MacInTouch Amazon link...

AirPort issues/alternatives

Channels
Apple, Security, Products
Installing the Velop system was easy, but I have no idea what you would do if you didn't have a smartphone, which seems to be required to do the installation.
I skimmed the user's guide and it appears that some device that can run the app (Android or iOS) is required.

But I also saw mention that the latest firmware includes a web interface for configuration. So I would assume that once new units start shipping with this firmware, it will be possible to perform the installation via a web browser (e.g. point a browser at the default IP address, usually 192.168.1.1, to pull up the configuration screens). But this will, of course, remain to be seen.
 


For what it's worth, it's possible to configure a Raspberry Pi (or any Linux, for that matter) to be a Time Capsule. I've done it with a Pi and various USB storage devices. Basically, you start with stock Raspbian, add netatalk (for AFP) and two or three configuration files.

Devices configured like this also double as a NAS.

Article is slightly dated but still applies:
https://raymii.org/s/articles/Build_a_35_dollar_Time_Capsule_-_Raspberry_Pi_Time_Machine.html
 


What about the Airport Express ability to send Airplay audio to an amplifier with a standard minijack to RCA cable?
I use an Express to receive AirPlay audio to drive an external, high-quality Grace DtoA converter from the optical output in the mini-jack. Is there anything out there that can give me the Airplay digital audio bits ?
 


A couple of points about Time Capsule replacements.
  1. With High Sierra, AFP is deprecated and Time-Machine backups over SMB are the only way to go.
  2. Apple has a specific set of requirements for an SMB Server to be Time-Machine compatible.
  3. Samba 4.8.0 and later satisfies those requirements.
  4. Avahi (the open-source Bonjour implementation used on most Linux systems) needs to be configured to advertise the Samba service on your LAN.
  5. If you've satisfied (4,5), your Samba Server will appear under "Add or Remove Backup Disk" under the Time Machine PreferencePane.
  6. Select it (optionally, click on the "Encrypt backups" checkbox), enter your credentials (which will be saved in the Keychain), and you're good to go...
No need to mess with "defaults write", etc.

As to what to set up as a Samba server:
  1. As previously mentioned, an old Mac running High Sierra is the easiest option.
  2. Another really nice option is the Odroid HC2. Like the Raspberry Pi mentioned above, it's a Single-Board-Computer based on an ARM chip. But
    • It's got a much faster processor
    • It has a SATA interface (instead of the very slow USB-2 interface on the Pi)
    • It has gigabit ethernet (instead of 100Base-T, hanging off the same slow USB-2 bus on the Pi)
    • Its aluminum case is a massive heat sink to keep the whole thing running cool.
I'm using one of these to back up two Macbook Pros at home. It runs completely silently and consumes very little power (way less than an old Mac would). I even added a 12V DC UPS to power it (power failures are a common source of data corruption and hardware troubles in NAS units).
 
Last edited by a moderator:


I use an Express to receive AirPlay audio to drive an external, high-quality Grace DtoA converter from the optical output in the mini-jack. Is there anything out there that can give me the Airplay digital audio bits ?
I retired my Expresses and have moved on to a Yamaha WXC-50 [Amazon link] streamer pre-amp for this optical and coax digital output facility.

I have the Yamaha WXA-50 [Amazon link] , WXC-50 and WXAD-10s working in different rooms (only the WXC-50 with digital outputs).

More pricey than the Express, but a lot more music function via a web interface for the amps as well as an app which is very good - even has a sleep function so you can nod off to your favourite music. The app and device firmware are actively updated by Yamaha.

If you can live with an RCA connector then the WXA-50 amp and the WXAD-10 basic streamer work well, the WXAD-10 basic streamer has much less connectivity and functionality compared to the streamer amp models.

I am very happy with my choice.
 
Last edited by a moderator:


I wonder if Airport Express will support AirPlay 2. I would guess the answer is no, but I haven’t read a definitive answer. AirPlay 2 is part of the latest iOS beta. Has anyone experimented with that?
 


I just replaced my Airport Express this morning with a Linksys Velop [Linksys WHW0302B Velop] 2-node tri-band system. ... But so far I am very impressed and can understand why this is Apple's pick to sell in their store.
A question for you if you know, and for everyone else here: are there any potential problems with "back-doors" or unsecure chips with this and the other routers being put forward as replacements for Airport? There have been plenty of news reports about how products made in China may have such issues which could allow a hacker to gain control of the device. This apparently affects more than routers and gets to the whole "internet of things" issue.

If anyone knows, please share, as I too will be looking to replace an aged AirPort Extreme in the near future but hate to think I'm providing an opening to hackers -- something I generally didn't have to worry about with the Airport.
 


A couple of points about Time Capsule replacements.
… As to what to set up as a Samba server:
  1. As previously mentioned, an old Mac running High Sierra is the easiest option. …
Any idea about how my old Mac Pro (2008) with ZFS Raid-z2 could be used? Runs nicely with 4 disks installed in a Raid-z2 configuration (OS X 10.11 etc. on two SSD's in the PCIe slots).
 
Last edited by a moderator:


FWIW, FreeNAS 11.x currently does not yet offer an SMB-based Time Machine server, only on AFP. While AFP may be deprecated, even High-Sierra machines can still use it to connect to servers and make Time Machine backups.
 


I am using an old (Mid 2010) Mac mini running Yosemite as a Time Machine server. The Mac mini is primarily used as a database server, which prevents me from updating to High Sierra (but hardware-wise I could). I am not sure how far back File Sharing includes Time Machine, but here is how I did it (I believe though, it has been mentioned here before):

  1. In System Preferences -> Sharing, turn on File Sharing.
  2. Under "Folders to Share", select a folder or volume to share.
  3. Right-click on that folder, select "Advanced Options..." and then check "Share as Time Machine backup destination". Done.
As for SMB vs AFP, on the Mac mini I have turned off File Sharing via SMB, and I allow only AFP. I don't know though if Time Machine bypasses this restriction and uses SMB anyway.
 


As for SMB vs AFP, on the Mac mini I have turned off File Sharing via SMB, and I allow only AFP. I don't know though if Time Machine bypasses this restriction and uses SMB anyway.
If you turn off SMB at the firewall, it can't use SMB. My guess is that it happily uses AFP for now.

Another thought for those ready to chuck their Apple Airport Extremes, especially the Generation 6, aka the most recent ones: Does your Apple device support some of the much-touted extra features that the allegedly-faster base stations offer?

For example, the latest Airport Extreme has three Multiple In Multiple Out (MIMO) antennas to help with throughput and interference (3×3:3 (in each band)). Older laptops, like my MacBook Air, need an upgrade to even allow 802.11ac, like this bluetooth / 802.11ac card at iFixit.

Very high-speed WiFi base stations rely on using multiple frequency bands to boost throughput, which only really works in areas without a lot of WiFi congestion and if you have a laptop that can take advantage of that also. See this primer at digital citizen.

Don't get me wrong, mesh networks have their place and can make retrofits into existing houses much easier than running ethernet and placing multiple access points. However, I happen to prefer having multiple access points in my home as a means of reducing the congestion at each access point (they all use different frequencies), increase throughput, etc.

From a longevity point of view, I have found the Apple Extremes to be much more robust than their competition. Every rival access point (Ubiquiti, DLink, etc.) failed in a few years, and these units just keep chugging along until they are obsolete. That's a really good thing when you install them for friends and family and thus morally "own" the maintenance associated with the thing for the rest of its life.

Another important factor is upkeep. Where the Apple Airport system is smart enough to alert you to the availability of a firmware upgrade via macOS, makes the process easy, etc., the rivals still rely on you to figure out that there may be a firmware upgrade, download it, install it, etc. The key thing here is not that one process is necessarily better than the other, but that it gets done - especially if the end user is not a Mac / router / access point expert.

This "maintainability" and durability is precisely why I continue to advocate for these base stations. Obsolescence will come eventually but likely not until more industrial, scientific, and medical radio bands (ISM bands) achieve widespread use in addition to the common 2.4 and 5.8GHz frequency bands supported by Apple's Extremes today.

