[NCLUG] Software WEP/WPA in Linux gateway?

Kevin H. Olson k.h.olson at att.net
Mon Jul 31 14:32:43 MDT 2006 

Hello Marcio,

  I know this proposal uses MAC addresses, but here is one thought.

1)Do not have the wireless router assign IP addresses. Use the DHCP from the Linux machine.
2)In the DHCP configuration file, assign known IP addresses for known trusted MAC addresses. For unknown MAC addresses, assign out of the general pool.
3)Filter all traffic based upon the IP addresses. Trusted IP addresses may have full access, untrusted would have only limited access.

For example, I set up two zones, trusted and not. Trusted MACs received an address of 10.x; untrusted received 192.168.x. Then, the routing on the untrusted could basically only access the internet, as the routing tables were completely different.

  The difficult part of the administration was handling the MAC address entry. However, there were no keys to distribute. Unfortunately, the communication was not encrypted, something you indicated you might want. 

Kevin  

Thursday, July 27, 2006, 9:49:04 PM, you wrote:

MLT> Hi,

MLT> I would like to experiment with a wireless network that supports both trusted
MLT> and untrusted users. With wireless routers, I know it's pretty much an all or
MLT> nothing proposition -- either I turn on encryption for everyone or I turn it off for everyone.

MLT> What I am wondering is whether I can enable WEP (or WPA) on my clients, leave
MLT> it off on my wireless router, but have the encrypted packets be decrypted by an
MLT> upstream gateway running Linux before passing on to my local network. This
MLT> gateway would also handle unencrypted packets for untrusted users, but would
MLT> subject them to logging and/or restrictions.

MLT> Is this at all possible? I know there are other obvious solutions, such as MAC
MLT> filtering (transparent, but easily spoofed) or setting up a VPN over an unsecure
MLT> wireless network (very secure, but not very transparent to my trusted clients).
MLT> None of these solutions, however, would offer the convenience of having a
MLT> gateway that can speak plain-text, WEP or WPA depending on the client.

MLT> I've googled for this and haven't really turned up anything like this. Any ideas?

MLT> -- Marcio



MLT>                 
MLT> ---------------------------------
MLT> How low will we go? Check out Yahoo! Messenger?s low  PC-to-Phone call rates.
MLT> _______________________________________________
MLT> NCLUG mailing list       NCLUG at nclug.org

MLT> To unsubscribe, subscribe, or modify 
MLT> your settings, go to: 
MLT> http://www.nclug.org/mailman/listinfo/nclug



-- 
Best regards,
 Kevin                            mailto:k.h.olson at att.net

More information about the NCLUG mailing list