[oS-en] [OT] Double band WiFi and IoT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have classified the post as OT because it is not about Linux, but the consequences of doing what these IoT tell us to do affect our Linux machines. Excuse possible spelling errors, aspell crashes (locks in black, actually). Long ago I got a router that has the 2.4 Ghz band and the new 5 Ghzx band. The ISP had it configured with two similar but different SSID. Here someone recomended to change to the same SSID and leave it to automatics to choose which band to use. He was right, laptops and phones are happy. Then a few months ago I had installed a remote controller for a water heating system for a house, from Daunier Duval. The technician, when setting up the internet connection for the device, which is done from the phone app, not from a setup menu on the gadget, said that the double band WiFi I had was not compatible, that I had to separate them. OR, we can use the guest band, that typically is separate. We did that and it worked. Yesterday I was setting up a weather station (<https://www.amazon.co.uk/gp/product/B0DDTG79J2/>). The setting up is done in the phone. You have to download an app, register, and follow the instructions. When it reached the WiFi part, it complained that the phone was on the 5 Ghz band, and the gadget is 2.4 only. The instructions warned that double band is not compatible, and that possibly I'd have to separate the bands. I sat there, puzzled, for a while. I thought about setting up the guest band. But at the end, I told the app to continue, it asked for the SSID password, and the thing worked just fine. Bullet avoided, this time. Why are these IoT gadgets telling us to separate the 2.4 and 5 Ghz bands? What does it matter to them that there is also an SSID with the same name in another band, that the actual gadget can not even see because it is on 5 GHz, and they do not have hardware to receive that band? It is only the app on the phone setup tool which can see the double band and complain. Obviously, sepparating these bands is a bad thing for our (Linux) laptops. But if this happens to you, you have two posibilities: ignore the warning and try, and if it fails, setup the guest WiFi with separate SSIDs or even with no 5Ghz band. - -- Cheers Carlos E. R. (from 15.5 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZ2Cn2xwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVvT8An02mUR5b4jvEdIHR34uJ Ln5/26aEAJ4+WKeIIEVNdcl62zLYq8PuXFgrQg== =002d -----END PGP SIGNATURE-----
On my Wi-Fi router, which is at home...not where I am at the moment, I have it set up with mudskipper.lo and mudskipper.hi as the SSIDs. There is no guest access, I very carefully made sure it was turned off. If I need something connected to it I'll know what password to give it. I live in a condo complex and I can see 30-40 SSIDs at any given time. Some of my older stuff only does 2.4GHz and some will work fine with 5. It may be my imagination but I seem to get better throughput with the 5GHz, so I point things like the old laptop, phone and a Samsung pad at the 2.4GHz channel letting the computers run on 5GHz.
On 12/16/24 4:21 PM, Carlos E. R. wrote:
I had installed a remote controller for a water heating system for a house, from Daunier Duval. The technician, when setting up the internet connection for the device,
Would never happen -- to me... "water heating system" and "internet connection" have no business mixing in my book. Just like "automobile" and "telemetry" or "phone app" and "registration" or "face recognition" in "public". Just because it -- "can", doesn't mean you -- "should". On the wider dual-band single SSID, I see that as a bit dicey. Not from a laptop/phone standpoint, but from an IoT "thing" standpoint. My wifi-router (a Tplink -- do not recommend) does this and it's firmware/web-interface can monitor connections on both presenting the same SSID. When you start bringing in IoT devices, that has always been a big "FLASHING RED WARNING" light to me given the history of security issues with IoT devices (hardcoded credentials, etc..) While most premium devices handle dual-band just fine (phones, laptops, etc..), the "patched together" IoT devices don't. That "don't" part is still a big "FLASHING RED WARNING" from a security standpoint on just what could piggy-back into my network through its protocol. I guess the tech-adventurous and generations coming up behind have no issue with everything being able to transmit to the world, but as a child of the 60's call me just a bit skeptical of the tradeoffs being made. (though if I'm ever faced with the issue [doubtful], I'll remember the advise :) -- David C. Rankin, J.D.,P.E.
On 2024-12-17 00:36, David C. Rankin wrote:
On 12/16/24 4:21 PM, Carlos E. R. wrote:
I had installed a remote controller for a water heating system for a house, from Daunier Duval. The technician, when setting up the internet connection for the device,
Would never happen -- to me... "water heating system" and "internet connection" have no business mixing in my book. Just like "automobile" and "telemetry" or "phone app" and "registration" or "face recognition" in "public".
Just because it -- "can", doesn't mean you -- "should".
I must.
On the wider dual-band single SSID, I see that as a bit dicey. Not from a laptop/phone standpoint, but from an IoT "thing" standpoint. My wifi- router (a Tplink -- do not recommend) does this and it's firmware/web- interface can monitor connections on both presenting the same SSID. When you start bringing in IoT devices, that has always been a big "FLASHING RED WARNING" light to me given the history of security issues with IoT devices (hardcoded credentials, etc..)
My two devices have no hardcoded credentials.
While most premium devices handle dual-band just fine (phones, laptops, etc..), the "patched together" IoT devices don't. That "don't" part is still a big "FLASHING RED WARNING" from a security standpoint on just what could piggy-back into my network through its protocol.
I don't see any security issue in them not doing 5 Ghz.
I guess the tech-adventurous and generations coming up behind have no issue with everything being able to transmit to the world, but as a child of the 60's call me just a bit skeptical of the tradeoffs being made.
(though if I'm ever faced with the issue [doubtful], I'll remember the advise :)
You can put them on the guest network. Properly done, they don't have access to anything at your home. If you are still paranoid, put them on a totally different router. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 12/16/24 6:24 PM, Carlos E. R. wrote:
You can put them on the guest network. Properly done, they don't have access to anything at your home. If you are still paranoid, put them on a totally different router.
Yes, guest, segmented IP range or separate router are probably the best solutions. I try and avoid ever allowing "guest". There was a time my WiFi was the only WiFi listed in a search. Now there are 4 others. World is getting busy. -- David C. Rankin, J.D.,P.E.
On 12/16/24 19:24, Carlos E. R. wrote:
You can put them on the guest network. Properly done, they don't have access to anything at your home. If you are still paranoid, put them on a totally different router.
Quite so. I have a guest WiFi and my firewall/router (pfSense) is configured to allow guests to only access the Internet. The only thing they can do on my network is ping the guest interface. My guest WiFi uses a 2nd SSID on my access point and a VLAN back to my router.
On 2024-12-17 04:30, James Knott wrote:
On 12/16/24 19:24, Carlos E. R. wrote:
You can put them on the guest network. Properly done, they don't have access to anything at your home. If you are still paranoid, put them on a totally different router.
Quite so. I have a guest WiFi and my firewall/router (pfSense) is configured to allow guests to only access the Internet. The only thing they can do on my network is ping the guest interface. My guest WiFi uses a 2nd SSID on my access point and a VLAN back to my router.
The only thing with these type of devices like mine is that for setting them up you need a phone or tablet on the guest ssid, at least temporarily. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 12/17/24 07:01, Carlos E. R. wrote:
Quite so. I have a guest WiFi and my firewall/router (pfSense) is configured to allow guests to only access the Internet. The only thing they can do on my network is ping the guest interface. My guest WiFi uses a 2nd SSID on my access point and a VLAN back to my router.
The only thing with these type of devices like mine is that for setting them up you need a phone or tablet on the guest ssid, at least temporarily.
That shouldn't be a problem. I can access my guest WiFi with my phone. The only difference with my main WiFi is I have to specifically connect to it, whereas my phone connects automatically to the main SSID.
On 12-16-2024 04:21PM, Carlos E. R. wrote:
I have classified the post as OT because it is not about Linux, but the consequences of doing what these IoT tell us to do affect our Linux machines.
Excuse possible spelling errors, aspell crashes (locks in black, actually).
Long ago I got a router that has the 2.4 Ghz band and the new 5 Ghzx band. The ISP had it configured with two similar but different SSID. Here someone recomended to change to the same SSID and leave it to automatics to choose which band to use. He was right, laptops and phones are happy.
Then a few months ago I had installed a remote controller for a water heating system for a house, from Daunier Duval. The technician, when setting up the internet connection for the device, which is done from the phone app, not from a setup menu on the gadget, said that the double band WiFi I had was not compatible, that I had to separate them. OR, we can use the guest band, that typically is separate. We did that and it worked.
