Wireless APs in Homebrew Coffee Shops?

An anonymous reader writes "Having seen lots of complaints about the overpriced T-Mobile Wireless APs in Starbucks ($10/hr) got me thinking about setting up a wireless AP for the small, family-owned coffeeshop in my town under the tip jar model. I'm assuming ~$100 for the router, ~$500 for a PC to use to control quotas (to prevent over-zealous Kazaa users, block spammers and script kiddies and other would-be abusers) - but what software should I be using? Do enough people have 802.11a/g cards that it would be worth it to invest in that rather than an 802.11b router?" Has anyone considered making a Linux distribution for use by cybercafes, to handle wireless access and anything else such an outfit might need?

"Since this is a medium (50,000-ish) size town, and pretty much everyone in the coffee shop is a regular, would a tip jar model work? I'm figuring suggest a donation - what should I set that at?

Finally, keep in mind that the owner is not a geek - I'd be doing this when not studying (I'm a college student), so this would be set up over the summer, and most of the maintenance would be done on the weekends and/or via SSH.

Any other thoughts would be appreciated."

Check out Austin wireless

[yar]

http://www.austinwireless.net/cgi-bin/index.cgi
T hey've got several low-cost setups all around the Austin area.

wep key on receipt!

[realyendor]

Print the WEP key on the receipt, and change it daily.

Re:wep key on receipt!

[Golias]

Anybody wired enough to feel they need their laptop with them when they are drinking coffee at a mom & pop cafe is probably one of us geeks... at least, enough of one to know how to set a WEP key.

Re:wep key on receipt!

I would agree with you if the customers could benefit from the encryption, but since WEP doesn't support per-connection keys, they gain no security. A WEP key is (registration key kind of) long, so even if the customers know how to set it, it is an unnecessary burden. I'd hand out short simple one-time passwords with every beverage. Then redirect new/expired MAC addresses to a webpage where the customer enters the password (use HTTPS), upon which the webserver grants access for a limited time. This way you keep complete freeloaders and people who would make camels proud out. Don't use WEP, it creates a false sense of security.

Re:wep key on receipt!

[Perl-Pusher]

Just block the IP ports. You can block mail ports , kaaza etc. Hell block everything except http,https,ftp and DNS.That will stop anyone from abusing it, it can usually be setup in the wireless gateway/router.

I have a linksys system in my home that is working fine in that capacity, plus by putting the router in a location low only about 4-5 feet off the ground, you pretty much limit the working range to just inside your establishment. If you use 2 routers one wireless one not, you can block access to the companies computers to the wireless users again it can be done on the routers themselves, no extra PC needed.

Re:wep key on receipt!

Don't block UDP/500<->UDP/500 (ISAKMP), UDP/4500<->UDP/4500 (NAT-T), IP protocol 50 (ESP) and IP protocol 51 (AH). Same goes for TCP/1723 and IP protocol 47 (GRE). You don't want to keep out business people who need to access the company (IPSec/PPTP) VPN.

Re:wep key on receipt!

[Ryosen]

As stated below, modifying the WEP key is beyond a large percentage of users. A better approach would be to use your gateway box as a proxy server (which you would be doing anyway) and use a common logon id. Change the password for the account daily and print the day's user id and password on the receipt.

Users are much more familiar with this approach and it is no more complex (less actually) than the revolving WEP.

Re:wep key on receipt!

[Angst+Badger]

Hell block everything except http,https,ftp and DNS.

Great, so you can browse the web and transfer files to insecure sites. But then you can't send or receive mail, make secure file transfer (scp) or shell (ssh) connections, or use any kind of instant messaging client. In other words, if your idea of internet access is limited to passively absorbing web pages, you're covered, but if you were thinking of actually doing anything, it's useless.

If you want to avoid abuse of a tiny wireless network, what you're mostly going to be concerned about is bandwidth consumption. There are quite a few tools for controlling bandwidth consumption under Linux; check them out. If you aren't providing all available bandwidth to the first user who tries to hog it, neither Kazaa abusers or coffee-swilling part-time spammers are going to cause you much grief.

