The cell service drought is over
I live on a part of Hilton Head Island that is cell service-challenged. We are several miles from the nearest tower, surrounded by towering pines. The architectural review board of my owners' association insists that antennae and towers of any kind detract from the island's beauty.
For years our cell reception is in the point-5 bar range, enough to receive Blackberry email and incoming call ringtone. If my family and neighbors actually want to accept an incoming call, we sprint out the door, down the driveway, towards an opening in the pine tree canopy.
I am now the happy user of a Blackberry Curve with a WiFi implementation that works with my IEEE 802.11 b/g access point and supports WPA2/AES with pre-shared keys. You can hear me now - and I don't need a horde of Ver1zon technicians trailing me and my cellie.
If you get a Curve's, bear in mind that the WiFi implementation tunnels voice service over an IPSEC connection. IPSEC (and IKE) may be blocked at firewalls as part of an egress traffic policy. This may affect you in the following scenarios:
- You are in a hotel where you can't get good cell coverage BUT the hotel offers WiFi. You may have to choose the option "give me a public IP address" to get IPSEC to work (I won't bore you with the details, simply know that network address translation and IPSEC don't always play well together and that IPv6 should fix this:-)
- You are visiting a company that offers you WiFi guest connectivity but blocks all but a limited set of PORTS. Some companies don't permit visitors to use IPSEC from their networks (it's an opaque tunnel and represents an information disclosure risk) so they may block your phone.
- Like me, you run a very secure firewall in your home office. I only open TCP/UDP ports outbound for applications that fall within my household acceptable use policy and block all the rest. So, like me, you will need to create a policy at your firewall that allows IKE port 500 and IPSEC/AH/ESP to port 4500 outbound from your wireless LAN to the Internet. (Go ahead, be like Dave, experience what a firewall admin really deals with.)
Assuming you've configured your WLAN connection properly, you should be able to surf the net from your Curve without IPSEC. Thus, if you have WiFi signal and are able to browse, a "Call failed" popup on your phone is a solid indicator that your tunnel's being blocked.
A word about the service. The call quality over a 3 Mbps DSL connection is about the same as you'd get from Vonage VoIP: a bit tinny but tolerable. If you use the browser on your Blackberry, you'll notice much improved download times. I quickly glanced at the traffic the Blackberry generates while it is connected using the WiFi. I noticed that my proxy firewall was stripping 3rd party cookies for hitbox.com. Grats to my firewall and bite me, Hitbox. The Bberry appears to work fine without them so if
you have HTTP proxy capabilities, a cookie blocker, or are willing to flog at your browser preferences, you might think about thwarting Hitbox, too.
Archived at http://www.securityskeptic.com/arc20080501.htm#BlogID687
by Dave Piscitello