Hello. I'm in a bit of a pickle. I want to start my own radius server powered login Wi-Fi service for my local area. I live in a tall ton house in suburban London with lots of cellular and television signals and trees and buildings (that wouldn't block antennas and satellites on my roof). I've been searching around the Internet and would like to know how I can make my Wi-Fi (an access point powered from a power-over-ethernet setup) have a radius (not line of sight -- straight line signal) -- a round 'bubble' of Internet -- so I can provide as many people and houses with my Wi-Fi as possible (not just in one line).
I've found many hacks and mods online to make cheap long range Wi-Fi with old satellites, but not really anything for large radius Wi-Fi coverage (at least 700 metres). I have also looked at omni-directional antennas, which I think are for providing Wi-Fi in a radius way (not in a straight line), but I'm not sure how much I'd need to spend to get a decent range (a couple of streets away from my house, and the very maximum of 1 km away from me).
I was also concerned about an omni-directional antenna that could provide an excellent radius (one mile), but doesn't have a large height. By that, I mean a great signal at a certain height (the height of my house), which would obviously not be useful for clients with devices who want to connect at ground level.
I have also thought about just modding about 10 satellites and positioning them in a circle on a mast on the top of my house, but I'm also not sure if they would provide a consistent signal strength and how easily they would cope with getting to ground level (e.g., getting through the obstacles of trees and rooftops).
I would really appreciate it if somebody could tell me:
Last, but this isn't as important, how would I set up a radius login (via PayPal, etc.) as a captive portal when connecting to this network and what necessary firewall precautions would I need to take?
Thank you very much.
The FCC limits wifi transmit power to 1 watt so a single wifi radio will not offer enough coverage unless the noise floor is so low that wifi radios can be designed around using signals significantly weaker than -90
For a wide area coverage, what you will need is a mesh network which many 3rd party router firmware allow, only thing is that you will need people who are willing to use their own power to run the router.
for most WAN needs, a 802.11n based mesh network can offer more than enough speed, with minimal ping increase (e.g., users can still game) Only issue is that it will be hard to keep users from seeing each other on the network and potentially sniff traffic or hack other users.
Another issue (depending on which country you are in) will be legal issues, in most countries the account holder has liability for the traffic, so if someone else decides to use your network to do something insanely illegal like download child porn or something, then you may wake up in the middle of an FBI raid
if you need to use a radius server to authenticate, then things will get more complex since radius servers are not very user friendly and often require a valid CA from a company like verisign or digicert which are expensive and need to be regularly renewed at a cost. (while you can use your own certificate, it will cause many problems with many security applications since they do not like self signed certificates (generally means a phishing attack) (PS companies that use self signed certificates will often have each office computer altered to see the company as a valid authority (most people will not allow you to do that to their personal computers since it an edit that deep in the OS is one of the holy grails of phishing, you can make any fake site you want and not set off any red flags on most security applications)
If anything, you can just use MAC address filtering and WPA 2 AES (while mac address filtering adds no security, it will ensure that only one mac address is being used on only authorized systems are being used and if a user decided to give out the WPA key and their mac address then they will not be able to get online while the person they gave the info to is online.
Other than that, you are just setting basic QOS rules to make sure that someone torrenting does not bring the entire network to a crawl.
answered Feb 27 at 19:15
Here in the U.S. what you're planning is illegal. The FCC doesn't allow that at all as it has the potential to cause untold amounts of interference to other devices.
That said, you mentioned you were in the UK, now I don't live in the UK or have even the slightest grasp of any similar government organizations you may have. Best to look it up before hand because doing this could give you a lot of legal trouble.
answered Feb 27 at 17:16
ok so here is the thing:
First: you wrote a wall of text, and you talk about a RADIUS server and the wifi range, and because you don't separate them it is hard to know what you are talking about.
sure you can amplify the signal and get it to go a mile... no problem...
but wifi requires 2 way communication... so the end device needs to transmit it that far
you cannot use a RADIUS server and log in though paypal. a RADIUS server sets up encryption for the sesson, so they would need an account before they log in for the first time... you cannot use a RADIUS server to take you to a captive portal.
simply put, what you want to do, is not possible.
answered Feb 27 at 17:32