Some of you have asked about the lanyard I use with my WLAN Pi R4. So here is how to make yours.
What does it do?
It allows you to ‘wear’ the R4 while keeping your hands free. You can perform 2.4 GHz, 5 GHz or 6 GHz scanning, spectrum analysis, or packet capture from your Mac.
What parts do I need?
My goal is to use a standard conference lanyard. Use your favourite one or order a custom one with your name or company name. In the UK, I use greencotton on eBay and they have been great.
After many iterations, I discovered that these D ring picture holders work best. They are made of metal, of perfect size and readily available. So there is no reason to overengineer this or reinvent the wheel.
Finally, we need two M2.5 x 5 mm bolts to attach the D rings to the bottom of the Waveshare heatsink.
WLAN Pi is primarily a Wi-Fi tool, but occasionally I need an iperf server that would be able to deliver more than 1 Gbps of TCP throughput. In a controlled lab environment, I normally use PoE powered NanoPi R5S. I know the IP address of the iperf server by heart. Outside of the lab, I could really do with a WLAN Pi, its preinstalled software, display, buttons and everything it does out of the box. So the question is: “Can we add 2.5 GbE to WLAN Pi M4?”
M.2 slot to the rescue
WLAN Pi M4 doesn’t have any USB 3 ports. How do we add 2.5 Gbps Ethernet to it? If you don’t mind losing the Wi-Fi adapter in favour of 2.5 GbE mGig port, we can install this 2.5 Gbps Ethernet adapter in M4’s PCIe M.2 slot. It is based on Realtek RTL8125B chipset. I paid £17 for it including shipping to the UK.
It just works*
To my surprise, it just works*. Yes, I hear you, no one likes these asterisks, do you? 😉 Continue reading, it’s not the end of the story.
The underwhelming default driver
Linux (and WLAN Pi image) has a driver for this adapter, but upload speeds, that is from iperf client to WLAN Pi iperf server, are very poor. We are talking 300 Mbps poor.
Install Realtek’s latest driver to fix performance
Installation of this driver isn’t as straightforward as it might look. I ended using vanilla Raspberry Pi OS image instead of the WLAN Pi one. Mainly because it is not easy to get the kernel headers for WLAN Pi image and we need them to be able to compile the new driver.
Yes, it is possible to achieve 2.35 Gbps symmetric TCP throughput on the WLAN Pi M4 with this adapter. But you should be aware of these facts:
This Ethernet adapter doesn’t fit inside WLAN Pi M4 case
You will have to give up the M.2 Wi-Fi adapter in favour of mGig Ethernet
From software perspective, the Realtek driver that ships in WLAN Pi image doesn’t unlock full performance of this adapter (iperf client pushing traffic to WLAN Pi iperf server). Installing the latest driver isn’t trivial on WLAN Pi.
We, WLAN Pi team, currently don’t support this setup. If you have a use case for 2.5 GbE support on the M4, please let us know.
You might remember me saying something about designing a 3D printed WLAN Pi tripod mount. Yes, that was the plan… until I found a much better solution, which I had already owned.
Why tripod mounted? Well, occasionally I work on an outdoor Wi-Fi project. WLAN Pi can be a really useful for throughput testing, or it can share your phone’s cellular internet connectivity with your access point. This is really useful in cloud-managed surveys, labs, and projects.
Tern RidePocket Handlebar Bag
I present to you this small, well designed, and weatherproof Tern RidePocket bag. It is a fantastic bicycle bag, and as good bag for your WLAN Pi. You can purchase one in many countries around the globe and made by a big bike company, which is here to stay.
If you wanted to, you can battery power your Pi. Just add a battery pack of your choice.
Outdoor surveys involve all kinds of weather, and that’s where this rain cover becomes really useful.
What makes it work better than other or cheaper bags? It mounts securely, and does not slide down the tripod thanks to its strap coated with a layer of anti-slip rubber material.
If you prefer a Raspberry Pi 4, or WLAN Pi Community Edition based on Raspberry Pi 4, it fits in this bag too including a PoE splitter with little effort.
