Choose style:

Author Topic: My favourite Almond feature: "Travel WAP"  (Read 14965 times)

0 Members and 1 Guest are viewing this topic.

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
My favourite Almond feature: "Travel WAP"
« on: July 30, 2013, 04:03:15 am »
  What is my favourite feature of the Securifi Almond?  

This is a question my Geeky friends keep asking me.  Some of them are surprised that I continue to show enthusiasm for my Almond,  when they scorn it immediately upon noting that it only offers a 10/100 network switch.  I confess that I almost didn't get past that myself.  I soon discovered that my friends,  fall into 2 categories.  The first group can't get past the specs.  (These are a lost cause,  so I don't try to educate them).  The second group are more open so they are the group I've been working on. 

My favourite feature of the Almond is the WAP (Wireless Access Point) feature.  This is the perfect feature for my "Techie Toolbox".  As a Computer Consultant,  I am regularly asked to setup networks for Medical Professionals,  where data security is very important.  These networks are typically setup without Wi-Fi access,  in order to protect patient records from prying eyes (packet sniffing) etc.  As a consultant I am asked to access these networks on-site,  but I am asked to use my Laptop rather the PC's already on the network,  so that my presence doesn't prevent receptionists,  and billing clerks from doing their work. 

This presents a problem,  as most of these networks don't have "extra" network ports at employees desks than I can "plug into" in order access the network from my Laptop.  This is where my Almond comes in.  I want to work near employees,  (so I can ask questions about symptoms etc that they are experiencing),  but I don't want want to prevent them for doing their work.  [For data security/patient privacy reasons the Wi-Fi is disabled on these networks]. 

Solution:

I have my Almond setup with my own Wi-Fi credentials pre-configured.  This allows me to always connect to my Almond,  even when it is a "guest" on these networks.  Unlike most competing products,  Almond permits setting up "WAP" mode,  while still picking up it's IP address via DHCP.  I simply plug in my Almond at one of the unused ports at the networks main router,  and power it up.  (It couldn't be easier  ;D). 

To determine my working environment,  I simply access the "Status Screen" on the Almond to get the information I require. 


Once the Almond has picked up it's IP address I can use the touch screen to determine the IP address of the Almond,  so that I can access it's WebUI at the listed IP address.  My Laptop connects to the Almond,  and gets an IP address from the main router.  The main router is not even aware that my connection is wireless.  My Laptop simply uses DHCP to get an IP address from the main router.  I can work on the medical network wirelessly,  without compromising patient records,  as I never access patient records.  (I'm only there to resolve Hardware/OS issues).  When I leave site,  my Almond comes with me,  so the Wi-Fi access is back to not active. 

My Almond prevents me needing Wi-Fi credientials for the Medical networks I work on,  as I don't need to access their "disabled" Wi-Fi at all.  I simply access my Almond while it is connected to their network.  I can service anything on the network from anywhere within the Wi-Fi footprint of my Almond.  (The Almond has surprisingly good Wi-Fi coverage).  Yet,  when I leave the site,  my Wi-Fi comes with me,  thus returning the network to it's normal No-Wi-Fi status. 

I have tried to approximate this configuration with competing Routers,  but none of them support this functionality.  (Most support WAP-mode,  however they don't do DHCP on their uplink port,  so I can't use the DHCP on the main router,  thus preventing the "Plug & Play" functionality provided by Securifi on their Almond product).  Similarly none of the competing products have "Touch screens"  so I need to use a variety of network commands such as "arp", "ping",  "netstat",  and even "netcat" to access these devices.  With the Almond,  I don't need any of these tools,  as I can simply read the "Status screen" to get the Network IP and Subnet information. 

I have also played with the Almond "Range Extender" feature,  but I don't typically use this feature as it effectively cuts throughput in half,  as each packet has to "stored" and "forwarded" thus requiring every packet to be transferred twice across the same Wi-Fi connection,  which effectively halves the throughput.  (It's useful to extend the Wi-Fi footprint of the network,  but the performance penalty simply isn't worth it IMHO.  The "WAP" feature gives me the advantages of the Range Extender,  (ie expand coverage area),  but does so without a significant slowdown due to packet forwarding across a single interface.  The network bound traffic travels via the CAT5/CAT6 connection at 100Mbps,  leaving the Wi-Fi access on the Almond for my exclusive access to the network.   

