Great Wifi on the cheap: Asus RT-N12 with DD-WRT for dual Wifi

If you have friends with gadgets, they're always asking for your WiFi, and if you're like me, you want to give them internet access but you don't (or you really shouldn't) want to give them access to your internal systems. You may also not want them to have full leeching power on your internet pipe either. That second part may not be as important to you, but you should at least consider it... :)

After being frustrated with the lousy quality of the ISP provided (especially the Westell variety) WiFi routers, I decided to give DD-WRT a try. My research pointed me in the direction of the Asus RT-N12 router since it's very well supported by DD-WRT and it's very cheap: less than $40 shipped from NewEgg.

My setup is probably more complex than most, but it still applies to the typical home setup:

• An internal system that serves internal DHCP, DNS, and external SSH/SOCKS proxy
• An ISP provided internet router with DHCP disabled.
• A WiFi-N Access Point (AP) on the A-band (5GHz)
• A WiFi-N AP on the B/G band (2.4GHz)

With the exception of the external SSH server and SOCKS proxy, a typical home setup using an ISP supplied WiFi router would play all of those roles, which is fine. In my case, what I want to do is replace the B/G 2.4 AP with the DD-WRT unit that would provide wireless access to the internal network on the B/G/N band, plus create a separate password-protected SSID for friends with a completely different IP range than the internal network, and with public DNS servers. The end effect being that devices connected to the "friend" band would have internet access, but would be able to access the internal systems. Also, the 'friend' access network would be capped at 1.5 Mbps (DSL speed), which is more than adequate for the usual e-mail, Facebook, etc. access. The other benefit of this is that I would not have to give my internal WiFi access password to anyone, and can change the 'friend' password at any time without having to re-do the internal systems.

Step 1: Install DD-WRT on the router


The DD-WRT wiki has plenty of information on how to do this, but essentially it comes down to:

1. Download the DD-WRT firmare for your router (I chose NEWD-k2.6-mini generic)
2. Download the tools from Asus
3. Set the router in recovery mode
4. Use the Asus recovery tool to install DD-WRT

Two important notes:
(1) - It is recommended that you use Internet explorer for the initial setup. I don't know why, but that's the recommendation.
(2) - Most internal home IP ranges start with either 192.168.0 or 192.168.1. If yours is the latter, you will need to make some (temporary) changes to your IP setup. The Asus router defaults to 192.168.0.1, so make sure the PC you are using to set up the router is set to a fixed address like 192.168.0.10. On a PC, the steps are pretty simple:

From the "Network and sharing center", select your LAN connection, then click on the Properties button:

then, select the IPV4 protocol and click on properties:

Change the settings from your default (probably this):

to look like this:

Click Ok until all the property windows are closed.
Now, connect your router and follow the wiki instructions to start it in recovery mode to you can install the DD-WRT firmware.

Step 2: Configure the Router for the internal network
Note: I like the concept of using the unit as an access point rather than a router, simply because I'm happy with my current router. These instructions are for an AP setup. If you rather use the unit as a router, then consult the wiki. The unit's mode (AP or router) is not important for the dual WiFi setup.


The first thing you need to do is set up a root password. the username is root, and pick your password. Then save the changes. Now, configure your IP address setup to match your default network. Click on the Setup tab and set the Wan connection type to disabled.

My network is 192.168.1 based, so I gave mine a high-enough number:

Also, make sure the gateway and local DNS points to your router's IP. Note: my local DNS is not my router. That is why they don't match in the picture.

Enable the DHCP server on the unit, but set it to have zero maximum DHCP users. On the server configuration, put any number you want for the start IP address, and set the static DNS entries to your router's IP address. You will probably need just one, unlike me. It is also important to enable dnsmasq for DNS and DHCP.

(Note: As of 2011-Sep-08 This "no dhcp" lease setup is not working 100% reliably for me. I will post an update when I find a way to resolve it)

Another important side note: If you plan to use this as your actual DHCP server, then do not use zero for the Maximum DHCP users box. 50 is probably more than adequate. In this scenario, I would select a start IP address of maybe 128.

Also, I strongly recommend you set up a time server:

The reason you need the DHCP server enabled (even though in my case it will not provide any addresses) is because you need a DHCP server set up for the 'friend' WiFi network. If the main DHCP server is not enabled, the secondary one will not work either. Click on the "Apply Settings" button, then the Save button.

A very important note: If you changed the IP settings to match your current network, you will need to reset your LAN setting back to the defaults (DHCP). Look at the first three pictures above.

Now, set up your private wireless network.

Select the Wireless tab at the top of the page. in the Basic Settings, set your wireless mode to AP. Give your internal WiFi network a name. I picked "PrivateWifi" for this example:

If your page does not show a virtual interface, click on the Add button, then give it a name "FriendWifi" for this example. Then (you guessed it) click on Apply settings and then on Save.

Now, secure your networks:

Go to the "Wireless Security" tab and select WPA2 Personal mixed, TKIP+AES, then your password. Repeat for the 'friend' network, but use a different password! :) Do the now familiar Apply + Save.

You should try to connect to your private WiFi network and make sure you can get out to the internet, etc. The public WiFi network is not yet ready to be tested. We will do that one later.

Step 3: Configure the Router for the "friend" network.

In order for this to work, the key portions needed are:

1. Create a network bridge and assign it to the virtual interface.
2. Give the bridged network a completely different IP network number than your internal network.
3. Enable DHCP for the bridged network with DNS settings that have no relation to your internal network
4. Set up a firewall rule so that the bridged network can actually get out to the internet (very important!)

Select the Setup tab, then select the "Networking" sub-tab. On the Bridging section, click on "add" to create Bridge 0. Set the IP address to something other than what you're using. For example I selected 192.168.10.1

Use 255.255.255.0 for a netmask. Now, assign the bridge to the virtual wireless (wl0.1):

On the Port setup section, enter the same IP address and netmask you used in the "Create Bridge section":

On the DHCP section, enable a DHCP server for the bridged network (br1):

The example above is configured to provide a max of 10 simultaneous IP addresses on the friend network, starting with IP address 192.168.10.50. You can tweak those numbers as needed. I haven't found myself needing more than 10 friends to connect at the same time, so that max was good for me. 

To setup the DNS on the friend network, pick a public DNS server, such as Google or OpenDNS. I picked Google. The DNS servers for my location are 8.8.8.8 and 8.8.4.4. Do a search for "Google dns" to find out what addresses are correct for you. Mine will work, but they may not be the best servers for your location.

To accomplish this, go to the "Services" tab to enable the DNSmasq service and feed it some parameters, like this:

Since you cannot cut and paste the text from the image, here it is:

interface=br1
dhcp-option=br1,6,8.8.8.8,8.8.4.4,4h


What that means is that the DHCP server is for the bridged lan (br1), with dns servers 8.8.8.8 and 8.8.4.4 and each IP has a max 4 hour lease time. Now, do the usual apply+save steps.

At this point, you should be able to connect to the friend network and verify that you get an IP address that starts with 192.168.10. (if you used my settings verbatim). If you click on the connection details, the DNS servers should be 8.8.8.8 and 8.8.4.4 (again, if you used my settings), and your gateway should be the IP address of the unit (the first thing you did after installing DD-WRT). Note that you will not be able to get out to the internet just yet.

There is one final step to do: the firewall. Since you need a custom rule to ensure the bridged traffic can get to the internet, you have to manually enter the rule.
Select the "Administration" tab, then the "Command sub-tab". In the command box, enter these two lines:

iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP 
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr` 

Then, click on "Run commands" to test that you can now access the internet. Once you're satisfied, click on "Save firewall". There are more complex examples in the wiki page. I think this setting is probably the most suitable for you. What the rules are doing is allowing the bridge traffic to flow through the physical (private) connection, and blocking any traffic from the public network going to the private network.

At this point, you can save your settings somewhere safe, and you're pretty much done. Congrats!

Step 4: Extra credit


This part is optional, but I would recommend it: Limit the amount of bandwidth the public network can use. The benefit of this is that while you're being a good friend by sharing your 'net pipe, you are also ensuring that your private systems have enough available bandwidth at all times.
In my scenario, I chose to cap the download speeds at DSL speed (1.5mbit). I have a FIOS connection, so that amount is a small percentage of my available speed. If you happen to have only a DSL line, then drop the value accordingly. I would make sure you cap the public network at no more than 50% of your available pipe.

If you're not sure how fast your 'net speed actually is, do a search for "internet speed test" or try www.speedtest.net. Use those numbers to determine the values you use for the uplink and downlink entries.

So, here is my setup:

On the Nat/QoS tab, select the QoS sub-tab. On the QoS settings, enable QoS for Lan & Wlan. Set up your uplink speed to (again) no more than 30% of what's available to you. Set up your downlink speed to no more than 50% of what you have.
Friends care primarily about e-mail, facebook, web, etc. None of those services require fast uplink speeds. 

On the "Netmask Priority" section, there should be two IP/mask entries: One is your private network, and the other is the friend network. If one or more of the entries are missing, add them using the entry fields and click on the "Add" button. Set your private network entry with an Exempt priority, and your public network with a Bulk priority.

As always, do the Apply+Save button combo.

I know it looks like a lot, but it is not. you can have the whole thing set up from unwrapping the unit to configuring it in less than 20 minutes. There are a few gotchas along the way, but I don't think it is too bad. My setup took longer because of my unorthodox setup, and because I wanted to have a fixed bandwith for the public network.

Enjoy!

Windows Phone 7: My first impression

I like the old windows mobile platform and I have very good hopes for the WP7 platform. I took the plunge and bought a Samsung focus. My first impressions are promising, but I feel MS took their mantra of a clean start way too close to heart and (to a point) left the early adopters out in the cold in some key areas.

I would not call myself a fan boy: I would not go to blows with anyone about their gadget decisions. I believe in the mantra of "do what works best for you". For me, it was windows mobile. I think just about every smartphone I had has been a WM device: From the clunky old Compaq/HP ipaq to the my current HTC tilt2 (and two other HTC devices in between). I have been pretty happy with them in the way I can control my information, and despite the slowness and the occasional lockup, they've been good to me.

None of the aforementioned devices translate well into the modern smartphone model, and as such, they can't compete, nor can they survive. So, I understand and welcome the MS move of defining a brand new paradigm for their mobile platform. I think they did a very good job on the rev 1.0 of the platform. The problem-for me at least-is that this new way of doing things requires me to give up a lot control in exchange for what seems to be very little, and I am not sure that I'm ready for that.

For some people, putting all of you information in the public cloud doesn't seem to be a concern. It is to me, and this is my one major peeve with the paradigm. I don't mind the live id connectivity concept. Works for the android platform, but even they have the ability to sync with Outlook! What I'd like is the ability to control (easily) what the device chooses to do with MY data. What I'd really like is the ability to not publish anything unless I want to. One example of this is a simple one: the "Me" aspect of the phone. If I attach a picture it gets published to my live account, and there's not a damn thing I can do to control that. Even with the account settings set to manually sync. My recourse is to log into the live account and get rid of the picture.

I may sound zealous, but I treat other people's information as very private, and since I would not like others to put my information in harm's way, I would like to return the favor. So for now, my only mitigation is to limit the amount of information I keep on the device.

There are plenty of articles on the 'net discussing the issues the platform and with the people hub concept in great detail. I won't cover them again. So far, the only mitigation for this is to use exchange. For a single individual, that's a bit of overkill! The icing on the cake, so-to-speak, are the many documented security problems with hotmail and windows live over the years. I simply cannot trust the platform to keep my stuff secure.

Here's another one: notes. The WP7 answer to notes is the OneNote app, which is very nice. The problem? there is no way for me to convert the many notes I have into OneNote versions! I'd have to suck it up and re-enter everything either on the device itself, or put the notes in the cloud and sync them that way. Again: asinine.

I'm a developer, so I'd be happy with the ability to cook up a solution for myself. Alas, I can't do that either because there no API to connect to, or to provide the service to the device. Similarly, there are no public developer APIs to access basic services like a TCP/IP stack (That's why services such as Skype are not available at the moment), and no native access provides a consistent development platform, but it also cripples the ability for us-the developer portion of early adopters-from producing the apps could mitigate the issues and bring the users to the platform. This can easily be solved, but it requires the cooperation of the MS crew to get there.

At this point, I want to love device, but I don't. I am not even sure if I'll use it on a day-to-day basis. I know they needed to get something out that covered a lot of people's needs, but I think there were serious holes in the initial implementation that are going to leave some bad impressions on the likes of us. Let's hope for their sake we make the minority.

Later,

The Aureole experience

Note: This is a very old post (last November) I never got around to publish.


The wine list was a bit of a letdown because I expected a better representation of varietals. It is mostly american, and while it is a very good american wine list, it is still too one-dimensional for me. I wanted a Beaune, and had to settle for a very good Oregon Drouhin. Still no Burgundy though...

The "spanish composition" tuna tartare with romesco was a great way to start the evening.

The main dish was a rack of lamb that was very tender and flavorful.

The wife's selection of monfish with pancetta was a good surprise. Better than expected.

We had the chocolate decandence dessert. pot de creme, chocolate molten cake, raspberry sorbet and a blueberry compote. Awesome and paired great with the wine.

While the place was nice, I don't see the attraction to return, given all the other choices that are now available in Vegas. Maybe with a group dinner, it might be more interesting, but I have other places to check out before I think about returning.

Later,

Friend's birthday dinner at CarneVino

We visited Mario Batali's steakhouse CarneVino to celebrate the 40th birthday of a friend, along with another couple. The locale at the (relatively) new Palazzo is both good and weird: the place is split between to sections in the lobby. The main section has the bar, and the second section seems like extra tables for (I presume) overflow.

We started with champagne drinks at the bar. The bar area looks impeccable with a great assortment of libations on display, including a very good array of grappa, along with a wall street sized bull sculpture. We chose the american Schramberg Rose. Everyone liked it.

We got seated quickly on the main dining rooms along the left side. The space is decorated in what seems like the typical steak house: Dark wood accents and private gentlemen's room curtains. The space has a very high ceilings that bring out that powerful "masculine" look of most steak houses. The center of the space was occupied by a country style table showcasing all the wines by glass. Our waiter seemed a bit hurried: we had to call him back to the table several times because he'd listen to just one person (as opposed to everyone), then take off. Overall, he was a nice guy, but we'd hoped he took a deep breath and slow down. :)

Our birthday man loves both Batali restaurants and italian wine, so he summoned the sommelier and chose two fantastic (but oh-so-pricey) bottles of wine: a super Tuscan along with an Amarone. Those are two very contrasting wines, but worked out great with our meal selections.

We selected Parpadelle with Porcini and truffle oil for a starter. The rest of the crew went with the capellini and white truffles. Everyone was very happy with the selection. The Parpadelle was rich and tender. The porcini mushrooms were actually fresh, and the flavor was perfect for the strength and intensity of the Amarone.

For dinner, I chose the veal osso bucco with a saffron risotto. My wife opted for the bone-in pork shop. The third couple went all out and selected the porterhouse for two and truffles. the birthday boy chose veal saltimbocca, and his wife made me proud when she selected the bone-in New York strip. Everyone shared bites with the others, so we all had a chance to sample the whole gamut.

My osso bucco was right on the money: tender and rich, with a beautiful lemony background taste provided by the parsley and peel topping on the bone. The risotto was orzo based and surprisingly creamier than I originally thought. The super Tuscan managed not to over-power the dish, which was nice. Out of the others, my two faves were the pork chop and the porterhouse. they were both rich, tender, and just awesome. We skipped dessert and opted for cappuccino. Perfect cap to the dinner.

On the service side of things, the supporting cast was impeccable, but (again), our waiter was not the most attentive. We had to tell him to clear stuff out a few times when it was obvious. At one time, he's struggling to find room on the table for glasses when there are empty cocktail and champagne glasses that need to be cleared off the table! Considering the price they're commanding, you would expect better service.

Then, the bill came: Everyone's jaw dropped just a bit. Even after factoring out the wine selection, the bill was a bit outrageous. Mind you: we are not easily "scared" by dinner bills on special occasions, but this felt a bit too much. This is the first time in the US where I felt like I paid for the chef's name rather than the food. Our birthday boy loves Mario Batali restaurants, but even he must have felt like he paid for a lot of things and not necessarily the food. I felt the same way when I went to Paris, and I made a point of not dining on may places I would have loved to try, but frankly, did not miss at all.

I suspect that at some point, people are going to realize that there are better restaurant deals in Vegas than this one. I could see myself returning to the bar for drinks, but I would look elsewhere for dinner.

Later,

On Wings

One of those things I enjoy very much is chicken wings. I prefer them fried, but baked works just as well. They are messy, but they have tons of flavor. Some believe they're too much hassle, but I honestly don't mind. I think the effort is worth the reward.

This past weekend, we decided to make wings with some Asian flavors. I was intrigued by a Tyler Florence recipe for curry honey butter baked wings that sounded delicious. I initially thought it was madras curry based, but the flavors didn't work as good. The red curry paste is definitely a better match. My only change was to use Agave nectar instead of honey. I also seasoned the wings with salt/pepper/garlic powder before tossing the mix and baking them.

For my own riff, I decided to borrow most of the  flavors of nuoc-cham, and made a sauce using garlic-chili paste, agave nectar, salt, and lime (no fish sauce). I used it as a tossing sauce with fried wings. The results were very good. A nice balance of the Asian sweet/salty/spicy/sour combination with the crispy wings. Highly recommended if you like those flavors!

For the sauce*:

1 teaspoon of Asian garlic chili sauce (I prefer Huy Fong: Amazon)
2-3 teaspoons of agave nectar (you can use honey, but probably use less)
1 teaspoon lime juice
Salt and pepper to taste

Combine the ingredients in a mixing bowl and set aside
Fry the  chicken wings in 350 degree oil for about 8 minutes (more if you like them really crispy) and drain on paper towels.

Toss the wings with the sauce to coat. Serve hot.

Notes:

I make the sauce to taste, meaning that I eye-ball the quantities. I start with the chili paste, add the sweet and taste as I go until I get the desired heat/sweet ratio I want. Once I get there, I add about a 1/2 tsp of lime and taste from there. Once I get the balance I like, I give it a pinch of salt and pepper, and adjust as needed.
The amounts I've  provided are approximate based on what I saw in the bowl.

If you use honey, warm it up a bit so it flows and blends better. Also, use less initial quantity since honey tends to be sweeter than agave nectar.


I hope you like them as much as I did.

Follow-up on transcoding HD-PVR .wtv files from Windows 7 MCE

After some more finagling, I finally found a setting that does the trick for me:

If you recall on the previous post, I mentioned that whenever I tried to transcode a .wtv file directly, the expression encoder GUI would not display an image preview. In addition to the lack of a preview (and thus, lack of editing), the resulting files would always have the sound out of sync.This led me in the direction of de-muxing the media using graphstudio, re-muxing into a .ts file, then using the .ts file as the source. This approach yielded bad results in expression studio. The resulting file would not have any sound, even though the imported .ts file would be detected as having a sound track, and it would play the sound track fine on VLC. The only workable setting I had was transcoding using handbrake. It did the job well, except that handbrake has no cutting capability.

I have Expression encoder 4 now set up to use the ffdshow decoders and the haali media splitter, and I disabled the AC3 filter. This conflagration proved to be the correct one for me. Not only can I see the video in the preview window, but I actually produce wmv files with WMA pro 5.1 channel surround! I'd say try installing MS Expression encoder 4, ffdshow and haali media splitter. That alone is probably enough to get the job done.

I must also mention that I wound up installing the HD-PVR bundled total media extreme during my testing, but no other filters or codecs show up on the expression encoder options, so I presume the installation has no effect in my success.

I still feel this approach is overkill for what I really want (rescale the video and mux into a different container), but it is a workable solution. I'll report if I find something better... :)

HD-PVR: Setting the cap quality under Windows MCE

I forgot to post this update a while back,

If the default quality settings are not to your liking, there's a way to change them, but you need GraphStudio or another DirectShow filter tool.

The easiest way to get to the correct spot is to use a .wtv file to load the filter graph. Then, right-click on the PVR module to get to the properties, and change it to the bitrate you want. Click OK to save, and that's it.