We show you how to set up and operate a wi-fi service for friends and customers.
Public Wi-Fi is something people are coming to expect. Cafés and restaurants offer wireless internet access for customers; offices provide a connection for visitors, so that guests can check their email while they’re on-site.
If you manage IT for any business, it’s worth considering running your own hotspot – either as a commercial venture, which people pay to use, or as a complimentary service to visitors. Even within your own home, hosting a hotspot can be a useful service for neighbours and guests. There are, however, numerous technical and legal issues to consider.
Don’t use an open network
The simplest way to share an internet connection with the world at large is to make your existing wireless network unsecured, so that any device within range can connect. There’s a certain seductive simplicity to this approach – but it carries risks. Anyone who connects will be able to access not only your internet connection, but other networked resources such as shared drives.
This means you’re effectively throwing your privacy out of the window, so it isn’t something we’d recommend for individuals, much less for businesses. Even if you don’t have shared resources, allowing anonymous outsiders to connect to your primary network gives them a perfect opportunity to try out exploits and compromises. Remember, too, that Wi-Fi passes through walls, so even if you allow only trusted visitors onto your premises, you could be hacked by someone standing outside on the pavement. Since all network traffic on an open wireless network is unencrypted, it’s even possible for your online activity to be intercepted and spied on in real time. If you’re a business that holds confidential information, you could be sued for failing to protect your customers’ data.
In all cases, it’s a good idea to minimise your chances of falling foul by using a firewall and filtering software (or hardware) to block common methods of copyright infringement, as well as potentially obscene content. Even once you’ve taken this precaution, though, running an open network isn’t something we can recommend.
A safer way to share your connection is by creating a guest network – that is, setting up a new wireless network, separate from your main LAN, which allows visitors to access your internet connection but nothing else. This is an approach typically used by large organisations, but it’s also supported by many routers that are designed for home or small-business use (sometimes implemented by allowing you to specify a secondary SSID, in addition to your main wireless address).
So long as the resources on your primary network are properly protected and isolated, this approach gives would-be attackers very little scope to harm your business or compromise your privacy. Use WPA2 encryption on your guest network and opportunists won’t even be able to connect in the first place – although this does introduce an administrative overhead, since you’ll need a way of communicating the passphrase to legitimate visitors. If you plan to take this route, consider investing in a router that allows you to manage access remotely: some recent models we’ve seen come with control apps for Android and iOS that let you grant guest access from a smartphone or tablet.
Running a guest network still isn’t an ideal way to share a connection with the wider world. The same contractual issues will apply as with an open network – and since there’s no real user management, if you do find yourself on the wrong end of a police investigation, you may find it difficult to show who the guilty party really was. Depending on your router, you may lack other useful management features, such as bandwidth control – to prevent heavy users saturating your internet connection, and leaving those on your private network crawling along. You’ll also have no way to charge users for the service, which for many businesses wholly defeats the purpose of running a hotspot.
If you want more features than a regular router can offer, your best bet is to use a dedicated hotspot gateway to manage access to your connection. This doesn’t need to be a complicated piece of kit, and you don’t need a certified network engineer to set it up and maintain it. At its simplest, all the gateway has to do is host a wireless network, and present a login page – a “captive portal” in the industry jargon – that requires visitors to accept your terms of service and optionally make a payment (or provide proof of pre-payment) before they’re allowed online. If your service is time-limited, then the gateway should also kick people off the network when their access expires.
There are a few manufacturers who provide turnkey devices that will handle all of this for you. ZyXEL’s N4100 has been kicking around for a few years now – we reviewed it back in 2010 – but it’s still perfectly up to the job. Hook it up to your LAN and it will serve up a customisable captive portal with full bandwidth control and access management. It costs around $500, and can be expanded with an optional thermal printer for churning out logon codes, so that customers can pay for access at a kiosk, then log in at their leisure.
If your needs are more ambitious, the 4ipnet HSG260-WTG2 Wi-Fi Hotspot Kit 2 includes not only a wireless thermal printer but also a wireless keypad – so you can sell login codes from all sorts of locations, with no need for a dedicated PC to manage network access. The back-end also integrates with various online payment gateways, making it easy to set up a credit-card-based charging mechanism. That means less administration for you, and it allows people to connect from anywhere within range at any time – even in the middle of the night, or from a different building. It is a bit hard to locate, and the Hotspot Kit 2 may be a bit pricey for a small business, but it makes it extremely simple to set up and manage a professional-class hotspot.
Hotspot firmware and software
Dedicated hardware makes life easy, but it isn’t wholly necessary. The services provided by a hotspot gateway aren’t technically demanding, and it’s perfectly possible to run them on a regular domestic router – so long as you don’t mind a bit of firmware flashing. The open-source DD-WRT firmware supports the free ChilliSpot hotspot service, and can be flashed onto a range of routers from Buffalo, D-Link, Linksys, Netgear and others. Another open-source option is CoovaAP, using the CoovaChilli service, which, unlike ChilliSpot, is still under active development.
This approach certainly saves money, but the perennial danger of investing in community-run projects is that if you run into problems, you’ll have to rely on the community for support. We’d think twice before taking this approach for a wireless hotspot that was integral to a business.
A possible compromise is to use commercially supported firmware: the free Sveasoft firmware, for example, comes with optional paid support. If you’re looking for a more complete service, one popular choice is www.hotspotsystem.com. Install the company’s firmware on your router – or buy a router with the firmware preinstalled, via the website – and you get a fully supported hotspot, with access to the provider’s back-end for credit card purchases. This is terrifically simple for you, but it comes at a price: the operator takes a 30% commission fee on each transaction, and pays your share one month in arrears.
Your legal obligations
If you’re operating a small home or office network where access is granted only at your discretion, you have no particular legal obligations, beyond those that might arise from infringing or illegal uses of your connection.