Some of the worldwide ISM bands (like 24GHz) are already in widespread use for point-to-point links for wireless ISPs. However, I don't expect to see 24GHz used indoors anytime soon, due to attenuation issues. Other frequencies are available but tend to be market-specific, driving up manufacturing cost (less scale) and causing logistical headaches (i.e. they are legal to be shipped to country A but not country B).

So whenever the powers that be decide to open up more frequencies on a global scale is when I expect to see meaningful real-life (not laboratory) WiFi throughput improvement for most users, especially those in congested markets. The race for 5G wireless services showcases the same thing, just with a slightly different application.
 



re there any potential problems with "back-doors" or unsecure chips with this and the other routers being put forward as replacements for Airport?
In short, yes. I'd say two important selection criteria are, first, the manufacturer's track record on providing firmware updates over its products' lifespans and, second, if a product allows its login name and password to be changed by users.

If you're interested in more info, I recommend searching the websites of Brian Krebs (Krebs on Security) and Bruce Schneier (Schneier on Security).
 


The truth is that few to none of us are likely going to be able to find an intentionally-planted backdoor in a device out there. Bone-headed, hard-coded logins / passwords aside, there are so many ways to obfuscate the trigger so as to make triggering it unintentionally (and without inside knowledge) practically impossible.

What you're really left with is the reputation of a vendor, i.e. as far as I know, no properly set-up Apple Airport base station has ever been 'owned' by a hacker attacking it from the WAN-side of the router. Similarly, companies like Ubiquiti, Mikrotik, etc. keep updating their firmware while noting the improvements made, in the developer notes.

None of these devices is as simple to set up as a Airport Base Station, but they also allow you to do things that an Airport Base Station won't - like sharing a printer with the Guest and the private LAN network. Whether that is a wise thing to do, I'll leave to others to debate, however!

For me, the issue of exfiltration of data starts with limiting the number of devices that can connect to your important data, what protocols you use, etc. For example, because Sonos has yet to implement anything above SMB1v1 for NAS server authentication, the source for my Sonos players is a "burner" hard drive with a copy of my music, attached to an Airport Extreme. in my opinion, you'd be crazy to allow SMB1v1 connections to a server that contains data you care about.

If you have IP cameras and other iOT stuff, consider putting them on a Virtual-LAN (VLAN) that segregates them from the rest of your internal network. You could even add a Intrusion-Detection System (IDS) - there are several available for the Raspberry Pi. But more than anything, be aware of what is attached to your network and weigh the risks vs. the benefits of allowing it to co-exist with everything else.
 


I'm currently using a TP-LINK TD-W8980 router which has served me well until recently. It seems that the WiFi radio is failing. WiFi devices sometimes lose Internet connectivity while wired devices do not.

After reading this thread I was thinking of replacing the TP-LINK with an AirPort Extreme while they're still available. However, I'm not sure if the Extreme will meet one special need that I have.

My ISP sometimes creates a double NAT situation by assigning me a non-rourtable IP address. There was no way for me to know about this until I was away from home and found I couldn't SSH into my home machine.

So, I wrote a shell script to detect double NAT and notify me via Growl and email. But, that shell script needs to be able to detect the WAN address of the router and compare that with my public IP. It turns out to be relatively trivial to Telnet into the TP-LINK and get the WAN IP.

Is there any way to get the WAN address of an AirPort Extreme from the command line?
 



... Is there any way to get the WAN address of an AirPort Extreme from the command line?
Start with:
Code:
curl --insecure https://ipchicken.com > ~/tmp/temp.txt
After analysis of temp.txt, develop parsing code and replace the output redirect with a pipe to your code. This works with any router.

Note: whatsmyip.org prohibits and prevents programmatic access. Currently, curl works with ipchicken.com. There may be others.
 


My ISP sometimes creates a double NAT situation by assigning me a non-routable IP address.
It's not unusual for ISP's to assign addresses from private (RFC 1918) address space. But usually when they do this, the address is 1:1 mapped to a public address, so there is still a public address you can use to access your device when away from home, even if your home router doesn't know about it. Which means you can still probably access your home LAN.

There are many services on the Internet that will report the IP address they see from your requests. This will be the address you ultimately end up with (after however many levels of NAT may be applied). If they report the source IP address (and not the X-Forwarded-For header), then you'll get the final proxy server's address - otherwise, they'll get the last pre-proxy address. If you ask Google "what is my ip address", you will see the address used for that request. You will also get links to many many web sites that will show you the information (many of which will subsequently try to sell you anonymizing services). Here's one that doesn't try to plaster my screen with pop-up and interstitial ads.

If your ISP supports IPv6 (I know Comcast does), then your job might be easier. Use of NAT for IPv6 is much less common than IPv4 (since there's no shortage of IPv6 addresses). Most of the time, you are assigned a public /64 address block and your local router (or possibly your computers themselves) will generate addresses within that block.

Of course, if your ISP actually is assigning multiple customers (each with different private addresses) to the same public IP address, then there's not much you can do.

But getting back to your actual question:

Is there any way to get the WAN address of an AirPort Extreme from the command line?
Given that the goal is to access your LAN from remote, pulling an address from the router is not necessarily the best way to go. Unfortunately, in order to get your final IP address, you need to send a packet to a remote server (somewhere on the Internet) and have it send you the address back. Fortunately, there are servers that do this. In addition to the (often spammy) web sites I mentioned above, I ran across one that provides a very simple interface that you can use in scripts.

ipifi lets you ask "what's my IP address" and get back a result that scripts can use. They also provide example code for how to do this in many different languages. The only downside is that the web site hosting it seems to only support IPv4, so it can't show you any IPv6 addresses. But the code is open source, so anyone that needs this capability can easily host it somewhere else that has v6 support.
 



The list of WiFi equipment I've used is rather short - but mainly Apple Airports, Expresses, and a couple of Time Capsules. My latest Time Capsule kept giving me overheating warnings and after trying various methods to cool it down with vent holes drilled in the top, and a dedicated muffin fan near it, I was looking at replacements when Apple announced they were discontinuing the product line. Add to this the issues I was having with some of my older 2.4 Ghz devices not connecting. Having to restart and reconnect them was frustrating.

I already had a Synology NAS (214play) and looked at their router offering. Being familiar with the NAS interface made the decision easy to go with the 2600ac.

Setup was quick. Going through all of the available settings was daunting at first, but a couple searches and articles helped get me set.

Being able to identify each wired and wireless connection and rename them was fantastic. The ability to prioritize certain connections was great, as was the remote connection to check usage. Synology may not be as easy and fool-proof as Apple's Airports, but I'm happy.

Next I have to migrate the data from the hard drive on the time capsule to the NAS.
 


Thanks for the suggestions. I already know how to get my public IP address. I use:

ip=`dig +short myip.opendns.com @resolver1.opendns.com`

And, Ric is right, being able to telnet into the router is a security problem.

The point of knowing whether or not there is a double NAT is so that I can call my ISP's network engineer and tell him to give me a routable IP address. They are always happy to do this. (My ISP is CAT in Thailand. No IPv6 here, yet.)

There’s the undocumented (as far as I can tell) dns-sd -X command.
The problem with dns-sd is that it is designed to be interactive and terminated with a ^c, so not easy to use in a shell script. But, it does give me what I need, including useful info when there is a double NAT situation:

Axe:~ mnewman$ dns-sd -X
DATE: ---Wed 09 May 2018---
14:47:55.745 ...STARTING...
Timestamp if External Address Protocol Internal Port External Port TTL
14:47:55.746 0 10.0.0.236 0 0 0 0 Double NAT


Not that this is of much interest, but I've been playing with expect and this seems to work:

#!/opt/local/bin/expect -f
spawn dns-sd -X
expect "\n\n"
send "\x03"
expect eof


Still need to put the expect buffer into a file and extract the IP address.

So, problem solved. Thanks to all.
 


The list of WiFi equipment I've used is rather short - but mainly Apple Airports, Expresses, and a couple of Time Capsules...

Next I have to migrate the data from the hard drive on the time capsule to the NAS.
It's that last step that is driving me nuts.

I have an older Time Capsule (backing up a MacBook Air) which, while it still works I thought I'd get a new Airport Extreme, migrate my sparse image backup file to an external drive, and use an always-on High Sierra Mac to host the backup.

#1) To set up a Time Machine drive, Time Machine: How to transfer backups from a current backup drive to a new backup drive says that for Time Machine, one needs an OSX HFS+ extended Journaled drive with a GUID partition. One also needs to deselect "ignore ownership of this volume" in the Get Info window.

#2) I followed these instructions for setting up a Mac as a Time Capsule server:
Use a shared folder with Time Machine
Note that it says the folder must be on an APFS drive. It says nothing about the "ownership" checkbox.

After transferring the sparse image file and following #2 above I got a message that Time Machine can't connect to the backup disk (OSStatus error 17). I reformatted the drive as APFS, and Time Machine will accept it as a backup drive. I will now spend another 11 hours transferring the sparse image file again to see if it will work this time.

I noticed that everyone has Read & Write privileges on the sparse image file on the Time Capsule drive. When I transferred the file it had Read Only for "everyone." I couldn't change that. I'm guessing this is the source of error 17, but it's only a guess.

I'll post a follow-up, but if anyone has any suggestions I'd love to hear them.
 
Last edited by a moderator:



Is there any way to get the WAN address of an AirPort Extreme from the command line?
One method is to use AirPort Utility 6.2 to turn on SNMP on the AirPort Extreme*, and then you can query it from the command line. I think the trick is to ask it for the next hop, twice?

* may not work with latest generation AirPort Extremes.
 


Is there any way to get the WAN address of an AirPort Extreme from the command line?
With an Extreme behind a Verizon FiOS router, I can get my "real" IP address with the shell (Terminal) command:

ifconfig -a | grep "netmask 0xffffffff"

That's a pipe (the uppercase "\" on Mac keyboards)
 
Last edited by a moderator:


What I discovered:

Initially, I had transferred the sparse image to an external HFS+ volume and converted to APFS later. That's when I got the "error 17."

After reformatting as APFS, I was able to choose the disk as a Time Capsule equivalent on my MacBook Air. I again transferred the sparse image, and now it seems to be functioning normally.

I think the key may be to format the disk before transferring the backup file. Incidentally, in the Permissions window on the Mac where the disk actually resides, the sparse image file shows everyone "read only" and the "ignore ownership" box is checked. On my MacBook Air, the Permissions on the sparse image show everyone "read & write."
 
Last edited by a moderator:


#2) I followed these instructions for setting up a Mac as a Time Capsule server:
Use a shared folder with Time Machine
Note that it says the folder must be on an APFS drive. It says nothing about the "ownership" checkbox.
I looked at the Apple instructions you posted above, and I'm baffled as to why they say the Shared Folder for Time Machine must be on a drive formatted APFS. I've previously posted that I am successfully using my pre-existing HFS+ formatted Time Machine drive using the new Time Machine Sharing feature of High Sierra.

At least their statement that you can't use AFP as the file sharing protocol makes sense, if you following their previous direction to use an APFS formatted drive. However, since my drive is formatted HFS+ I am able to use AFP.
 


With an Extreme behind a Verizon FiOS router, I can get my "real" IP address with the shell (Terminal) command:
ifconfig -a | grep "netmask 0xffffffff"
That's a pipe (the uppercase "\" on Mac keyboards)
Thank you. That worked with netmask 0xffffff00:

ifconfig -a | grep "netmask 0xffffff00"
inet 172.16.0.52 netmask 0xffffff00 broadcast 172.16.0.255


Or, you know, just Google my IP as the search term. Not as techy, but much easier!
Kind of hard to do that from a shell script, though….
 
Last edited by a moderator:


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts