Apple Wireless Network

11 08 2013

Apple AirPort Extreme is Apple’s router for Internet access. It’s directly connected to a modem and provides wired as well as wireless access for computers, mobile devices like an iPhone or an iPad, printers, and media devices.
Apple offers three different routers (Airport Express, AirPort Extreme, Time Capsule) which can be connected to either a DSL or a Cable modem.

A complete wireless network build with solely Apple products follows the the company’s strategy to provide users with a perfect experience regarding design, setup, and reducing features to those which are necessary. KISS is the motto.

KISS
KISS = Keep it simple, stupid
A design principle noted by the U.S. Navy in 1960 that states that most systems work best if they are kept simple. Unnecessary complexity should be avoided.
Variations of this phrase are:
Keep it simple sir, Keep it simple and straightforward, Keep it short and simple, Keep it simple or be stupid

The hardware …

See this mind map which summarizes all properties of Apple’s hardware for wireless networking with mobile devices. As you can see Apple built it’s own ecosystem where components perfectly work together.

Remark
The router hardware was replaced by new versions on June 10, 2013 on occasion of Apple’s WWDC.

Here are the main features of Apple’s routers summarized in a mind map.

20130603-090815.jpg

Feel free to download this map from my Box account.

The alternative file formats have been created with iThoughts HD for iPad (.ITMZ file format). Compatibility to other tools is limited.

Application File format
Adobe Reader PDF
iThoughts ITMZ
MindManager MMAP
XMind XMIND

Please visit

The Apple group on Biggerplate

to see and download all mind maps related to Apple.

This more realistic view shows the kernel with a modem and the router as well as some examples of wirelessly connected hardware components for interactive usage.

20130809-060731.jpg

The integration of all you need for a perfect user experience goes along with limitations when using non-Apple hardware. It’s Apple’s strategy to say NO to some features other vendors offer and to say YES to a seamless integration of its hardware with its custom-built software.

Professionals may argue that performance, configuration options, and price is not what should be expected. On the other hand the running system convinces users who see the technology as as a serving and not an experimental environment. So do I after many years with other configurations not following the motto ‘It just works’ or ‘Buy, connect, and use it’ for the tasks you want to use it for.

A complete configuration …

Follow these steps in the order specified.

Step 1 Connect the modem to the multimedia connector with a coaxial cable.

Modem
A modem (modulator-demodulator) is a device used to connect a computer or router to a telephone/cable line to allow the computer to connect to the Internet. It modulates a carrier signal to encode digital information, and also demodulates such a signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data.

Step 2 Connect the modem to the power supply.

Wait until the LEDs indicate a functioning connection to your ISP. It may take up to 30 min.

Step 3 Connect the APE to the modem with an Ethernet cable.

Ethernet cable
Ethernet cabling is standardized. If you go to a store you may find a variety of “categories” of cabling. These categories tell you the quality of the cabling. The quality determines, essentially, how much the cable can handle. Recommendation: Cat 6 – works for 10/100/1000Mb.

Step 4 Connect the APE to the power supply.

Here we go.
The configuration with any iOS device and the helper apps Settings and AirPort Utility starts.

Open Settings on your iPhone or iPad and tap on WiFi.
The APE already is sending signals so that your device suggests the set up of a WiFi network.

20130220-181647.jpg

Tap on the right-pointing arrow to set up an AirPort basestation.
Enter a name for your network and set a password. Other users like your neighbors, if not too far away, will see this name as an additional WiFi network. Use a strong password for joining this network.

20130220-182613.jpg

Tap on Next and that’s all.
Your new WiFi network will connect all your devices with the internet after entering the password you set for your network.

20130220-185605.jpg

The utility app …

For controlling the network Apple offers an app called ‘Airport Utility’ which is available for iOS devices, Macs, and Windows PCs.
The slideshow shows the usage of this app when configuring a wireless network with an Airport Extreme router connected to a cable modem.

The most important configuration options can be controlled with the app for iOS devices. For some less important options like adjusting the signal strength Airport Utility for computers must be used.

The benefits …

Apple’s ZEROCONF technique minimizes your efforts to install a usable internet access.

Zero configuration networking (zeroconf)
is a set of techniques that automatically creates a usable Internet Protocol (IP) network without manual operator intervention or special configuration servers.
Zero configuration networking allows devices such as computers and printers to connect to a network automatically. Without zeroconf, a network administrator must set up services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer’s network settings manually, which may be difficult and time-consuming.

Apple does not permit the AirPort Extreme to engage in channel bonding on the 2.4GHz frequency band. This is a very neighbor-friendly policy, because only three channels in this band—channels 1, 6, and 11—don’t overlap. A router engaging in 2.4GHz channel bonding can hog more than its share of bandwidth and will likely interfere with other 2.4GHz routers operating nearby.

The AirPort Utility also makes it very easy to update the router’s firmware. The AirPort Extreme is so much easier to set up than any other router of the many competitors.
The reason is that if you stay in Apple’s ecosystem you will benefit from all the efforts Apple did for an easy-to-use experience.

The performance on 802.11n standard transmission technique is high.
The APE is powerful even if thick walls hamper propagation of electromagnetic waves.

Interference …

In physics, interference is a phenomenon in which two waves superimpose to form a resultant wave of greater or lower amplitude. Interference usually refers to the interaction of waves that are correlated or coherent with each other, either because they come from the same source or because they have the same or nearly the same frequency like electromagnetic waves sent from WiFi networks.

20130603-194224.jpg

If you get problems with interference or the performance of your network is slow which may be caused by interference follow these guidelines:

Apple about potential sources of interference

Macworld, Troubleshooting Airport Interference

The Airport Utility …

Apple’s ZEROCONF technique minimizes your efforts to install a usable internet access.

Zero configuration networking (zeroconf)
is a set of techniques that automatically creates a usable Internet Protocol (IP) network without manual operator intervention or special configuration servers.
Zero configuration networking allows devices such as computers and printers to connect to a network automatically. Without zeroconf, a network administrator must set up services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer’s network settings manually, which may be difficult and time-consuming.

Look at the details to get a deeper understanding of what happened when configuring the network.
To see the details of your own WiFi network go to Settings – WiFi and tap on the right-pointing blue arrow of you network. Go to the bottom and tap on ‘Manage network’. This will open the Airport Utility. Airport Utility can be used to individualize the configuration.

Regarding to my blog Network (1) from April 20 you will now understand the configuration details set by the APE:

  • DHCP ON
    the APE acts as a DHCP server and assigns private IP addresses (10.0.1.x) to all devices joining the WiFi network after entering the password.
  • NAT ON
    the APE does the network address translation that means, NAT converts your private LAN IPs into a external WAN IP
  • Security
    the APE encrypts all WiFi network traffic with WPA2
    (Wi-Fi Protected Access II (WPA2) is a security communication protocol developed by the Wi-Fi Alliance to secure wireless computer networks)

This slideshow shows all settings displayed in Apple’s app AirPort Utility:

This slideshow requires JavaScript.

In addition to the automatic configuration I entered the following settings:

  • Reservations for IP addresses
    the APE reserves an IP address for all devices. Reservations are useful if you want that the DHCP feature of your APE assigns a fixed IP to your devices. Otherwise DHCP is free to assign any free IP address in the range 10.0.1.2 – 10.0.1.200 every time you join your network.
  • 5 GHz network
    The APE works in the 2.4 and 5 GHz frequency band. The iPad is able to connect on the 5 GHz band and I named this (second) network as ‘Apple Airport 5 GHz’.
    If you have interference problems with other WiFi networks you may vary the channel or move over to the 5 GHz network.
  • With the help of Airport Utility for PCs I additionally limited the signal power to 50% which is enough to get connected in all rooms and hampers other WiFi capable devices outside my home to detect my network.

The result is a working internet connection checked by the app Fing which is available at Apple’s App Store.

20130221-053306.jpg

The disadvantages …

The AirPort Extreme has only one USB 2.0 port, so it can share either a printer or a storage device over your network. This is in the line with Apple’s strategy that printers should be connected via AirPrint. I miss the support of USB 3.0.

Apple’s design decisions help its product blend into a home’s décor and so the old version of AirPort Extreme was designed to rest flat while the new version was redesigned in June 2013 due to an improved output power. It’s still an eyecatcher.

20130612-091620.jpg

Related links …

Airport Extreme Tec Specs

Airport Extreme User Guide

Airport Extreme Easy Setup

Setting up your wireless network

Cisco, 20 Myths of Wi-Fi Interference

Thanks for visiting my blog.
Wireless as well as wired connections are welcome.





VPN with iOS Devices (2)

13 06 2013

My first article about this topic explained the basics of a VPN connection between a device outside your local area network and a computer inside of it. All necessary settings for firewall and iOS device are explained in this article.

Step 1 Configuring the firewall

Many of the VPN tunnel configuration settings in the VPN client on iOS devices or Mac OS X are not configurable by the user.
So it is very important to exactly configure the settings on the firewall to match the settings required by the VPN client on the iOS device or MAC OS X.

In web-interface of the Watchguard XTM firewall go to VPN – Mobile VPN with ipSec and click Add.

After finishing the configuration of the Mobile User VPN Group users have to be configured in a next step. If you define a user don’t forget to assign him to the group (here ‘Apple’) at the bottom of the dialog.

20130405-220940.jpg

If you want to use a configuration file (.wgm) for mobile devices which can be generated via Watchguard UI, send this file via E-Mail to your mobile device. On the mobile device tap on the attachment and select ‘Watchguard’ from the apps menu of the ‘Open in’ command. This will open the Watchguard configuration app. This app is solely for creating a profile containing the right settings.

I recommend to configure the device manually because it’s easy and a download of Watchguard’s app from Apple’s App Store is not needed.

Step 2 Configuring an iPad or iPhone

Configure the profile directly on the device …

20130405-220251.jpg

App controlled installation …

Tapping on the WGM file attachment opens Watchguard’s iOS app and you can install the configuration as an unsigned profile.

20130405-220304.jpg

Step 3 Testing the connection via WiFi or 3G

To access a resource from outside the LAN via VPN go to Settings on your mobile device and activate VPN. After a successful connection a VPN icon is displayed in the status bar.

When connected your device will behave as if it is part of the LAN. So any app on your mobile device you use inside the LAN can also be used when connected via VPN.

But keep in mind: That’s only valid for accessing files.
What you cannot use are apps which require the device located in the same network.

Example:
Consider the app Printer Pro. You can print documents saved on the mobile device using a printer connected to a computer in your LAN. This won’t work when connected via VPN because apps on your computer do not send information about available printers to your mobile device. This happens only if you are a real, not a virtual member of the LAN.
The option ‘Open on my PC’ provided by the app ‘Fingerprint’ is available if the device is a real member and disabled if there is a virtual connection to the LAN.

20130407-123414.jpg

I myself use the app FileBrowser to access files on remote computers.

20130612-093657.jpg

Summary …

Using a VPN connection provides security.
The participating devices have to authenticate before a secure connection can be established.
All data will be strongly encrypted before transfer over the unsafe internet starts.
To connect you just have to set the VPN slider to ON.

Thanks for flying with http://iNotes4You.com.





VPN with iOS Devices (1)

11 06 2013

Think about masked figures walking on the Broadway.
They are using public roads but you cannot identify them and you don’t know what’s going on inside their brain.

That’s the idea of establishing a Virtual Private Network (VPN) where the data stream uses the public internet highways but cannot be read by anyone. Capsule encrypted information in an ordinary overcoat and decrypt it by using a mutually agreed foreign language.

20130405-210600.jpg

This image shows the requirements of a typical configuration for private or small business use.

  • Firewall
  • Mobile device
  • Free Dynamic DNS account
  • Computer in a LAN you want to have connect to

Apple’s OS X for Mac and iOS for iPhone, iPad, and iPod Touch include a native Cisco IPSec VPN client. You can use this client to make a secure IPSec VPN connection to a firewall and the devices behind it. To do this, you must configure VPN on your firewall device to match those on the iOS or Mac OS X device.

Following the KISS principle I want to describe how to connect an iOS device with the LAN using the integrated Cisco client.

KISS
KISS = Keep it simple, stupid
A design principle noted by the U.S. Navy in 1960 that states that most systems work best if they are kept simple. Unnecessary complexity should be avoided.
Variations of this phrase are:
Keep it simple sir, Keep it simple and straightforward, Keep it short and simple, Keep it simple or be stupid

Why VPN …

Using a VPN connection provides security.
The participating devices have to authenticate before a secure connection can be established. All data will be strongly encrypted before transfer over the unsafe internet Autobahn starts.

You may think that there are apps connecting you with your devices at home with nearly zero configuration e.g. TeamViewer. That’s true but these apps don’t allow simultaneous connections of more than one device. Others like VNC Server/Viewer allow concurrent connections but their free versions do not support encryption. Additionally the firewall has to be configured for Port Forwarding.

So the best practice is to use VPN without additional licensing costs and nearly the same expenditure of time for setting up the virtual private network.

The basics …

Refer to the following articles about basic terms and functionalities of networking:

Network (1) Addressing

Network (2) Apple Airport router

Network (3) Port Forwarding

Your Internet Service Provider (ISP) usually assigns varying IPs. This would prevent a suitable usage of VPN. If this would happen with addresses in real life a postman could not deliver your mail. However there is a simple and free solution by using Dynamic DNS services offered by No-Ip.com or other providers.

From a Dynamic DNS provider you will get a hostname, not an IP address. A device from outside your LAN first contacts the DDNS provider to evaluate your actual WAN IP address. Your mobile device can now locate your LAN in the internet and establish a connection.

It’s quit simple to get an account at No-Ip.
Sign in and you get an E-Mail with a confirmation link.
Fill out the form for Dynamic DNS and you get a hostname like ‘user.no-ip.org’.
This constant hostname will replace the varying WAN IP of your home/small business network.
How does No-Ip get your WAN IP? Well, you have to install the free No-Ip Dynamic Update Client on one of your computers inside the LAN. This client updates your changing IP at No-Ip’s servers. Don’t switch this computer off to ensure that No-Ip knows your WAN IP at any time.

The Watchguard Firewall XTM …

Watchguard Inc. is located in Seattle, USA.
The company I work for uses Watchguard products without any problems since many years.

The firewall serves as a gateway for the LAN managed by Windows 2008 servers. Colleagues must have a secure access to these resources.

A running VPN connection …

The following steps illustrate the principles of a VPN client-server interaction in simple terms found on Wikipedia. For IP addresses refer to the above shown graphics.

Assume a remote host with public IP address 1.2.3.4 wishes to connect to a server found inside a company network. The server has internal address 192.168.1.10 and is not reachable publicly. Before the client can reach this server, it needs to go through a VPN server / firewall device that has public IP address 5.6.7.8 and an internal address of 192.168.1.1. All data between the client and the server will need to be kept confidential, hence a secure VPN is used.

01 The VPN client connects to a VPN server via an external network interface.

02 The VPN server assigns an IP address to the VPN client from the VPN server’s subnet. The client gets internal IP address 192.168.1.50, for example, and creates a virtual network interface through which it will send encrypted packets to the other tunnel endpoint (the device at the other end of the tunnel). This interface also gets the address 192.168.1.50.

03 When the VPN client wishes to communicate with the company server, it prepares a packet addressed to 192.168.1.10, encrypts it and encapsulates it in an outer VPN packet, say an IPSec packet. This packet is then sent to the VPN server at IP address 5.6.7.8 over the public Internet. The inner packet is encrypted so that even if someone intercepts the packet over the Internet, they cannot get any information from it. They can see that the remote host is communicating with a server/firewall, but none of the contents of the communication. The inner encrypted packet has source address 192.168.1.50 and destination address 192.168.1.10. The outer packet has source address 1.2.3.4 and destination address 5.6.7.8.

04 When the packet reaches the VPN server from the Internet, the VPN server decapsulates the inner packet, decrypts it, finds the destination address to be 192.168.1.10, and forwards it to the intended server at 192.168.1.10.

05 After some time, the VPN server receives a reply packet from 192.168.1.10, intended for 192.168.1.50. The VPN server consults its routing table, and sees this packet is intended for a remote host that must go through VPN.

06 The VPN server encrypts this reply packet, encapsulates it in a VPN packet and sends it out over the Internet. The inner encrypted packet has source address 192.168.1.10 and destination address 192.168.1.50. The outer VPN packet has source address 5.6.7.8 and destination address 1.2.3.4.

07 The remote host receives the packet. The VPN client decapsulates the inner packet, decrypts it, and passes it to the appropriate software at upper layers.

Overall, it is as if the remote computer and the server are on the same 192.168.1.0/24 network or in other words as if you are sitting in the office. VPN extends a private network across the public internet. Data are shared as if they were an integral part of the private network.

Continue reading about VPN. My next article describes the configuration of the firewall and the iPad/iPhone.

Thanks for visiting http://iNotes4You.com.