Yesterday I was setting up a weather station (<https://www.amazon.co.uk/ gp/product/B0DDTG79J2/>). The setting up is done in the phone. You have to download an app, register, and follow the instructions. When it reached the WiFi part, it complained that the phone was on the 5 Ghz band, and the gadget is 2.4 only. The instructions warned that double band is not compatible, and that possibly I'd have to separate the bands. I sat there, puzzled, for a while. I thought about setting up the guest band. But at the end, I told the app to continue, it asked for the SSID password, and the thing worked just fine.
Bullet avoided, this time.
Why are these IoT gadgets telling us to separate the 2.4 and 5 Ghz bands? What does it matter to them that there is also an SSID with the same name in another band, that the actual gadget can not even see because it is on 5 GHz, and they do not have hardware to receive that band? It is only the app on the phone setup tool which can see the double band and complain.
Obviously, sepparating these bands is a bad thing for our (Linux) laptops. But if this happens to you, you have two posibilities: ignore the warning and try, and if it fails, setup the guest WiFi with separate SSIDs or even with no 5Ghz band.
-- Cheers
Carlos E. R. (from 15.5 x86_64 at Telcontar)
Thank you for writing this out, It was informative.
On Mon, 16 Dec 2024 23:21:15 +0100 (CET) "Carlos E. R." <robin.listas@telefonica.net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Then a few months ago I had installed a remote controller for a water heating system for a house, from Daunier Duval. The technician, when setting up the internet connection for the device, which is done from the phone app, not from a setup menu on the gadget, said that the double band WiFi I had was not compatible, that I had to separate them. OR, we can use the guest band, that typically is separate. We did that and it worked.
I've never encountered that and hope I never do. If my phone is on the 5 GHz part of the network and I need to talk to something on the 2.4 GHz part, I tend to just take it all outside where the phone will reconnect onto the 2.4 GHz part. (5 GHz has much greater bandwidth but shorter range). Phones and all my IOT devices are on the guest network so they can see the Internet but not my private network. The notion seems to be settling on setting up the IOT device by it providing its own AP which you connect your phone to (or use Bluetooth to do same) and then provide details of the network you want it to connect to.
On 12/17/24 05:49, Dave Howorth wrote:
I've never encountered that and hope I never do. If my phone is on the 5 GHz part of the network and I need to talk to something on the 2.4 GHz part, I tend to just take it all outside where the phone will reconnect onto the 2.4 GHz part.
That sounds like misconfiguration. On my network, both bands connect to the same subnet so traffic between them is seamless.
On Tue, 17 Dec 2024 10:45:18 -0500 James Knott <james.knott@jknott.net> wrote:
On 12/17/24 05:49, Dave Howorth wrote:
I've never encountered that and hope I never do. If my phone is on the 5 GHz part of the network and I need to talk to something on the 2.4 GHz part, I tend to just take it all outside where the phone will reconnect onto the 2.4 GHz part.
That sounds like misconfiguration. On my network, both bands connect to the same subnet so traffic between them is seamless.
I can't speak to how random makers of IOT devices configure their systems :)
On 12/17/24 11:00, Dave Howorth wrote:
That sounds like misconfiguration. On my network, both bands connect to the same subnet so traffic between them is seamless. I can't speak to how random makers of IOT devices configure their systems 🙂
I'm still struggling to understand how having 2 bands available should cause problems. If they don't want to use 5 GHz, they should ignore it. I sometimes wonder about the competence of some companies. Someone else mentioned TP-Link access points. I had one of those and found it leaked multicasts from the main LAN to the guest VLAN. This made it impossible for me to use IPv6 on my guest WiFi, as guests would wind up with addresses from my main LAN. When I called support, they tried to claim that was how VLANs are supposed to work. It was only when I talked to 2nd level support that they recognized that as a problem. However, there was no fix forthcoming, though I believe it has been corrected in a later version. I fixed it by replacing the TP-Link AP with a Unify AC Lite, which works fine. That problem also existed with some TP-Link switches.
On 2024-12-17 17:16, James Knott wrote:
On 12/17/24 11:00, Dave Howorth wrote:
That sounds like misconfiguration. On my network, both bands connect to the same subnet so traffic between them is seamless. I can't speak to how random makers of IOT devices configure their systems 🙂
I'm still struggling to understand how having 2 bands available should cause problems. If they don't want to use 5 GHz, they should ignore it.
As I said, the device that I installed myself has the printed warning in the paper manual that it may not work. So I ignored the complain from the app, went ahead, and it worked. On the device that was installed by the profesional, I had to activate the guest SSID and give him the credentials, because he did the initial setup himself (he promised he would delete the credentials in a day or two). I do not understand why the device would care about the SSID being the same on two bands. Perhaps the phone app sees it is on 5 GHZ and doesn't trust that the 2.4 will works or has the same credentials, as the app doesn't see the 2.4 network.
I sometimes wonder about the competence of some companies. Someone else mentioned TP-Link access points. I had one of those and found it leaked multicasts from the main LAN to the guest VLAN. This made it impossible for me to use IPv6 on my guest WiFi, as guests would wind up with addresses from my main LAN. When I called support, they tried to claim that was how VLANs are supposed to work. It was only when I talked to 2nd level support that they recognized that as a problem. However, there was no fix forthcoming, though I believe it has been corrected in a later version. I fixed it by replacing the TP-Link AP with a Unify AC Lite, which works fine. That problem also existed with some TP-Link switches.
I remember you mentioning this. I have seen recently routers advert they come with openwrt installed. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 12/17/24 14:12, Carlos E. R. wrote:
(he promised he would delete the credentials in a day or two).
Yeah, right! 😉
I do not understand why the device would care about the SSID being the same on two bands. Perhaps the phone app sees it is on 5 GHZ and doesn't trust that the 2.4 will works or has the same credentials, as the app doesn't see the 2.4 network.
That doesn't make sense. The phone will connect to whatever signal it sees and there is provision for going with the strongest signal. As I mentioned, both bands are on the same subnet with my network and there's no reason why they shouldn't be.
I have seen recently routers advert they come with openwrt installed.
Mine was just an access point. My router is pfSense running on a mini PC. It's been many years since I've used a router from D-Link, etc. I prefer to keep the functions separate.
On 2024-12-17 20:20, James Knott wrote:
On 12/17/24 14:12, Carlos E. R. wrote:
(he promised he would delete the credentials in a day or two).
Yeah, right! 😉
I don't have any reason to disbelieve him. He is installing many such systems a day, each different one requiring space in his phone. Once he has finished configuring and testing the heating system, he has no reason to keep it. The company, on the other hand, has remote access, for the purpose of continuously monitoring the system, and warning me when an intervention is necessary (which would be free of charge). The end result is a maintenance visit every two years, instead of every year. The furnace section needs changing a rubber casket periodically. It is a hot water house heating system called "condensing" type. The combustion is regulated so that the hot gases after the heat exchange is almost cold gases, and when they go out of the house they go down, not up as steam would normally do. It also generates liquid water. Meaning the efficiency is much higher. This can be done when the fuel is very clean gas, because if not the exhaust is acidic and corrosive (<https://en.wikipedia.org/wiki/Condensing_boiler>).
I do not understand why the device would care about the SSID being the same on two bands. Perhaps the phone app sees it is on 5 GHZ and doesn't trust that the 2.4 will works or has the same credentials, as the app doesn't see the 2.4 network.
That doesn't make sense. The phone will connect to whatever signal it sees and there is provision for going with the strongest signal. As I mentioned, both bands are on the same subnet with my network and there's no reason why they shouldn't be.
I know. But for the purpose of setting up, the app assumes it has to tell the device, via bluetooth, what are the ssid and password of the AP it has to connect to. It can not tell it to connect on 5GHz. It has to assume that the 2.4 GHz ssid will be there, without seeing it. It is designed to tell "connect to the same ssid as me" over BT.
I have seen recently routers advert they come with openwrt installed.
Mine was just an access point. My router is pfSense running on a mini PC. It's been many years since I've used a router from D-Link, etc. I prefer to keep the functions separate.
-- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
participants (6)
-
-pj -
Bill Swisher -
Carlos E. R. -
Dave Howorth -
David C. Rankin -
James Knott