Author: Martin

I always find it interesting how public Wi-Fi hotspots deny access in some form or another for some services. The free public Wi-Fi hotspot at an Avia gas station in France I recently encountered gets the prize for the most innovative blocking I have seen so far. Encrypted POP3 and SMTP are blocked so no e-mail. On top, SSL VPNs are blocked so also no privacy here. The blocking is actually quite intricate when taking a closer look:

As I can use port 443 for https, which works, I was wondering how they could let https go through while the VPN is blocked. With Wireshark, I could determine that the TCP sync packet gets a response from the VPN server, so these packets pass their filter, while all further packets are discarded. So it looks like they don't only filter on a port basis but in addition do some deep packet inspection to determine if a TCP session establishment over port 443 contains certain SSL header elements for HTTPS. Hm, time for a HTTPS emulation for my VPN then…

Most of the time I use a 3G stick when out and about to connect to the Internet. It's just very convenient, you plug it in, hit the connect button and that's it. But there are also occasions when a Wi-Fi hotspot has its advantages if it wasn't for the manual login process and the manual activation of a VPN for privacy and security afterwards. In the past I've found some good advice on the net on how to automate the hotspot login for T-Mobile hotspots in Germany via a bookmark in the browser. That works great but there are still two manual tasks to be done before the connection is in place. So I recently decided to automate the procedure on my netbook running Ubuntu. Here's how it works:

Once Ubuntu has detected the T-Mobile hotspot and has automatically attached, I execute a bash script that does the following:

First it performs a login into the hotspot system so I get internet access. The link above shows how that is done with a bookmark in the browser. In effect, the login is performed with a HTTPS request that contains the username and password (original tip from here). In a script the HTTPS request can be sent with the following command:

wget –output-document=/dev/null "https://hotspot.t-mobile.net/wlan/index.do?username=USERNAME@t-mobile.de&password=PASSWORD&strHinweis=Zahlungsbedingungen&strAGB=AGB"

The wget command sends the request and receives the result page from the login server which is discarded to the NULL device because I don't really care about it. Next I start OpenVPN to connect to a Witopia VPN gateway:

cd /path/openvpn
sudo /usr/sbin/openvpn –config myvpnscript.ovpn &

Note that the Witopia ovpn files contain a line at the end that the openvpn executable above can't interpret and hence stops execution with an error. Just comment it out and you are good. And now comes the tricky part: Unfortunately, openvpn does not change the DNS server entry. So once the tunnel is established the OS can't resolve names to IP addresses anymore. To counter this I start openvpn in the background (&) and the script continues. I let openvpn do its initialization by waiting 5 seconds and then change the DNS server configuration with the following commands:

sleep 5
sudo cp /path/scripts/resolv.conf /etc/resolv.conf

The resolv.conf in the script's directory contains an original resove.conf from /etc in which I have put the DNS server used by Witopia which is reachable through the VPN tunnel. A bit of a kludge but it works. If you know how to do this in a more elegant way, let me know.

After that, the tunnel is established and I halt the script with the read command to wait for user input. This way, I can tear down the VPN tunnel once it is no longer needed. After the user presses a key, the openvpn tunnel is torn down. One could now also restore the original DNS entry but its not really necessary as Witopia's DNS server is reachable over the public Internet as well. 

read nothing
sudo killall -9 openvpn

There we go, not quite straight forward to come up with but once the script is in place it works like a charm. As with everything there are of course also disadvantages:

• The network icon in the taskbar doesn't show that the VPN tunnel is established like it would if you active the VPN tunnel via the Gnome menu.
• The script requires you to type in the root password as activating the tunnel device for the VPN link requires elevated rights.

Any idea what is happening with Bluetooth out there these days? The Bluetooth SIG keeps including ever more features in the Bluetooth specification, now at version 4.0 with Ultra Low Power enhancements. However, there are few if any products on the market these days that even only implement the security enhancements introduced back in 2007 with version 2.1 of the specification!?

Nokia and Samsung seem to include Bluetooth 3.0 in the feature set of their latest phones but they don't go into the details of what that actually measns!? Is it the Wi-Fi transport layer for fast Bluetooth transmissions that was introduced with version 3.0 or just some minor improvements over the 2.1 standard? Bluetooth is used a lot today for wireless headphones, wireless keyboards, etc. but I don't see it in new applications, at least not when it comes to mass market adoption. So I wonder if the technology has reached a plateau from which it is going to be difficult to escape? As always, your thoughts are welcome.

One and a half years ago, I was very impressed with download speeds of 5.76 MBit/s as measured by a German computer magazine in life networks. These days I have upgraded by equipment a bit and now have a stick that outpaces this value by far. At home, without any special setup, no external antenna, just the plain basic setup, I now get downlink speeds in excess of 11 MBit/s over HSPA. Have a look at the picture on the left where the speed shown as 1.4 MByte/s (around 11 MBit/s). Also interesting how stable the curve is with only small variations, i.e. no wild oscillations, etc. Very impressive and surely not the end point in the race for every faster and better wireless networks.

Another cross company meeting observation today: It's good to see how choice works when the network doesn't. When In a recent meeting the Wi-Fi connectivity for the participants acted up, about half the participants just got our their 3G USB sticks and used the various 3G macro networks to get back online. Probably inexpensive for the local residents, a bit more expensive for the foreign participants. Shame on the Wi-Fi network not working as it should, but then, if the meeting is not underground there is a now a good alternative when you have a local 3G SIM or can afford the roaming charges.

Every now and then I see something that reminds me in an impressive way of how quickly the mobile industry is changing. Not too long ago, even electronic stores sold mobile phones (the word 'phone' used intentionally here) in a way where you would have to ask an assistant to give you the box of a phone you wanted to buy out of a locked shelf. Usually the store had a couple or a few dozen of each model in stock. These days are over. Take a look at the picture on the right (click on it to enlarge). Low end phones are sold from the rummage table now. Just take a box for 29 euros and stick in a SIM card of your choice inside. Even higher priced touch phones up to about 110 Euros were sold in the store this way. Incredible, I think the word 'mass market' is not quite adequate anymore to describe how pervasive mobile communication has become in everyday life now.

Here's an interesting link to a report on Light Reading on how AT&T sees their backhaul networks for fixed and wireless networks combining and evolving as we head into the future. Perfect opportunities for converged fixed/wireless network operators to reduce cost while at the same time increasing available bandwidth. An interesting and multi-faceted read.

As some of you might remember I am running Ubuntu on my netbook (see here, here and here). One of the few disadvantages is that natively, only few 3G sticks were supported in Ubuntu 9.04 Jaunty, which I installed last year. Only one of four USB sticks I tried was supported at the time. But now with Ubuntu 10.04 Lucid, all those four sticks I tried (three from Huawei, one from ZTE) are supported without any additional drivers. Also, the PIN entry works flawlessly now so it looks like in the past 12 months, they've quite done some work on their wireless broadband implementation. Well done, thanks!

In most countries around the world there is only one or at most two 3G bands in use. In Europe, Africa and Asia, 2100 MHz is the prime band (not counting China) and a few countries such as France and Finland also use the 900 MHz band for 3G. But there is also regions where 3G is used in three bands: In North America it is 850, 1900 MHz and 1700/2100 MHz. And in Australia it is 850, 900 and 2100 MHz. Any country you can think of in which more than 3 frequencies are used for UMTS?