[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing a WLAN with PPP (or the like)

martin f krafft wrote:
I am faced with the challenge to secure access to a WLAN beyond the
WEP crap. In fact, what we would like to institute is a login-based
method in which users have to authenticate with the gateway before
being given access. The solution must allow for encryption of the
channel and be compatible/usable with Windows, even without admin

PPPoE comes to mind. However, for encryption, it requires MPPE
patches on all non-Windows hosts. Moreover, I cannot get it to work

0. http://lists.debian.org/debian-isp/2005/03/msg00033.html

Thus I am interested in how people approach this challenge. Short of
IPsec (which is not trivially enabled on Linux and Windows clients
alike), what other means are there to fulfill the aforementioned

Hi there,

I notice you tried pppoe-server.  Why not come over to the dark side
and use PPTP? ;-P

I have been using pptpd for this purpose [VPN over WLAN] for a while
now and it seems to work well.  Modulo the usual dicking around with
MTUs etc.  It keeps the Windows users happy.  OS X works as a client

I am using pptpd (i.e, poptop) with 2.4 kernel and kernelmod-0.71 on
Debian woody.  I got ppp from backports
"2.4.2+20040202-0.backports.org.1", although I can't remember whether
I installed this specifically for pptp or because I needed ATM

Everything apart from tcp/1723 and gre is firewalled off on the wifi
interface.  Firewall rules are a bit of a pain because you have to
work with ppp+.  I wish there were an easy way to assign a specific
ppp interface to a user.  Instead I assign static IPs to users and
filter by source address.

I have never managed to get MPPE module working properly on 2.6.
However my last attempt was quite early in the 2.6 lifecycle so I
have high hopes that it will work when I next feel like giving it
a go.

Best regards,


Reply to: