[ previous ] [ next ] [ threads ]
 From:  Jim Thompson <jim at netgate dot com>
 To:  David Kitchens <spider at webweaver dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Building to Building project
 Date:  Wed, 27 Apr 2005 08:41:02 -1000
David Kitchens wrote:

>Hey guys,
>I've got a project that I am needing to get an estimate worked up for and am
>hopeing to get a little feedback on the plan. A non-profit client has two 3
>story buildings about 200ft apart that need to be connected via wireless.
>They are looking to buy 17 new computers as well that will be spread out in
>the buildings. I've watched Socal Wireless setups quite a bit and I am
>thinking of putting two m0n0walls up for the building connections using the
>Socal plans. I have not had a chance to survey the buildings yet to know if
>the two main AP's would be able to connect to all the computers so I may
>need additional AP's on each floor. The project is in Kentucky and I am in
>Michigan, lol. I'm planning a move to there soon and my future partner is
>there and he can do the survey for me. I hope to be able to pull this off
>without running very much Cat5, we would get computers with wifi NIC's
>installed. All computers would need to communicate with each other on the
>same subnet or via VPN between buildings. We would like it to be as secure
>as possible and not open to public use. There will be one DSL connection
>coming into one side to feed the network. We hope to be able to get an
>estimate to them sometime next week. I know this is not a list item and any
>help would be appreciated off-list. I would document the entire setup and
>make it available to the list once complete, I think it could be a great
>tutorial for everyone! A reasonable reward could be made to a helpful soul
>that assists us in getting this completed. 
>Any takers?
No release of m0n0wall (indeed, no available release of freebsd, period) 
supports 'WDS'
which is required for transparent, layer2 bridging between two APs (such 
as the link
between your two buildings), so you'll need to 'route' at least that 
link, and on a separate
pair of radios.

Operating two 802.11 radios in close proximity in the same band is 
fraught with difficulty,
so you'll probably want to use, say, 802.11a for the link between the 
buildings.  With clear
LOS, going 200' shouldn't be much trouble.   Running VPN (pptp or ipsec) 
over this link won't
 be difficult, if you're using m0n0wall.   The only 802.11a cards that 
run on m0n0wall are based
on the Atheros chipset(s).   The Wistron CM-9 and Senao/EnGenius 5354MP 
are good choices here
or miniPCI form factor cards, but there are several PCI card available 
with the same chipset if
you want to run a more 'traditional' PC in each building.   A miniPCI 
card in a PCI-miniPCI carrier
is also an option.

Inside the buildings, you'll probably want to run 802.11b, unless your 
bandwidth needs declare
802.11g to be the required solution.

If you run 802.11b, and you want to run m0n0wall on your APs, then the 
"2511MP plus" miniPCI card, or "2511CD Plus EXT2" PCMCIA cards are your 
best bet.   Use
either of these with a pair of moderate gain omni antennas as a 'first 
pass' at covering the inside
of the buildings with 802.11.   These cards use the freebsd 'wi' driver.

Additional garden variety APs could be used in each building to cover 
any dead spots.

                                                ---------- ath0 --- 
antenna    <---- 802.11a link ---->  antenna --- ath0 ---------
                                                |   |------ wi0 --- 
antenna (2)                                  antenna (2) wi0 ---------- |
                                                |   |                  
bldg #1 wifi                                 bldg #2 wifi                  |
                                                |   | 
  DSL ----- Enet ----- eth10 ---  m0n0 --- eth1  --- bldg #1 
Ethernet         bldg #2  Ethernet -- eth0 --- m0n0

The building #N Ethernet could be connected to an Ethernet switch on 
each side, and additional 802.11
APs hung there.   You could also eliminate the 'wi0' interface in each 
location, and just use traditional APs.

If the between buildings wireless link can be located completely 
outdoors, you may be able to use 802.11g
or 802.11b for this link, as long as you keep the channel used inside 
well away from the channel used outside.

Using traditional APs inside both buildings and running the 
building-building link on 802.11b would eliminate
the need to run something newer than m0n0-1.2b3 on both sides.   
Personally, I like 1.2b7, but many people
think I'm wrong in the head.  

There are several companies that sell all the requisite gear to get this 
done.  One of them even ships m0n0wall
on some of its products.  :-)