[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

802.11 gateway/authpf



I've been considering implementing OpenBSD as a wireless access point. It would be a simple setup with one interface into the wired net and one 802.11b adaptor. My main concern would be unauthorized Internet access through my wireless network; in other words, should someone crack the wep and associate with the AP, I don't want them to get past the AP to the rest of the wired net or out the Internet.

I was thinking of running pf and opening access only once a user has authenticated through SSH to give them access through authpf. This way thier access to the wired net is more difficult to obtain since it is based upon a password or ssh key. All access through the OpenBSD AP is blocked until they successfully authenticate.

This is really planned to be a temporary solution until IPSEC can be implemented. Are there any inherent flaws in this scheme besides the fact that the traffic on the wlan can be intercepted, if there is no wep/insecure wep? I hope to minimize the traffic that comes onto the wlan to broadcasts only (or native wlan traffic) by connecting the AP into a switch rather than a hub.

Thanks,

DS



Visit your host, monkey.org