When I'm at home I always access my other WAP's.  as they all use Gigabit switches,  but when I'm on "foreign" networks,  it allows my Laptop to connect to my Almond using it's preshared WPA2/AES credentials.  My Almond is the perfect "Travel WAP".  I find it curious that this feature works,  and works really well,  but that is not presently documented in the so-called User Manual/Quick Start Guide

The Almond WAP feature is really quite unique to Almond,  (with it's DHCP "client"  support on the uplink port), yet it is poorly documented,  yet perfectly functional in ways other products simply don't support.   

I initially expected that my acquisition of the upcoming Almond+ product,  would retire my trusty Almond,   so that I can use the new features of the Almond+,  but my experiences so far demonstrate that I will continue to use both Securifi products.  My Almond+ will likely perform duty as my main Router,  and I am likely to support many of the OpenWRT features such a setting up OpenVPN tunnels etc.  This however will *not* cause me to "retire" my trusty Almond,  as it will continue to live on as my preferred "Travel WAP

I hope everyone's experiences with their Almonds have been as positive as mine.  Please share your Almond experiences in this subforum.  Sharing experiences,  and helping eachother is the very purpose of Community Forums,   and as Securifi seems determined to maintain a presence in these Forums,  your feedback within these Forums will help Securifi to continue to improve their products.   

Please feel free to reply to this message if you have any questions.  If been playing with Routers,  both homemade,  and commercial routers since 1991,  and I am happy to share my expertize with the Securifi Community.  I am particularly interested in remote access to networks,  and am happy to help others. 
Patrick Wilson
Victoria, BC Canada

Offline obscurus

  • Kickstarter Developer
  • *
  • Posts: 20
  • Thanks: 0
  • Registered : 25/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #1 on: July 31, 2013, 03:45:14 am »
Hi Patrick,

thanks for your insights with your Almond!
I must admit, that I don't own one, but I was astonished to learn about it's fabulous amazon ranking!

Regarding security issues I'd like to ask your experiences with the WPA2 mode. Does it work properly and without fallback to WPA?
I often experienced that it was harder to set up WPA2 connections than those using more insecure standards like WPA or even WEP. Although, wasn't WPA based on the (by now very insecure) WEP? And therefore probably not any more the standard to use?

Would it make sense to allow a (more) insecure setting like WPA if WPA2 works properly and without limitations in comparison?
It's probably a little bit picky, but while attached to the network (in this example), the weaker option would "lower security". OK it's time limited and the old "security through obscurity" comes into play... ;)
The same applies for your password... ;)

However nice feature allowing "DHCP uplink" and bridging to another network range wirelessly!

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #2 on: July 31, 2013, 05:47:28 am »

Regarding security issues I'd like to ask your experiences with the WPA2 mode. Does it work properly and without fallback to WPA?
I often experienced that it was harder to set up WPA2 connections than those using more insecure standards like WPA or even WEP. Although, wasn't WPA based on the (by now very insecure) WEP? And therefore probably not any more the standard to use?

I use WPA2/AES exclusively.  No issues with fallback to WPA,  I have it setup for WPA2,  and that is all it responds to. 

Quote from: obscurus
Would it make sense to allow a (more) insecure setting like WPA if WPA2 works properly and without limitations in comparison?


I wouldn't know I'm afraid.  I insist on WPA2 on my network. 

Quote from: obscurus
It's probably a little bit picky, but while attached to the network (in this example), the weaker option would "lower security". OK it's time limited and the old "security through obscurity" comes into play... ;)
The same applies for your password... ;)

"Security by Obscurity" is a fantasy.  I never attempt it.  8)

Quote from: obscurus
However nice feature allowing "DHCP uplink" and bridging to another network range wirelessly!

It is a very nice feature,  and seemingly a feature unique to Almond.  Even my DD-WRT router doesn't support this by default,  although it is easy to do under DD-WRT (with a startup script).  Securifi's Almond product is the only Router I have ever encountered that supports this functionality "out of the box".  It truly makes it easy to use,  and thanks to the "Touchscreen" interface,  I can easily determine the IP address of the Almond,  even when it is on a "foreign" network,  so it is easy to "tweak" settings as needed.   

This makes this the perfect "Travel WAP",  as I can leave my Wi-Fi credentials "pre-configured" on both my Laptop and my Almond,  and it allows me to connect via Wi-Fi to any network I can "plug" my Almond into.  I am very enthusiastic to start playing with the Almond+,  and I do intend to use my Almond+ as my "main" Router,  but my old Almond will never collect much dust,  even after I get my Almond+,  as it is simply too useful as a "Travel WAP".   

