[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wireless auth+crypto

To: misc@openbsd.org
Subject: Re: wireless auth+crypto
From: "Paulo Jorge Correia Pires" <ppires@av.it.pt>
Date: Sun, 02 May 2004 23:33:18 +0100

In fact this was kind of my idea! I was thinking on 
something like PHP+MySQL (being MySQL the freeradius 
backend) and that is easy, but then it would be nice to 
"ipsec" the link. I know that clients should be aware of 
securing their data but this is going to be a wlan with 
over 30km2 between friends and ppl who just want to have 
24h/day connectivity and mobility :)
i'm going to implement it on OpenBSD on a 
soekris4801+vpn4011!

thanks anyway ppl :)


On Sun, 2 May 2004 17:59:24 +0200 (CEST)
  Erik Norgaard <norgaard@locolomo.org> wrote:
>On Fri, 30 Apr 2004, Paulo Jorge Correia Pires wrote:
>
>> Now i'm looking for a authentication and 
>>traffic-encryptation
>> solution, perhaps some accounting too.
>
>Hi, I have been thinking also of an alternative to 
>pfauth. The
>thing is that it is my experience that many users are 
>unfamiliar
>with ssh and ssh apps, also I find it easier to 
>distribute and
>maintain a database.
>
>A database backend will allow a web frontend for 
>administration
>and authensication. The good thing about a web frontend 
>is that it
>is truly platform independent, there is no need for 
>subtle extras,
>patches etc. And people are familiar with web forms. Also 
>with
>this solution you can easily addapt it to other types of 
>fire-
>walls.
>
>Having the user authensicate before gaining access easy 
>accounting
>on the basis of time connected. Accounting on basis of 
>traffic
>seems a bit troublesome with pf. I have asked and got a 
>hint, but
>not a clue.
>
>Regarding VPN and such: I am of the opinion that people 
>should
>secure their own privacy and not rely on the work of 
>others. And
>whats the point anyway if traffic is not encrypted once 
>it leaves
>the firewall? In fact some people may even be led to 
>believe that
>since they are using IPSec their privacy is secured.
>
>My suggestion is to secure the authensication using 
>https, again,
>people do not need to install special programs, or learn 
>to use
>new apps.
>
>Well, these are my thoughts, I have no current need for 
>implemen-
>ting such a solution, so currently the idea is only an 
>idea. If
>you like, let me know, I may be able to give a hand on 
>the pro-
>ject.
>
>Regards, Erik
>
>GnuPG Key: 
>http://www.locolomo.org/home/norgaard/norgaard.gpg.asc
>pub  1024D/B02CC311 2004-04-05 Erik Norgaard 
><norgaard@locolomo.org>
>      Key fingerprint = 6C11 B9B1 52BD F16D 34AD  9893 
>D3EC E6DB B02C C311

Prev by Date: Re: Problems with media/mediaopt Called from /etc/netstart
Next by Date: CPU throtteling on Notebooks (where is the option gone?)
Prev by thread: Re: wireless auth+crypto
Next by thread: Re: dhclient problem
Index(es):
- Date
- Thread