[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Public WiFi Access Authentication


Dear Michelle.
Why don't using a vpn path between your desktop und auth or your main-router? 


Client----------Wireless-Router------VPN-Router-----Main Router
  |                                  |
  |                                  |
  +-------------VPN-Channel----------+
The vpn connection between client and the vpn router could be stablished with different 
authentications methods, e.g. preshared key on the client and the router.
The vpn router opens a vpn channel on a port you choose, e.g. 5004. On the vpn router 
you drop other ports and allow only incoming udp traffic on port 5004
from the interface to the wireless router.
In my opinion this scenario meets the most of your requirements. Am evil client without preshared key which overcome the wireless protection couldn't use this capture. The only connection could be used is a 5004 udp connection which require a preshared key. So only if a client started this half of the vpn connection with the correct preshared key, traffic between client and the lan 
is possible.

with kind regards
G. A. Wilm





Michelle Konzack schrieb:

Hello,

I have some 802.11a Access Point (privately) in Strasbourg and want to
open it public.  The solutions I have found are not suitable and some
are realy strange.

What I have:

|
|
| 802.11a Auth-Router Main +---- Access ---- (Etch) ---> Router <----> Internet Point DHCP 
I want, that the Auth-Router block ANY traffic until the $CLIENT which
connect over the Access-Point call ANY http-URL and autentificate.

Then the $CLIENT is allowed to use the connection until the last traffic
was on its MAC/IP for, e.g. 5 minutes, then the $CLIENT is required to
re-authenticate.

Also I need to prohibit that sevewral Clients use my Access-Point as
free bridge for there traffic.

I was searching the Net for a sample config how to do this but failed.

So, I want to install the authentication website directly on the Auth-
Router.

Does anyone has done this before and how must I make the iptables setup
to let this work?

Thanks, Greetings and nice Day
    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant
Reply to: