Recently I was asked to configure a WiFi access point for a small business, who needed to have both a private internal network, and a public guest network.
There are many privacy concerns when having guests share your network. Specifically, it is desirable to:
- Disallow access to any computers on the private network
- Prevent network abuse (such as P2P file sharing)
- Secure the access point itself from tampering or unauthorized access
Of course, all this needs to be done without impacting the desired service: Internet access.
Although I found many guides online for setting up a guest network when the access point was also the primary router, I didn’t find any that worked for the intended network. So, after some trial, error, and research, I managed to get it to work.
This has been a long time coming. To summarize, Bell Aliant’s FibreOP Internet service includes a wireless router that has proprietary, limited firmware. It tends to suffer from latency and WiFi issues. So, I sought to replace it with my own wireless router! I ended up first building an overpowered but very functional pfSense Linux Firewall/Router.
Despite my monstrous UPS, I was not happy with the 1 hour run-time. The whole reason for the pfSense router was that FibreOP “hides” its Internet on a VLAN, which means a standard, consumer router will not be able to access the Internet. And from some forum posts I had read, it seemed DD-WRT was also incapable of it.
Finally, today, I pushed through and realized it takes only 4 simple steps to connect a DD-WRT router directly to the FibreOP modem.
Atlantic Canada is very fortunate to have access to Bell Aliant FibreOP Internet. It is a legitimate Fibre-to-the-Home (FTTH) service, in the same price range as cable and DSL offerings. Speeds start at 50/30 (download/upload in Mbps) for $70/month without any promotions.
As great as the Internet itself is, the wireless router they include is the bottleneck. It is an Actiontec R1000H. Our biggest headaches with it were low WiFi throughput and frequent WiFi drop, but the interface was a little lacking in advanced features.
The logical solution is to use another router. Unfortunately, Bell has configured the service in a way that simply swapping in a new router will not work at all!
Through some research and my own trial and error, I was able to install pfSense to a spare computer, and take control of my Internet.
Disclaimer: Do not follow these steps if you have Bell’s IPTV service, as it will no longer work. There are other sites that describe how to keep those services working, but mine does not. As well, though there should be no impact, I advise against doing this if you have FiberOP Home Phone and rely on it for emergency communications.
This is not an easy task. It requires a very good understanding of computer networking, basic understanding of Linux networking terminology, and availability of network equipment (switches, wireless access points, cables, NICs). Chances are you found this page because you meet some of that description. Just know that if it isn’t working out, you can plug in the Actiontec and pretend it never happened.