I have been trying to encourage Securifi to better document this powerful feature,  and to start marketing the feature,  as Securifi's implementation is indeed quite unique.  It is absolutely idiot-proof to connect to other networks,  I simply "plug it in",  and then connect to it.  Nothing could be easier,  except connecting via Ethernet.   :P
« Last Edit: July 31, 2013, 05:52:00 am by Patrick Wilson »
Patrick Wilson
Victoria, BC Canada

Offline obscurus

  • Kickstarter Developer
  • *
  • Posts: 20
  • Thanks: 0
  • Registered : 25/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #3 on: July 31, 2013, 09:32:44 am »
I use WPA2/AES exclusively.  No issues with fallback to WPA,  I have it setup for WPA2,  and that is all it responds to. 

Your status screenshot probably (hopefully?) mislead me by telling "Security: WPAPSKWPA2PSK", i.e. allowing both set-ups including "weak" "fallback" WPA.

Did you ever try to connect your laptop to your Almond by WPA alone?

Quote
"Security by Obscurity" is a fantasy.  I never attempt it.
I meant by it sth like nobody knows you hanging around probably using "weaker" WPA to (mis)use you to get (temporary) access to the network. That's obscurity! ;) Same applies for space and time as someone probably doesn't need weaker encrypting thanks to your screenshot. But still that's obscurity. ;)
Many companies use this feature obscurity, espacially in closed source.
Previously we knew Skype VoIP was quite secure as nobody really knew security means implemented into this closed source software. But with the takeover by Microsoft we know by now they provide further access to some special organisations in your neighbouring country....

Anyhow, good feature anyway!
And it's a little bit curious to me that especially marketing guys don't take on important hints of important customers (like yourself) into the documentation/presentation of its products! It would be a very easy task...
But someday this will change! ...probably...

LGNilsson

  • Guest
Re: My favourite Almond feature: "Travel WAP"
« Reply #4 on: July 31, 2013, 10:10:24 am »
We know it's a great feature, it's just a bit hard to make it appealing to most home users, which is our main target market for the Almond.
It has some unique features that makes it appealing to techy users too, but they're not our main customers, as they simply look at the Almond and it's touch screen as a cheap gimmick.
Beyond that, the Almond's shape makes it a bit awkward to use as a travel router (or WAP), regardless of how easy it is to use.
But yes, we should be doing a bit more noise with regards to this feature and I've tried hard to get reviewers to look at it, but alas, so far none seems to have been all that interested.

Offline Patrick Wilson

  • Cashew
  • ****
  • Posts: 220
  • Thanks: 0
  • Registered : 21/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #5 on: July 31, 2013, 12:33:47 pm »
Your status screenshot probably (hopefully?) mislead me by telling "Security: WPAPSKWPA2PSK", i.e. allowing both set-ups including "weak" "fallback" WPA.


There are actually multiple issues with that screenshot!  My Almond was mis-configured.  Thank-you for pointing out my error.  While it is true that my Laptop is setup for WPA2-only,  my Almond was incorrectly setup to the default "WPAPSKWPA2PSK",  so yes it would have accepted a WPA connection in the configuration screen I provided.   

The other issue is that I really should have "blurred" the password.  (That password is not the one I actually use,  so no harm done,  but it is never a good idea to post passwords to Community Forums,  so I set a bad example by doing so.  I was merely being lazy). 

Quote
Did you ever try to connect your laptop to your Almond by WPA alone?
I meant by it sth like nobody knows you hanging around probably using "weaker" WPA to (mis)use you to get (temporary) access to the network. That's obscurity! ;) Same applies for space and time as someone probably doesn't need weaker encrypting thanks to your screenshot. But still that's obscurity. ;)

No I hadn't!    ::)

Thanks for pointing out my error.   (This is genuine thanks,  not sarcasm -  I messed up). 


Quote
Many companies use this feature obscurity, espacially in closed source.
Previously we knew Skype VoIP was quite secure as nobody really knew security means implemented into this closed source software. But with the takeover by Microsoft we know by now they provide further access to some special organisations in your neighbouring country....

This too is a good point.  I don't run Windows any more (I'm an Ubuntu user),  so I don't typically worry about Microsoft's security,  but I am a Skype user.  (Yes Microsoft actually has Linux software since acquiring Skype). 

Quote
Anyhow, good feature anyway!
And it's a little bit curious to me that especially marketing guys don't take on important hints of important customers (like yourself) into the documentation/presentation of its products! It would be a very easy task...
But someday this will change! ...probably...

I'll let Lars respond to this point.  He has apparently been trying to get "Product Review" sites to play with this feature,  but so far no takers.  I gather this feature will be better documented in future documentation. 

Despite the issues in my original message and screenshots I provided,  this is still my favourite feature of my Almond.   Using it as a Travel WAP,  is very useful for the type of consulting work I do.  Thanks for talking the time to point out my configuration issues.  I have already fixed my Almond configuration going forward (thanks again),  but I will leave my original screenshots in place,  so I don't change the "flow" of this message thread.

Hopefully this message thread can teach people more than I originally intended.   ;D

Hint to others:  It is never a good idea to publish "real" passwords in Community Forums,  including in screenshots.
Patrick Wilson
Victoria, BC Canada

LGNilsson

  • Guest
Re: My favourite Almond feature: "Travel WAP"
« Reply #6 on: July 31, 2013, 10:17:19 pm »
Just as a heads up, it's not a good idea to run a guest network when you're using your Almond in range extender mode, as it can cause problems with the NAT routing. As such, we only recommend using the guest network in Router or WAP mode. This isn't directly relate to this topic, but it's something worth keeping in mind.

More on topic, the semicolon [;] in the screenshot is a divider for the main and guest networks, although we don't have quite enough space on the screen to spell out the full text. The text before the semicolon is the encryption method applied on the main network and and as you might've guessed, the text after the semicolon indicates the encryption used on the guest network.
« Last Edit: August 01, 2013, 01:39:59 am by Lars »

Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #7 on: August 01, 2013, 06:44:11 pm »
This is a great thread and Patrick I am envious of your Almond use as a "Travel WAP" 

I do not have an Almond today.

I do recall my first use of the "pocket" combo router, switch, firewall and WAP that I purchased. 

Bored in my hotel room while traveling I browsed the network; to my surprise many users had left "on" their shares.  I did not have any shares enabled. 

The above said decided a bit later it would be advantageous to put something like a small router firewall between my laptop and the rest of the Hotel network wirelessly or wired using the wire or the wireless for my WAN connection. 

Sometimes still though even though the hotel has an internet connection I just prefer to tether my phone connection instead to the pocket router.

I like the ability to utilize a touch screen for the quick and easy mechanisms of connectivity.  Guess too I am used to using the fingers for navigation on small touch screens in general.  It really is faster than the laptop to browser with the connection thing.

Yup and today relating to "calling home" automation "stuff" doing a quickie SSH tunnel thingy with pocketed token (well virtual pocket) authentication tunneling;  works on just about anything these days.
« Last Edit: August 01, 2013, 06:47:53 pm by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

LGNilsson

  • Guest
Re: My favourite Almond feature: "Travel WAP"
« Reply #8 on: August 01, 2013, 09:56:02 pm »
With the Almond, we're testing out a new beta feature called Wireless WAN, it allows you to tether a phone or a MiFi type device to the Almond and then use the Almond to share it to more devices. Maybe not that useful if you're travelling, as you most likely don't have that many devices, but can be handy if you have a larger group of people that needs to share a 3G/4G data connection that's beyond the limit that your service provider allows on your specific device.
« Last Edit: August 01, 2013, 09:57:53 pm by Lars »

Offline pete

  • Moderator
  • *
  • Posts: 316
  • Thanks: 2
  • Registered : 22/07/2013
    YearsYearsYearsYearsYearsYearsYearsYearsYearsYearsYears
Re: My favourite Almond feature: "Travel WAP"
« Reply #9 on: August 02, 2013, 09:27:31 am »
That would be great Lars!

I currently utilize that methodology with a variety of different combo devices out there with USB (3G, 4G and tethering) playing with different ones; some small and some larger ones.

Recently I purchased a device which is utilized much for mobile "stuff" or emergency (dr stuff) and quick mobile setups to check out. 

The device (purchased two of them) is called a Nexus Hawk.  Purchased out of curiousity.

It is an older design and currently utilized for in the field or mobile emergency situations.  Difference is that it allows for 2 simultaneous 3/4G connections, network or wireless, load balancing and firewall and AP stuff. 
 
I will purchase an Almond today on Amazon.

« Last Edit: August 02, 2013, 09:32:53 am by pete »
[img width= height= alt=" width="250" height="52" class="bbc_img resized]http://forum.securifi.com/Themes/Firox_multicolor_by_SMFSimple/images/logo.png[/img]
Pete
Lockport, IL  USA

 

Page created in 0.064 seconds with 20 queries.

bottleneck