Re: Wireless access point with OpenBSD

["Charles J. Fisher" <cfisher@rhadmin.org>]

On Fri, 31 Dec 2004, [ISO-8859-1] Johan P Lindstrvm wrote:

> There are basically two types of authentication to choose from, (1) a 
> Pre Shared Key (PSK) or (2) RADIUS.

I have wide-open 802.11b routers (the SSIDs are usually "HACKME") that are 
tied to a dedicated network card on OpenBSD. I usually allow NAT during 
the router setup, then turn it off, so the router can only see the local 
network.

I then use putty to create a tunnel from 127.0.0.1:80 to the OpenBSD on 
port 80. Currently I am running http-gw from fwtk.org and only allowing 
proxy connections from localhost. Set the browsers to proxy off localhost 
and voila, encrypted web.

It is kind of slow, but it is thoroughly encrypted. I don't care about 
proxy logging, so I've mostly disabled it and the speed has improved.

I've heard that OpenVPN is a much better solution, but it is not 
specifically targetted for this application and my routing skills are not 
strong enough to do it with no trouble.

    ---------------------------------------------------------------------------
   / Charles J. Fisher   |"How ridiculous not to flee from one's own wicked- /
  /  cfisher@rhadmin.org | ness, which is possible, yet endeavor to flee    /
 /   http://rhadmin.org  | from another's, which is not." -Marcus Aurelius /
---------------------------------------------------------------------------