SB-Projects: fon

Navigation

Fon

Wouldn't it be nice to have free wireless access to the internet wherever you go? Just to check your e-mail, or phone home cheap while you're abroad, or look up a nearby restaurant, to name but a few applications.
PDA user OK, you could use the first open Wifi network you encounter. However, in some countries that may be illegal. And even if it is not illegal you are probably using someone's internet without permission. Using an open Wifi connection may also by risky, as I have explained on the page about Wifi sharing.
Fortunately there is a solution to this problem which is called FON. This initiative was started by Martin Varsavsky, a Spanish telecommunications and new media entrepreneur. Even Google and Skype believe in the project and sponsor it, among some other big companies.
The basic idea behind FON is to share some of your own bandwidth at home in exchange for free access to thousands of Wifi access points, called Fonspots, anywhere in the world.

I like the idea, although I'm a bit sceptical about its feasibility. At present (April 2007) it is still far easier to find an open Wifi network than to locate the few Fonspots in a city. However if no one sets up a Fonspot the project is certain to fail. Joining the fun, sorry the FON community was free at the time I joined the club, which was just the little push I needed.
So I'm a Fonero now. I hope you'll decide to become one too. And maybe we can use one another's internet some day.

Just to make things clear: This page is not about hacking the La Fonera. Other people are far better in it than I am.

How To Join?

Joining is very simple: Go to www.fon.com and register yourself. Then you will have to decide whether you only want to use FON while you're on the move, or whether you want to share some of your own bandwidth with the community.

Linus, Bill, Alien If you don't want to or can't share your own bandwidth you'll be a so called Alien. Aliens can login to any Fonspot, but they'll have to pay a small fee for a day pass, which is valid for 24 hours.

If you want to share your bandwidth you can become either a Linus or a Bill. A Linus (as in Linus Torvalds) shares his bandwidth for free. He doesn't want to be paid for sharing and in exchange for his kindness he can use any other Fonspot in the world for free.
A Bill (as in Bill Gates) shares his bandwidth in the same way as a Linus does. However he wants a piece of the action, he wants to get paid for his kindness. Basically this means that he'll get half of the price paid for day passes which are purchased through his access point.

Both Linuses and Bills get free access to all the Fonspots in the world. I doubt that you'll ever get rich by being a Bill. You'll only receive half of the day pass price if the day pass is purchased through your Fonspot. A Bill gets nothing if a Linus logs in, or if someone logs in who has bought a day pass elsewhere.

Thus a Fonero on the move sees no difference between a Linus' Fonspot or Bill's Fonspot. If you're an Alien you'll have to pay, if you're a Linus or a Bill you'll get free access.

What Do I Need To Join?

It goes without saying that you'll need some sort of broadband internet. You probably don't want to be sharing your dail-up network. So let's presume that you already have a broadband connection up and running, preferably with a multi-PC modem or broadband router connecting your local network with the internet. The only thing you'll need now is a little device called a Fon social router.

The Linksys router In the beginning this was a normal Linksys router equipped with special software. This Linksys router could be purchased from the Fon webshop real cheap, or you could upload the special software on to your own Linksys router if you already had one. I have no experience with this router, so I'm not going to talk too much about it.

Fon Chicks I've joined Fon when they were handing out free La Foneras, the new type of dedicated Fon social router. This is a nice little box, the size of a packet of cigarettes so I hear say (I'm a non smoker myself, so I wouldn't know).
This little box simply connects to your existing local network through an ethernet cable. Setting it up is really child's play and can be done using the Fon web site. Once it is set up and registered it transmits two SSIDs simultaneously. One SSID (read: one wireless network) is the unencrypted public network, while the other SSID is the WPA encrypted private network.

The La Fonera 2100 is not just an ordinary Access Point, it really is a router, as we'll see later on. This means that some limitations apply compared to a normal Access Point. More about this later.

You can buy your own La Fonera at the Fon web shop. It's not very expensive, around €40.00 including P&P and taxes. However Fon often has some special offers where you can buy the La Fonera real cheap, or even get one for free. I've got mine for free from another Fonero, who invited me (on my request) to become a Fonero too.
Please, don't ask me to send you an "invite", because I only invite people I know, just to make sure that they'll also use the La Fonera for its intended purpose.

If you order a La Fonera, you have to promise Fon to operate it 24/7 so that others can connect to it whenever they are within range. Hopefully you really do that, because one day I may need your Fonspot to check my mail, and I'd hate it when I find you not home after trying very hard to find you.
If, for whatever reason, you decide not to remain a Fonero after a while you also have to promise to find a new home for your La Fonera, so it won't be wasted.

First Impressions

La Fonera 2100 After ordering my free La Fonera it took only 6 days for it to arrive, including a weekend. A friend of mine had his La Fonera delivered in just 3 days (not including a weekend).
The little cardboard box contained the La Fonera itself (naturally), a wall wart PSU, a quick installation guide, a network cable, a CD and some door/window stickers.
Well, the part we're really interested in here is the La Fonera itself of course. Amazing what they can squeeze into such a small box these days. Although the La Fonera is looking good, I'm not too impressed by its tiny stump of an antenna. The whole idea about Fon is to share your Wifi, so it's no good if no one can see the signal unless they stick their notebook halfway through my letter box. Fortunately my La Fonera is going to be placed at the very front side of my house, so it can reach quite far into the street anyway. However I think it would have been better for Fon to spend 10 cents more on a more appropriate antenna.

The telephone cable Read the instructions on the bag There's one part in the cardboard box which raises some more doubts with me. Personally I wouldn't dare using the supplied so called "network cable" in my network. Let alone using it so close to a transmitter! The pairs are not twisted. What am I saying? The wires are not even in pairs, they simply run in parallel next to each other over the entire cable length. I think you'd better cut it up like I did, so you'll never get tempted to use it anyway.
Better spend 50 cents for a proper UTP cable instead.
If you read the instructions on the cable's plastic bag you can see for yourself that it was never intended to be a network cable, as they are constantly talking about "telephone wiring".

Connecting and setting up the La Fonera was done in a breeze. I guess that just anybody can do it. Well, anybody? I do see a few pitfalls which could make installing the La Fonera a bit more difficult. More about these later though, it works for now, so let's keep it that way.

I was a bit surprised to find out that the MyPlace network had a different IP segment than my own network. This proved to me that the La Fonera is really a router, rather than a simple Access Point.

How It Works

Principle diagram

La Fonera is a router with 3 network segments. One segment is connected to the public WLAN interface. A second WLAN interface is for your private use and is therefore encrypted. The third segment is connected to the Fonera's ethernet port.
In fact the La Fonera has only one WLAN interface, pretending to be two. This is only a small technical detail, which you normally don't have to be aware of.

Public WLAN:

Default SSID is FON_AP.
Network segment 192.168.182.0/24 .
Built in DHCP server for this network segment.
No encryption, free accessible to anyone.
Completely isolated from private WLAN and ethernet.
Limited internet access until user is authenticated by Fon.

This part of the La Fonera is the clever part of the entire Fon idea: Giving other members access to the internet, without compromising the host's privacy. A guest can simply connect to the public WLAN, which gives him/her limited internet access at first while the firewall blocks all traffic targeted to the local network of the host.
Limited internet access means that only a few internet sites can be visited. Some of those sites are required for authenticating the guest (eg: www.fon.com), some accessible sites are required to allow payments to be made (eg: www.paypal.com), while others are provided for free by the sponsors of Fon (eg: www.google.com and www.skype.com). The host himself may also provide one web site for free to his guests. For instance a restaurant, giving its customers internet access through Fon, may show the customer a site with today's menu on it.
Any non free site called from the guest's browser will result in the Fon home page to be loaded. Here the guest can identify himself. If he is a Linus or a Bill he will be allowed free access. If he is an Alien he will have to pay for the access, unless he already bought a day pass earlier that day. Recently another option is available for Aliens. An Alien can watch a 30 seconds commercial after which he can use/test the internet connection for 15 minutes.
Once the guest is authenticated full internet access is granted to him. Full internet access? Not necessarily. The host may restrict the bandwidth he shares with his guests.

In all cases any traffic through the public WLAN will either be routed to your broadband router or be blocked by the firewall. All private addresses will be blocked by the firewall, which makes it impossible for a guest to reach your local network.
However the host may change the firewall rules to allow traffic to the local network. I don't think it's wise to so though.

The program behind the public side of the Fonera is called Chillispot. Its function is to present the login screen to the guest and send the guest's credentials to Fon's Radius server, which will send a signal back to Chillispot to grant access for this guest or not.

Private WLAN:

Default SSID is MyPlace.
Default network segment 192.168.10.0/24 .
Built in DHCP server for this network segment.
Default WPA encryption, with device's serial number being the pre-shared key.
Routed to the ethernet segment for access to the local network and the internet.
The device's configuration web server runs on this network segment.

A private WLAN on the La Fonera is nice to have. Although it may be of limited use. First of all, it is not a normal Access Point, it's a router. You can access the internet just like with any normal Access Point. However reaching your own network is a different story. You can reach shared resources on your network from your wireless computer if you use the wired computer's IP address. But reaching your wireless computer from the wired side is not possible because the routing to that network segment is unknown. I have tried to add the route manually in my wired computer, but this didn't work either. Probably the routing table in the La Fonera lacks some entries too.
On top of that you may get into conflict if you want to place the La Fonera so that you can see the signal in your own house and garden, while at the same time providing a strong enough signal on the street for your guests.
My advise therefore is: Use your own, possibly already existing, Access Point to cover your house and garden, while dedicating the La Fonera for your guests only.

The private WLAN interface is normally the only interface which connects to the configuration web server. You can change some settings directly using this easy to use web interface.
Alternatively you can use the APIPA address through the Ethernet port (see below) to connect to the web interface. Or you can change some of the settings using the user's portal on the Fon web site.

Ethernet Port:

Network settings usually provided by the DHCP server in your broadband router.
Connects the Fonera's WLAN interfaces to your broadband router (the default gateway).
Also listens to the APIPA address 169.254.255.1 .

This is probably the least interesting interface of the la Fonera. All it really does is connect the Fonera's WLAN interfaces to your local network.

It is possible to connect the La Fonera directly to your cable or ADSL modem, in case you do not need a wired network. In that case the La Fonera is the network's gateway, so you don't need to have a separate NAT router in your network. However you may run into some problems if you do this during setup.
Therefore the easiest and probably the most common way to operate the La Fonera is to connect it to one of the ethernet ports of your own broadband router.

Apart from the normal private IP address which is usually assigned by your broadband router's DHCP server, the La Fonera assigns itself an APIPA address. APIPA stands for Automatic Private IP Address, and is an address in the network segment 169.254.0.0/16 which usually can be assigned by the host himself if no DHCP server can be found.
The intention is that the La Fonera finds the first free address in the range from 169.254.255.1 to 169.254.255.254 (See the script /sbin/ifup if you hacked your Fonera to have SSH access). However, for some reason, this doesn't work and the Fonera always assigns itself the address 169.254.255.1 . This address can be used to access the configuration web page, for instance if you can't access it through the private WLAN interface.
You'll have to setup your PC to use an address in the APIPA range of 169.254.0.0/16 first if you want to connect to the La Fonera's APIPA address of course. Usually the address 169.254.255.2 with netmask 255.255.0.0 will do just fine.

PS: In some user manuals of the La Fonera the netmask is mistakenly set to 255.255.255.0 . An APIPA address is a Class B address, which per default has a netmask of 255.255.0.0, and so does the APIPA address in the La Fonera. However the wrong netmask of 255.255.255.0 will work too by accident. I think it's too technical to explain why it still works, the clue is that the third octet is set to 255 which saves our day.

Fonera Phone Home

Fonera Phone Home For several reasons Fon wants to know if your La Fonera is still online. One obvious reason is to show your presence on the Fon maps which allows others to find you if they need internet access. On the other hand Fon wants to know if you are still a Linus or a Bill.
Another, less obvious reason, is to update settings and software in your La Fonera. Because a La Fonera is usually operated behind a NAT router, there is no (easy) way for Fon to access your La Fonera from the internet to push these settings or software. Normally a NAT router blocks all uninvited incoming internet traffic.
Therefore Fon decided that the La Fonera must call home twice every hour. Normally only a few dozen bytes are exchanged between the La Fonera and Fon. The La Fonera simply tells Fon that it is still alive, and Fon tells the La Fonera to keep up the good work. That's all.
However if the user has made some changes to his La Fonera settings on the Fon web page, or when Fon wants to update the La Fonera's software, some extra steps are taken. When the La Fonera phones home, Fon will send it a script file (/tmp/.thinclient.sh) which is then executed by the La Fonera. As a result the new settings take effect or the new software is flashed into the La Fonera.
This is why it may take up to half an hour for the settings made through the Fon web site to take effect in your La Fonera.

Things that can go wrong:

Puzzled A 3-way router, like the La Fonera, needs 3 different IP ranges. It is not allowed for two interfaces to have the same IP range. Two of the ranges were set up with the default ranges 192.168.10.0/24 and 192.168.182.0/24. This means that your own network may not have either range.
But what if it does? Suppose your local, already existing, network has the IP range 192.168.10.0/24. Well, you'd have to change one of them into something different, otherwise it won't work.
Normally you don't want to change your local network range, because that would mean that you may have to make changes to all computers connected to your network. The easiest thing to do is to change the IP range of the La Fonera, because no computers are connected to that network segment yet.
Unfortunately there is no way for you to change the IP range of the public network segment because it appears to be hard coded in the Chillispot software. So if your local network happens to have the IP range 192.168.182.0/24 you'll have to change it. The only alternative would be starting to hack the La Fonera.

Settings

In most cases the La Fonera will work directly out of the box. All you have to do is connect it to your broadband router, access the public WLAN (SSID: FON_AP), open your browser and login to the Fon web page which is automatically displayed. Then you'll have to answer a few simple questions. One if which is the question where your La Fonera is physically located on the map, so others can find it.
In some cases, for instance when you connect the La Fonera directly to your modem without a broadband router, you'll have to change some other settings first before you can continue. You'll have to use the Private WLAN (MYPLACE) or ethernet connection (APIPA address) for this setup.

Note: If you connect your La Fonera to the internet for the very first time it may take some minutes before the FON_AP network to come online. This is because the La Fonera may get new firmware first.

Warning: Do not leave a virgin La Fonera running for days before setting it up. The first visitor automatically becomes the "owner", so make sure it will be you!

You have two options if you want to make changes to the La Fonera's settings:

Using the Fon web site to change some settings

When you're logged in to the Fon web site you can configure your Fonspot using the link to "My Social Router". There you can set the SSID names of your public and private WLAN interfaces. You can change the password (default is "admin") and the WPA key of the private WLAN (default is device's serial number). You can change the physical location of your Fonspot on the map. You can limit the bandwidth of the public WLAN interface. And finally you can invite some friends to use your Fonspot, without the need for them to be a Fonero themselves.

Fon settings You can make these changes from anywhere in the world. There is no need for you to be logged in through the Fonspot in order to make these changes. Be aware though that under normal circumstances it may take up to half an hour for the changes to take effect in the La Fonera. They will be sent to your La Fonera as soon as it Phones Home, which may take some time. If you're in a hurry, you can always power cycle the La Fonera, because it will immediately call home when it boots up again.

TIP: You can use the Fon's web page to change the La Fonera's administrator password in case you have forgotten it. But you will have to remember your Fon login password, otherwise you can't login there either.

Using the La Fonera's web interface to change the settings

This is the way to go if you want to make some more advanced settings. Normally you would access the web interface through the private WLAN only. You cannot access the web interface through the Ethernet network segment.
However if you can't login to your Private WLAN, for instance because your wireless device does not support WPA, there is an escape route. And that is through the APIPA address over the Ethernet interface. So before you can use this method you'll have to give your computer an APIPA address, and then connect to 169.254.255.1 over the ethernet connection. That will give you exactly the same control as if you had accessed the web interface over the private WLAN interface.

This part is not intended to be a complete tutorial on how to setup your La Fonera. It is only intended to show you what settings you can make and where to make them.
PS: Click on any of these thumbnails to view the real size screen shot.

If you open the web interface either at http://192.168.10.1 (when using the private WLAN), or at http://169.254.255.1 (when using the ethernet interface) you will get the status screen. From there you can navigate through the different settings.

Public Wifi settings. Here you can only set the Public ssid of your Fonspot. You can't change the first 4 characters, they are always "FON_".
It is better to change the Public SSID of your Fonspot using the Fon web site. That way guests will see the current name of your Fonspot in their log files.

Private Wifi settings. Here you can change the settings of your private WLAN interface. You can set the SSID, encryption type and encryption keys on this page.
The name of your private SSID is the only setting from this page which can also be changed using the Fon web site.

Here you can setup the administrator password. The default password is "admin".

Here you can set the interface language of the web interface.

On this page you can select the type of internet connection you want to use. Common practice is to use DHCP mode when you connect the La Fonera to your broadband router. If you want to connect the La Fonera directly to your modem you may have to use the PPPoE or PPTP modes of operation, in which case you'll have to provide some user information to login to your broadband account.

This is where you can change the address segment of your private WLAN should it interfere with your wired network. You can also disable the DHCP server on this network if you want to, for whatever reason. And finally you can set the firewall rules to allow/deny the coupling of traffic between the three network segments of the La Fonera.

On this screen you can set the WLAN channel and the wireless mode to use. You can choose one of 11 channels, or automatic in which case the La Fonera picks the quietest channel. You can also force the La Fonera to use B or G mode only in case your WLAN client doesn't work properly if you select auto mode.

Here you can set some port forwardings. This allows you to run some wireless servers on your private network. These settings are a bit useless if you run your La Fonera behind your own broadband router, unless you're running very special internet software which requires this feature on the router.

With this option you can upgrade the internal software. I don't think you'll ever need this, because new software is automatically installed to your La Fonera by Fon.

TIP: Change the public SSID through the Fon web site only. Otherwise the guest's travel log will only record your Fonspot as "unknown".

Things To Remember When You're On The Move

Do try everything at home.
Ensure yourself that everything is working before you leave. You don't want to trouble shoot your basic software while you're sitting uncomfortably on someone's doorstep.
Pay special attention to your SMTP server's settings in your mail program. Enable SMTP authentication, otherwise you won't be able to send mail when you're connected to a different network.
Leave your broadband connection and La Fonera running during a long holiday.
The current policy is that you will loose your Linus or Bill status if your La Fonera is switched off for more than 30 days.
Use secured mail servers if your ISP provides them.
You'll never know who is listening when you're using a strange network. So be sure to use encrypted connections whenever possible if you value your privacy/security.
Print a map of Fonspots in your destination area before you go.
You can easily pinpoint the nearest Fonspot on the maps, but you'll need internet access to get to it. Therefore it's not a bad idea to print the map of the area where you're going to before you leave.
Download the latest POI file for your destination before you go.
You can download a Points Of Interest file, containing all active Fonspots, from the Fon web site. After feeding this POI file to your satnav software you can ask it to bring you to the nearest Fonspot.

Some Experiences

After some months of testing several FON spots I am able to share some of my experiences of being a Fonero.

First of all I have to admit that it is still far easier to find an open Wifi network than it is to find a FON spot. Even if you know where it should be, it is not always online, within range on the street, or in any other way unusable.
I have noticed that sometimes the Fonera hangs itself. You can still see it, but it is impossible to connect to it. I had to reset mine about 3 times in the past 4 months. However if the owner of the Fonera is not aware of the situation nothing is done to fix it.

Unfortunately the Fon web site is targeted to Notebooks only. Wifi enabled mobile phones and PDA's may choke on the large flash applications on the site. At best it takes very long for a hand held to load the page. The worst case scenario is that you won't get far enough to log in at all.
Watching the commercial to get free access for 15 minutes is also quite impossible for hand held devices.
Fortunately there is a connection tool for some Nokia phones, which bypasses the heavy fon web page. It would be nice if such a tool became available for other hand held devices too.