[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wireless auth+crypto

To: misc@openbsd.org
Subject: Re: wireless auth+crypto
From: Pedro la Peu <pedro@am-gen.org>
Date: Sat, 1 May 2004 14:17:00 +0100
Content-Disposition: inline
References: <web-1161903@av.it.pt>
User-Agent: KMail/1.5.4

On Saturday 01 May 2004 12:29 am, Paulo Jorge Correia Pires wrote:
> i've said something simple to the client side, and authpf
> means an ssh session and i do not want ppl to have shell
> access to the AP/AR! but thanks for the tip.

Read authpf(8), you do not appear to understand it.

Check the archives, I posted a simple "one click" recipe for this about 12-18 
months ago using putty/pageant. If you have a WDS (multiple AP's) configure 
them as filtering bridges and run dhcpd and authpf on the wired lan (e.g. 
authpf on the WDS's default gateway).

For encryption, you can tunnel all traffic through the ssh (authpf) session 
and block anything else at the AP's. A decently spec'd gateway can handle 
several 802.11b wlans worth of tunnelled ssh load.

For added user convenience redirect all non-tunnelled http requests to a web 
page with a link to the files needed for authpf (a batch file and putty.exe) 
and an explanation of who to contact to obtain an RSA key and passphrase.

None of my users find this difficult or inconvenient. YMMV.

-p

Follow-Ups:
- Re: wireless auth+crypto
  - From: Julian Smith <jules@op59.net>

Prev by Date: Re: Synaptics touchpad issues
Next by Date: Re: dhclient problem
Prev by thread: Re: 3.5 release
Next by thread: Re: wireless auth+crypto
Index(es):
- Date
- Thread