martin f krafft wrote:
I am faced with the challenge to secure access to a WLAN beyond the WEP crap. In fact, what we would like to institute is a login-based method in which users have to authenticate with the gateway before being given access. The solution must allow for encryption of the channel and be compatible/usable with Windows, even without admin rights. PPPoE comes to mind. However, for encryption, it requires MPPE patches on all non-Windows hosts. Moreover, I cannot get it to work anyway[0]. 0. http://lists.debian.org/debian-isp/2005/03/msg00033.html Thus I am interested in how people approach this challenge. Short of IPsec (which is not trivially enabled on Linux and Windows clients alike), what other means are there to fulfill the aforementioned requirements?
Hi there, I notice you tried pppoe-server. Why not come over to the dark side and use PPTP? ;-P I have been using pptpd for this purpose [VPN over WLAN] for a while now and it seems to work well. Modulo the usual dicking around with MTUs etc. It keeps the Windows users happy. OS X works as a client also. I am using pptpd (i.e, poptop) with 2.4 kernel and kernelmod-0.71 on Debian woody. I got ppp from backports "2.4.2+20040202-0.backports.org.1", although I can't remember whether I installed this specifically for pptp or because I needed ATM support. Everything apart from tcp/1723 and gre is firewalled off on the wifi interface. Firewall rules are a bit of a pain because you have to work with ppp+. I wish there were an easy way to assign a specific ppp interface to a user. Instead I assign static IPs to users and filter by source address. I have never managed to get MPPE module working properly on 2.6. However my last attempt was quite early in the 2.6 lifecycle so I have high hopes that it will work when I next feel like giving it a go. Best regards, Blair.