If you want to get a bit more fine-grained than that, there are a buttload of tools to help you monitor what your users are doing, and many of them are scriptable and can set off some kind of alarm if someone is behaving badly.

In any event, you'll offer a much better service if you block only those things which you want to always avoid from the outset, and install tools to help you detect and interrupt the occasional abuse of otherwise innocuous services.

I think your estimates are way too high

[IronTek]

You can get 802.11b routers for 20 bucks AR now (and why bother with g if it's a tip-jar method).

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

With those kinds of prices, the coffee shop should go for it!

Re:I think your estimates are way too high

[Golias]

Or, for that matter, pick up a used X-Box for about $125 and use the 007 hack to load Linux on it. Then you don't have a PC tower taking up precious restaurant space, just a tiny game console tucked under the counter somewhere.

Re:I think your estimates are way too high

[tallman68]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Unless you want to put in 2 radios, but this is tip jar.

Re:I think your estimates are way too high

[Aardpig]

Further, it probably doesn't even require $500 for a PC capable enough to do the job...if you have any computer shows in your area, you could probably just pick up an old (but reasonably loaded) PIII box for ~$100-$150.

One caveat, however, which has bitten me on the ass before. Some wireless cards (esp. ones made by D-Link) are designed for use with PCI 2 compliant motherboards. Unfortunately, most Pentium III motherboards are based on PCI 1, and won't even "see" a PCI 2 card. Accordingly, before you shell out on a 802.11b PCI card, check that it will work in your "legacy" machine.

Re:I think your estimates are way too high

[djqed]

I don't even think the coffee shop would need to charge anything for it - no tip jar or anything. I go regularly to a cafe in my city (SF) which has free WiFi. The cafe is nearly always comfortably full - not impossible to get a table, but most seats are taken. Meanwhile, other cafes around town which charge for access or have no access at all are nearly empty during a weekday. I think the increased business from having the service would pay for itself in one or two days of extra sales. You could argue that WiFi encourages people to sit there for hours on 1 coffee, but personally if I'm there for a few hours or more I get a sandwich and a cookie in addition to my 2 drinks, which I would never pay for at this coffee shop otherwise.

Re:I think your estimates are way too high

[Lumpy]

you can do it with far less hardware.

802.11b is the absolute maximum you should go. it's silly to go higher when your Internet access is slower than 802.11b with 10 users on that same access point.

next you need a firewall, a P-1 166 will do it perfecly and handle twice the load that you will ever see ... this is a freebie most anywhere... no hard drive needed just get frasierwall or freesco single floppy firewall distros... you MUST firewall off your wireless from you and your internet... consider it more hostile than the internet ever could be.

now go to here and get their system that works great and will solve most all your worries.

Oh and be sure to survey your entire area to be sure there is good access in every sitting location but not much available outside your desired coverage area.

basically, if you already have a commercial T-1 or other business level internet access in your building you can get it installed and running for less than $200.00 in hardware and a couple of weekends of time.

Re:I think your estimates are way too high

[arth1]

Might as well stick with b, if a b/g radio sees a b signal, the speed drops for all. Unless you hard set it to "g-only" then you lose most of your "customers".

Modern 802.11g equipment, i.e. everything made or flashed after the standard was finalized, will support CTS. In a mixed b/g environment, this ensures that any device being cleared to send will be able to do so at its full speed.

What's more detrimental to speed is if someone talks on a 2.4GHz cordless phone or nukes something in the microwave.

Regards,
--
*Art

Building Wireless Community Networks

[aheath]

O'Reilly Associates has a book on this topic called Building Wireless Community Networks. The Second Editon was published last June. The ISBN is 0-596-00502-4.

I have not read the book, but I have looked at the table of contents and the index. The book looks to be a designed to answer many of the questions that you have asked. Hopefully someone on Slashdot has read the book and can tell you if it will help you in your effort to set up a wireless network at your local coffee shop.

use a FreeBSD Access Point

[Chuck+Bucket]

Get a WiFi card (I got a Netgear MA311 refurb from Fry's for 30$), an old PC, configure it running FreeBSD to serve as an access point for your wireless network. Here's a great HOWTO:

Configuring a FreeBSD Access Point for Your Wireless Network

CB

NoCatAuth is all you need

[specht]

See the Linux Journal article at http://www.linuxjournal.com/article.php?sid=6887

Re:NoCatAuth is all you need

[nehril]

a local coffeeshop does just this. they dont use WEP (useless overhead) and it's all 802.11b (why go for the lower range of a or g when you are only sharing a 1.5m DSL uplink anyway??). at the register they have a bunch of preprinted username/password cards you buy for $8 (they are obviously computer generated, each userid/password is unique). $8 buys you an hour, $20 buys you an all-day access card, and I think $30 buys you an all-month.

The first time you connect to any website you are redirected to a local webserver that prompts you for your name/pass. you key it in, and now your mac or ip is "authorized," and the rest of your connection is completely unrestricted. You cant do anything else until you login to their web server, and once you log in your ID is "used up."

pretty slick, since it requires zero geekness for whoever is at the register, they just sell cards like any other product. I'm pretty sure their backend is based on nocatauth

OpenBSD is your friend

[isa-kuruption]

Forget about making a Linux distro for this, everything you want to do is available within OpenBSD 3.4 and it's pf software. Basic packet filtering, NAT, user quotas and general bandwidth managment. OpenBSD 3.4 also comes with BIND9 and ISC's DHCP daemon for serving up IP addresses. Best of all, you can do it for the cost of a $100 PC you pick up at the local computer show (say a pentium pro or an earlier pentium II).

Re:router

[Rhys]

Figure it's all going through a 150kb uplink and you're worried about the wireless bandwidth?

Thoughts

[Some+guy+named+Chris]

First, if you don't pay more money per month for "resellable bandwidth", then you are in a legal gray area. Your generic office class DSL service is not resellable, so I'd avoid actually charging. You might be able to get away with a tip jar, but I'd forget about charging for the service.

Giving it away free also simplifies administration, and can be seen as an easy and cheap promotion to attract customers.

Secondly, with 802.11g routers costing $79, cost isn't much of an issue. This is a business expense, go ahead and pony up the $30 extra bucks for a decent piece of equipment.

Personal Telco Project of Portland Oregon

[tomwhore]

A lot of what your talking about has been deployed to over 20 buisness locations and a horde more home sites here in Portland Oregon by a group called the Personal Telco Project.

http://www.personaltelco.net

We use NoCat on linux based boxes and it covers most of what your looking to do. You can set up Auth or simply a Splash, you can do throttling, shaping and the like, you can set up local content areas for biz and community use.

Its amazing what older PCs and low cost APs can do. Most of the stuff is easy to install, the few rough spots, like NoCat, have been feild tested and methodologies have been crafted to make it easier to set and and maintain.

Come on over to the url posted above for more information or head to #ptp on irc.freenode.net and ask for more info.

OpenBSD, pf, ALTQ

[Beryllium+Sphere(tm)]

Traffic shaping is available by default and pretty easy to set up, and it runs well on cheap old hardware. You could invest a lot of effort hardening a Linux install to match what OpenBSD has by default.

There's provision for requiring authentication on wireless connections. Even with a tip jar model you may want that.

Keep WEP turned off (yes, you just heard that from a security consultant!). WEP doesn't match your security model 'cause it assumes everyone using the same key trusts each other. Since it doesn't do what you need, it's not worth the cost in inconveniencing the customers.

Turn the power down on the access point. No need to provide service to people across the street or down the block.

Go for cheap/reliable before speed...

[stienman]

I don't think the tip jar will pay for the setup, but I suspect customers may come and drink more coffee, so it'll be worthwhile even as a learning experience.

Go with 802.11b. Your internet connection isn't nearly fast enough to saturate 11Mb/s. Use an access point that goes to an ethernet card on the computer, which has another card that goes to the internet. If you want to run a wired or private network as well, hang a third card off the computer and make sure no one can go from the public network to the private one, only to the internet.

Then go wild with the linux. Be aware that the more programs you run, the more vulnerable you are to attacks. You'll be ssh'ing in every month to update the software if you use any new software that hasn't undergone the rigors of years of public internet testing.

Alternately, use an AP/Router combination. Make sure you don't skimp. Many have ability to block ports, limit usage, etc. You won't be able to prevent spammers as easily, but your ISP will tell you if that' becoming an issue. If so, put in a box later.

-Adam

Re:No PC

[Graff]

If anybody is hogging bandwidth, you can just tap them on the shoulder and tell them to knock it off.

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

My Advice: Keep it Simple

[iiioxx]

The way I see it, you should just forget about WEP keys, filtering, tip jars, and all of that crap. You are in the coffee shop business, not the cybercafe business.

Here's what I think you should do:
1) Get the cheapest DSL connection you can find in your area.
2) Buy as few low-end 802.11b AP's as it takes to provide coverage to your shop and store front (assuming you have tables out front or something).
3) Configure the AP's for public access, and use your shop's name for your SSID.

This will provide a decent level of Internet service for your customers with the minimum of maintenance and effort on your part. Most importantly, it will let you focus on your core business, which is coffee and sundries. Think of the Internet service purely as an amenity, like piped-in music or a TV in the corner, and treat it as a cost of doing business, not a profit center. Don't worry about how good the Internet service is, just concentrate on the coffee. Most people won't complain (loudly, anyway) about the quality of an amenity they are getting for free. Just set the appropriate expectations. The key phrase is... "best effort".

This will accomplish the real objective: bringing people into your store to buy your product, and keeping them there as long as possible (because hopefully, the longer they stay, the more product they buy), while at the same time minimizing your cost and overhead of providing the amenity.

Horsecrap

[doc_traig]

My wife saw the ads (targeted toward your average laptop-toter, it seemed) for wireless access at Starbucks, so, deciding it might be a nice break to work from there instead of the house, she went only to change her mind when she discovered the price. My point is that if she was handed a receipt and told "Here's your change and your WEP key", she would have said, "Uh... what?"

College Students

[RabidChipmunk]

This is no longer true. I went to a comedy show at a local coffee house and there were at least six "stylish" females there with laptops. [No males with computers.] They weren't there for the show. They were there to write papers and socialize while they did it.

Re:College Students

[Mantorp]

where is this place? sounds too good to be true

some ideas

[r]

first off, long term maintenance will be a problem. once you move on to a better job, the owners will have to deal with the networking themselves. so build them a system that's hands-off (ie. doesn't need patches :), or that then can administer themselves.

i'd stay away from deploying your own linux-pc-based solution for as long as you can. a hardware box that includes all functionality would clearly be best, even if slightly more expensive. eg. a wireless router with bandwidth management. something that, once set up, remains easy to use. unfortunately i don't know of any specific models that would do exactly what you want. you could always talk to the manager of some starbucks, or borders bookstore, and ask them what they use. :)

second, i like the idea of not going with the subscription model. my local coffeehouse just deployed wifi (using facefive), and when they did a test run for free, it caused quite a stir - a lot of people were coming in for the internet, and i think buying more. then they switched to the subscription model (only barely cheaper than starbucks), and it stopped. :(

and while anecdotal evidence proves nothing, i just mean to say that a tip-jar model, even if it doesn't bring explicit income to cover wifi costs, should cause increased traffic, especially from students. this should translate to higher sales, and most likely also longer table occupancy. you should do a test run for three months, and see whether it pays off.

and when you do that, please post the results! :)

Best ones are free

[rblancarte]

I go to one of these places listed (JPs Java House) - they have free unlimited 802.11b access for anyone. Very nice.

Overall, I think that your idea is great. I think you are making a bit more complex than it needs to be. If you want to have quotas that is fine, but why not just put up a 802.11g router (they are cheap) and allow open access. If you want to make sure that people buy stuff to get access - they do what another post says - WEP key on reciept, changed daily (sure, not hard to get around, but more of an honor system). And sure - put up a tip jar - clearly labeled with something like "FOR THE SUPPORT OF OPEN INTERNET ACCESS" or something like that. Heck, with this setup, you could be ready to go tomorrow (not next summer).

I say just go simple. If you make access easy and pretty much open - people will come in just for that. Especially in a college campus area - simple and pretty much unlimited will probably draw a solid crowd.

RonB

Re:Best ones are free

[Nykon]

A tip jar model might not hurt but I wouldnt not count that into your cost/earning budget. The first step would be to just get an 802.11b AP in, and and wait to see if people use it before you add a PC into the mix, unless you can just build or buy an older one for $100. As many failed Wifi providers have found is that people do not want to pay $10 /hr to use it, or pay at all. The best model is to offer the wifi for free. You then ask "how do you make back your money?". With in this model, you offer the wifi for free, which means more people will come to use it, and the people already using it will stay longer. As customers stay they are likely to buy food or more drinks.

Re: block IP ports

[RT+Alec]

This is exactly the approach I took when setting up a similar hotspot. I published some of the technical details here. We use mostly Netgear wireless routers, and a FreeBSD box for the core firewall/gateway.

Re:No PC

[mike260]

Except when the hog is a neighbor who has discovered the free access and is running a Kazaa file sharing client or doing some other high-bandwidth use activity. Remember, this is wireless - the person using the bandwidth might not always be visible to you.

It should be pretty easy to spot this kind of thing...keep an eye out for out-of-hours connections to the wireless access point and block their MAC address.

Provide 802.11 but no AC outlets

[Bretski]

That's a trick a local coffee shop uses here. Free network so you'll stay an hour or two, but you can't charge your laptop to stay longer than that!

OP: Here is a fun tip -

[Glonoinha]

Whatever else you do, change the default password on the router.

Friendliness vs. Paranoia - the More Coffee Model

[billstewart]

The business model for coffee-shop wireless isn't the tip jar - it's the $3 latte, and the extra coffee people drink while they're hanging around using it, and the extra pastries. That's also why you've got the newspapers, the comfy chairs, the shelf of Really Bad Science Fiction books, the chess set. If you've also got a PC in the corner for people who didn't bring their lap top, maybe charge for using that.

WEP isn't necessary for your customers - the main reason coffee-shops use it is to restrict access to paying customers, and you're not doing that - you're selling them friendliness and coffee and chair space and pastries that aren't too sticky to eat next to a computer. If you've got an issue with one of your neighbors sucking down bandwidth, that's different, of course, but setting WEP is an obstacle for users, especially if they've got their own WEP settings for their home or office.

Security and quotas are less necessary than you'd expect, as long as your DSL ISP is good. Start open, and maybe monitor usage and see what problems you get, rather than starting locked down tight, i.e. use your router's security features rather than buying a PC to start with, unless you also want to have the PC for customers who don't bring laptops. (And if your ISP is the uptight, policy-heavy types, running free or especially paid wireless in your store probably violates their policies, plus they're probably already restricting SMTP.) For consumer DSL ISPs, I'm quite happy with sonic.net, Speakeasy's also good and has nationwide coverage, and ever Earthlink's not too bad. Business DSL providers will charge a bit more, and tend to have flexible policies. Cable Modems are a much better match technically, but are run by terminally clueless paranoids who don't understand their business models, so you can't use them except maybe with a higher-priced business-class service.

You're unlikely to have much problem with spammers - geeks hate them, and have fun imagining scenarios like drive-by spammers, but in a small town, it's more of a know-your-customer thing. If you're in a college town, or get lots of high-school kids, you may need to worry more about crackers using your system. On the other hand, you need to leave things open for gamers, and the problem there is making sure the high-school kids keep buying enough drinks to make up for chair space. KaZaa's not really much of a problem, as long as your ISP doesn't ban it, because users are transient enough that they won't be doing much uploading, just leeching.