter and I never filled in an @ name!.

    ReplyDelete
  3. I often see that people crank the nat session timeout value (also known by other names) down to stupid figures when the equipment they are using is not capable of remaining stable for the amount of sessions they actually need. Common for lower end routers which have 'pro' features, draytek etc.

    Double nat is inexcusable though!

    ReplyDelete
  4. I was at a campsite that had 'wifi' that was a single netgear with an antenna stuck out of the roof of the main building. 500+ people on a single consumer AP, you're gonna have a bad time..

    Unfortunately I lacked the dumbing down skills and failed to get across to them why it couldn't possibly work.

    ReplyDelete
  5. There are loads of IT companies out there that are willing to 'have a go' at providing cheap WiFi deployments for establishments such as these. When it comes to large area or dense deployments though, they lack the knowledge and skills to plan and follow through the install.

    I've been doing it for a few years now and the landscape keeps moving faster just like the whole IT field in general and I'm learning new things all the time to keep up.

    For a company that specifically targets this kind of work though it's pretty inexcusable to have something setup and running so poorly.

    I'm the curious type too and always checkout other people's work when I come across it, if nothing more than to see if there is anything good I can learn. Out comes the trusty android phone with the WiFi analyser, speed test, Vendor MAC Database. Fing is also good for a quick check to see if client isolation is on (or whats on the network if not) etc, etc.
    In a few moments you get a pretty good feel for how well the WiFi is going to handle

    If client isolation and other features are not enabled, getting round the captive portal and messing round with the network in other ways is far too easy but it's surprising how often they're not enabled, even on higher end kit.

    Not changing default equipment passwords is also another common issue I come across.

    Everyone has to start somewhere and there will be problems and mistakes along the way (I've had my fair share). But there is so much information available on-line, in books and good courses out there that it shouldn't be to hard to get a good grip of the basics for a reasonable deployment. Most importantly though you have to monitor and follow up the installs to make sure it's running as expected and make adjustments as needed. After that most problems come down to user/device issues, which, with a little education of on-site staff are quickly resolved.

    The biggest problem I have is convincing people that they need to spend a lot more than they were thinking because they cant understand why the cheap little boxes they see at PC world cant do the job. Even I struggle with the whole dumbing it down business but some people just don't have the capacity to understand, and that's fine because it's not their job to, so long as we manage to build some trust, I get some work and they get a system that works and doesn't give them grief.


    ReplyDelete
  6. those captive portals are pretty annoying - i prefer the systems you typically find in your freindly local where you have to manually ask for the wifi password

    ReplyDelete
  7. I generally avoid hotel or site provided wifi like this. Partly because it's usually hideously bad as this article shows, but also because of concerns about man-in-the-middle attacks. Unless all your traffic is end to end enrypted, the public wifi provider could be doing anything with it.

    Is mobile broadband not working on the site? That's what I usually use.

    ReplyDelete
    Replies
    1. A combination of other temporary technical difficulties mean yes, but not on my laptop which is where I want it.

      Delete
    2. During a recent stay in hospital I took in a dual radio router. Connect one radio to their Wi-Fi and run the other as an access point for me. Once running it creates an sstp tunnel back to my home router and sets up a layer 2 tunnel to my home network, the AP radio runs off this tunnel. Protects my traffic and got me round a few annoying restrictions in their firewall.

      Delete
    3. And the mobile broadband provider could be doing, er, anything with your traffic. (And already is blocking some sites unless you supply a credit card to "prove" your age.) Public wifi is really no worse.

      Delete
    4. There are a much larger number of hard to track down people running public wifi, often just a couple of people at a shop. The chances of scrutiny from ofcom are tiny. With mobile broadband there is at least the regulator, and if they do anything really bad with your data there is a chance it will hit the news eg. "Three caught stealing people's email passwords" or some such.

      Delete
  8. > That will be a breach of EU Net Neutrality rules. I may be able to get a refund on that basis

    As opposed to the "I'm afraid I really struggled to get online at all; it just didn't work properly" basis?!

    ReplyDelete
  9. Yep, ALT-click on the Wifi icon is the friendly way to see the details on OSX.

    On the command line, there's the "airport" tool, found at full path:

    /System//Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport

    ( I make a symlink in /usr/local/bin or somewhere in my $path )

    airport -I # show the current details
    airport -s # scan for APs

    ReplyDelete
  10. WiFi that worked for web but not ssh was a feature of my recent visit to Stockholm - in fact, it seemed I couldn't get to anything but the web at the hotel.

    ReplyDelete
  11. Campsite wifi seems especially hard to get right. Last UK camping I visited had 5 access-points close to each other all on channel 1. And it was more expensive than data roaming from my own country.

    ReplyDelete
  12. Did you get a closer look at the panel on the other side of the mast? It looks exactly like the WiMax CPE Vodafone Malta installed for me in early 2009, capable of 10Mbps on around 3.5GHz - though it's likely that other bandwidths were available.

    ReplyDelete
  13. An idle thought - if a place offers "Free Wi-Fi", does it have to provide Internet access too ?

    For example, could a hotel provide "free Wi-Fi" which just gave access to an on-site web server which has their lunch menus and a booking system for the crazy golf course ?
    I know it wouldn't win them any prizes, but would it count as providing you with what they offered ?

    ReplyDelete