Lenlun Bike bag set
Do you need to interact with your WLAN Pi while it is mounted? No problem. I’ve tested a handful of other bags and Lenlun Bike bag set is the best fit. It allows you to see the display and press buttons while it protects everything stored inside.
Finally, after you are done working, these bags can happily carry your keys, phone, battery pack, and wallet.
Sabrent NT-SS5G is a 5 GbE USB adapter, which allows you to achieve higher throughput than 2.5 GbE adapters, and break the 2.35 Gbps barrier. It works great on Windows. If you are a macOS or Linux user, I recommend you consider other options like this instead.
The adapter itself is larger than 2.5 GbE adapters, it uses AQC111U chip, and ships with short 2 detachable USB-A and USB-C cables. USB-C port on its back connects the adapter to your computer. A metal shell protects it, serves as a heatsink, and also adds to its weight.
In adapter options, you can actually configure quite a few things including Jumbo frame support. Note that these are fixed values.
I can’t recommend this adapter for macOS users. It forces you to disable macOS System Integrity Protection (csrutil), otherwise it won’t work. It might be okay for a proof of concept or lab setup, but I would hesitate from using it in production.
This is how to install the driver if you were interested:
Install the driver using the pkg file provided by Sabrent. It installs a Kernel Extension (kext), which drives this adapter.
Enable the extension by going to System Preferences > Security & Privacy > enable the extension > Reboot.
After reboot, unplug the adapter and plug it back in.
It should work as long as you leave the System Integrity Protection disabled.
From throughput perspective, it saw download speeds of 3.30 Gbps, and upload of 3.45 Gbps. This was with default iperf3 settings, standard 1500-byte MTU and one stream. Great results considering that this adapter’s USB interface maximum theoretical throughput is 5 Gbps.
In my view, you might be better off buying a 2.5 GbE adapter, which can push 2.35 Gbps up and down consistently and with no driver installation needed. I tested one here. Alternatively, a 10GbE Thunderbolt Ethernet adapter is even faster choice, but more costly, and larger form factor. Or, if your other half approves, treat yourself to an M1 Mac Mini with built-in 10 GbE 😉
I tested this adapter on 64-bit Raspberry Pi OS running on Raspberry Pi 4. Although the default driver distributed in Linux Kernel 5.15 works, it doesn’t even deliver symmetric 1 Gbps.
Let’s download the latest driver from Sabrent’s website. Unfortunately that doesn’t seem to be able to compile for 64-bit OS. I tried compiling on 32-bit Raspberry OS, to no avail. If you have any ideas, please do let me know.
Plugable makes this inexpensive 2.5 Gigabit Ethernet USBC-E2500 adapter. It is based on Realtek RTL8156B chip. On Windows and macOS it works out of the box. If you want to use it on a Linux machine like WLAN Pi Pro or Raspberry Pi 4, expect some troubles along the way, but good performance when you get there.
When they say “update the driver using Windows Update first”, they mean it. Windows 11 will recognise the adapter and you can start using it, but the default driver distributed with Windows 11 significantly reduces this adapter’s performance.
Now, let’s use Windows Update to download the latest driver.
As you can see, download throughput (from iperf3 server to iperf3 client) has dramatically improved.
Although the box suggests Jumbo frame support, Windows driver settings don’t give me any option to edit the MTU size. So, I assume Jumbo frames are not supported.
On macOS, this adapter works out of the box with no additional driver installation required. That’s a very nice surprise. And performance is great.
Auto-negotiation worked just fine. If you want to configure speed or MTU manually, you can, but Jumbo frames are not supported on macOS either.
Now the bad news. If you are considering to use this adapter on a Linux machine, the default driver cdc_ncm is a trouble as it only supports 2.5 Gbps Half duplex. Setting Full duplex manually using ethtool command doesn’t work either.
As you might expect, with the default driver and Half duplex, throughput is very poor.
On WLAN Pi Pro and Raspberry Pi 4 running 5.15 Linux Kernel I managed to fix the duplex issue by the steps listed below. But I hit new auto-negotiation issue between the Plugable adapter and Cisco Catalyst WS-C3560CX-8XPD switch. It took the adapter to eventually negotiate 2.5 Gbps Full duplex around 15 minutes of constantly flapping the interface. Forcing speed and duplex on the Plugable adapter by ethtool did not work. Certainly not ideal, and definitely worth testing before you commit to the Plugable adapter. With other multigigabit adapters, the Plugable had no negotiation issues.
How to force Linux to use the right driver
To enable Full duplex capability, we need to tell Linux to use Realtek r8156 driver instead of the default cdc-ncm.
Wi-Fi standards have developed and also WAN links are fast and reasonably priced these days. When it comes to throughput testing tools like iperf3 servers, 1 Gigabit Ethernet has become a bottleneck. A Wi-Fi 6E client can now easily generate more than 1 Gbps of traffic, but how do we measure it?
To overcome that issue, I am looking for a reasonably priced portable single-board computer, which can push more than 1 Gbps of traffic. It should be powered via USB-C, battery, or PoE powered, and should be portable to fit in my “just in case I need it” tool bag.
FriendlyElec NanoPi R5S
This little FriendlyElec NanoPi R5S single-board computer (SBC) delivers everything I mentioned above. Let’s have a look.
Dimensions and case
It comes with a well designed aluminium case, which also serves as a heatsink. The whole unit is smaller than the smallest iPhone, slightly thicker obviously. It runs silent. There is no built-in fan whatsoever.
It has two 2.5 Gigabit Ethernet interfaces (LAN1 and LAN2) and one 1 Gigabit Ethernet interface (WAN). Either of the LAN ports delivers 2.3 Gbps of actual useful iperf3 throughput with default 1500-byte MTU and single stream. I used MacBook with OWC 10 Gigabit Ethernet Thunderbolt 3 Adapter and Cisco WS-C3560CX-8XPD switch.
The R5S only draws 4 Watts in idle, and can be powered by any USB-C 5V power source. Your MacBook USB-C charger, iPad/iPhone charger, or USB-C battery pack would do. Alternatively, use a 1 Gigabit Ethernet 5V PoE splitter and PoE power the unit. In my lab with a 2 meter cable, the 1 Gigabit Ethernet PoE splitter actually allowed the R5S auto negotiate stable 2.5 Gbps connection with the switch.
FriedlyElec built and published two operating system SD card images for the R5S – Ubuntu and FriendlyWRT. I tested both, and for my use case FriendlyWRT works best. It has a network-centric and easy to use web UI, has iperf3 preinstalled, and delivers great performance.
Connect the WAN port to a network with existing DHCP server. If you are in the same subnet, simply ping FriendlyWrt.local to get the IP address of the R5S.
Then access the web UI or SSH to the unit, SSH is enabled by default. Change the root password now.
Now, this is important! To achieve maximum throughput, delete the pre-configured bridge interface br0, and configure both multigigabit eth1 (LAN1 port) and eth2 (LAN2 port) as standalone unbridged interfaces. Also, tweak IP address settings to your liking while you are there.
Make iperf3 automatically start by going to System > Startup > Local Startup and add iperf3 -s and hit the Save button.
Change CPU Governor setting to Performance. And CPU Minimum Frequency to the maximum value.
This little single-board computer absolutely deserves its space in my tool bag. For the 2 GB RAM model with case I paid $88 including shipping to the UK. Add a Micro SD card and that’s all you need to get started.
Finally, it you need top performance, don’t care that much about small form factor, and money is no object, the latest Apple M1 Mac Mini can be configured with built-in 10 GbE.
By default WLAN Pi, and Linux in general, uses a username and password-based SSH authentication. It involves quite some typing, some brain capacity to remember the password, and it is not the most secure method either.
You can create a public and private key pair. Your SSH client automatically logs in using the private key. The SSH server uses the public key to confirm that you possess the right private key. No password needed, and it also is more secure. The private key is never sent over the network, and this method protects you against man-in-the-middle attacks.
The beauty of this GitHub method is that GitHub stores your SSH public key centrally, which you can easily update, and you can install it to the machine you want to SSH to, by a single command ssh-import-id-gh. You can even add this to a startup script so that it automatically updates your trusted keys.
Let’s do this
ssh-keygen is the program that generates a public/private key pair on your local system. The private key is stored in ~/.ssh/id_rsa, and the public key is stored in ~/.ssh/id_rsa.pub.
The security of this method depends on keeping the private key safe and secure. Make sure not to leave the private key behind.
ssh-keygen -t rsa -C "firstname.lastname@example.org"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jiri/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/jiri/.ssh/id_rsa
Your public key has been saved in /Users/jiri/.ssh/id_rsa.pub
The key fingerprint is:
The key's randomart image is:
Display the public key, which is a text file at the end of the day, and copy its content to clipboard:
Save this public key to your GitHub account. Browse to github.com, log in, and open Settings:
Click New SSH key, name the key, paste your public key from the clipboard and save it:
The last step is to SSH into your WLAN Pi or Linux machine and tell it to use this public key from my GitHub, where jiribrejcha is my GitHub username:
If the command isn’t installed, you can fix that by:
sudo apt install ssh-import-id
Passwordless SSH access
When you authenticate to a server using public key authentication, the SSH client offers a copy of the public key to the server and the server then compares it against the keys listed in your ~/.ssh/authorized_keys file. This key was added automatically by the ssh-import-id-gh command. If the key matches, the server indicates that it is able to proceed with the authentication. The private key is then used to sign a message that includes data specific to the SSH session. The server can then use its copy of the public key to verify the signature.
Up until now, you could only use the WLAN Pi display to see its IP address and other IP details. If you are on the same subnet you could do ping wlanpi.local. Alternatively, your DHCP server log or show ip arp on the access switch could tell you.
Telegram Bot for the WLAN Pi automates the whole process and it sends you the IP details of your WLAN Pi whenever the Pi comes online. You can then easily and remotely skim through the details, check its IP address, public IP address, current mode, uptime, switch and port details the WLAN Pi is connected to, or double-check that its Ethernet adapter successfully negotiated 1 Gbps Full Duplex.
And you can do all this from you wrist, phone, tablet or laptop.
How to enable Telegram Bot
Download WLAN Pi image 2.0.1 or newer. Flash it onto an SD card. Boot up from this SD card.
Create a new Telegram account if you do not have one already. Start the Telegram app.
Let’s create a new Telegram bot. Find a person called Botfather and send them a message saying /newbot.
Follow the instructions to create a new bot.
After the new bot is created, copy the API key to a text editor.
Start a new chat with the newly created bot and say Hey, Hi or something like that and welcome them to the blue planet. This is mandatory and you can send more than one message.
Now SSH to the WLAN Pi and run this command with root privileges sudo telegrambot
It will complain about missing API key and tell you where to paste it.
Edit the configuration file, uncomment the second line and paste your own API key from step 5 using sudo nano /etc/networkinfo/telegrambot.conf.
Save the file using CTRL+o (letter o) and exit the editor using CTRL+x.
Make sure you sent a Telegram message in step 6 to your new bot.
Connect your WLAN Pi to the internet.
Finally, reboot by sudo reboot
Multiple Pi’s can use the same API key and send their IP configurations to the same chat or you can have 1 chat per WLAN Pi (my preferred option). It is completely up to you.
How often are Telegram messages sent?
Every time the WLAN Pi reboots and has internet access, it will send a new message to you.
If internet connection goes down (for example when you disconnect the Ethernet cable, DNS server stops responding or something breaks at your ISP while eth0 still remains up) for more than 10 seconds, the WLAN Pi will send you a new message with its fresh details after the internet connection goes up again.
Send a new message manually
Assuming you have completed the setup using the above instructions, you can SSH to the WLAN Pi at any time and send a new Telegram message manually using sudo telegrambot.
How to troubleshoot
If you are not receiving any message from the WLAN Pi, send another message to the Telegram bot using the Telegram app and reboot the Pi.
You can also check the logs and grep for telegrambot: sudo cat /var/log/messages | grep telegrambot