In comp.sys.raspberry-pi Grant Taylor  wrote:
> On 4/13/19 9:16 PM, Computer Nerd Kev wrote:
>> Has anyone used a Raspberry Pi ZeroW (or another Pi, plus a USB WiFi
>> adapter) as a WiFi router?
>
> I have not personally done so.  I know (of) some people (1 or two
> degrees removed) that have done so.  The general consensus seems to be
> 1) that it will function and 2) that the wireless radio on the Pi has a
> tendency to burn out (or otherwise be under powered) for use in an
> Access Point.

Thanks, I didn't think there would be a risk of it actually burning
out. That would be no good.

> They resoundingly recommend the little USB dongle that is
> an AP with a small rubber duck antenna.

When you say "the", does that suggest a specific model?

> I've heard of this type of config being used for a LOT of things, not
> just AP use cases.  (Sniffers, intrusion detection, reconnaissance, etc.)
>
>> As my existing WiFi router already connects to the internet
>> using a USB mobile broadband modem, this might suit me more than
>> most people, but there is an OpenWrt image for the Raspbery Pi:
>> https://openwrt.org/toh/raspberry_pi_foundation/raspberry_pi
>
> My biggest concern would be the bandwidth and any constraint /
> contention for the USB bus.

That's a good point. Currently I'm only getting a maximum download
speed under 300KBytes/s via mobile broadband, and I don't do that
much bulk data transfer on the local network. I do want to move from
3G to 4G though.

>> My cause for looking down this path is that I want to set up a HTTPS to
>> HTTP proxy on the router to serve all HTTPS connections to computers on
>> my local network via unencrypted HTTP.
>
> I've pontificated the same or a slight variation on the theme.  My use
> case is for newer clients to connect to older servers that can't be
> updated.  It sounds like you're primarily worried about older clients
> that can't step up to the new standards.

Yes, old clients that web servers won't talk to are my only worry.

> sslstrip comes to mind.  I've not used it before.  Check it out.

Thanks, I'll look into that.
https://moxie.org/software/sslstrip/

> I'd also consider Squid as it supports bump-in-the-wire SSL
> interception.  (You need to put a cert in client device's trusted Root
> CAs, but that shouldn't be a problem for you.)

Gah, I actually searched for "squid" and almost clicked the Wikipedia
page about the things with "large eyes, eight arms and two
tentacles". :)

Ah, this looks better:
http://www.squid-cache.org/

> I'd think you could configure Squid to strip HTTPS and / or provide a
> consistent maintainable HTTPS / TLS / SSL that your devices can support
> while it can step up to talk to what ever level of security on the
> outside.  Plus, it can cache things for you.  ;-)

Interesting, that does seem a bit more elegant, though I'm not really
concerned about anyone tapping into my local network traffic (even if
they crack my WiFi, they'd have to be on my property in order to get
close enough to pick up the signal).

> I'm sure that there are other options.  That's jut what jump out at the
> moment.
>
>> This is because all the stupid websites forcing HTTPS (when it isn't
>> needed) are making it difficult to keep all the software on my various
>> computers compatible with the various and ever-changing encryption
>> protocols required.
>
> You have your opinion, and I have mine.  I see no reason to debate which
> is correct.
>
> Feel free to ask questions if you want to have a technical discussion
> (with as few opinions as possible).

Alright I let myself go a little bit, but the first ten responses if
I say that I want to do x in order to strip HTTPS wouldn't be about
x, but would be asking why I want to strip HTTPS.

>> The Raspberry Pi ZeroW with a 1GHz CPU and 512MB RAM should be fast
>> enough, and as I'm only using WiFi and USB in the existing router, it
>> should have all the hardware that I need built in. It would use less
>> power as well.
>
> I get the impression that a Pi Zero W might not be the best choice.  But
> that a regular Pi might be acceptable.  Or some comparable SBC.

I'm following you with the WiFi burn-out issue. But otherwise, I know
that a 1GHz Pentium III is plenty powerful enough to handle the SSL,
so a 1GHz Pi Zero should be powerful enough as well. So even if I
don't use the Pi ZeroW's WiFi, I don't see a need to put more
electricity and money into a faster Pi.

>> The main thing that I'm worried about though is
>> the WiFi range. I should be able to solder on a
>> connector for an external antenna as described here:
>> https://www.briandorey.com/post/raspberry-pi-zero-w-external-antenna-mod
>
> Intriguing.
>
> I don't know if or how it would effect the burnout that I was mentioning
> above.
>
> I've got to say, I would take a look at some of the GL-iNet's small
> router / AP boards.  I think they've got some close to regular Pi
> prices, run OpenWRT, have external antennas, and can be powered via
> Power over Ethernet.

OK, will do. Though the key thing is the CPU power and RAM, otherwise
I could just stick with my DGN2200 for this HTTPS to HTTP proxy (the
lower electricity usage is just a bonus from using the Pi).

>> However looking deeper it seems that my existing router may have more
>> transmitting power (28.11dBm) than the Pi ZeroW (17.0dBm).
>
> Remember, Tx power is not all that it's cracked up to be.  Sometimes you
> get better overall service with more lower power devices than fewer
> higher power devices.

Umm, well I was hoping to keep to just one device in place of the
existing router, which is doing the job fine on its own. I know the
cost of a Pi ZeroW isn't much, but I would prefer less to configure
and less to go wrong.

>> I don't really want a significant drop in my WiFi range, so would it be
>> better to use a Pi Zero (non-W) and a USB WiFi adapter? In which case,
>> which WiFi adapters should I look for to suit this application?
>
> I think I would use the USB WiFi adapter in favor of the WiFi adapter
> built into the Pi Zero.

Thanks. To me that's suggesting a Pi Zero (non-W) with a USB WiFi
adapter yet to be determined. I'll have a look at what's available
for them.

--
__          __
#_ < |\| |< _#

--- SoupGate-Win32 v1.05