[lug] wireless points in Boulder

rise rise at knavery.net
Thu Apr 11 18:02:55 MDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Apr 2002, Ferdinand Schmid wrote:

> This is how I have used 802.11b in the past.  Initially I had hoped to
> use it for Windows users at our office but due to the security problems
> this never happened.  Doing proper authentication and encryption that is
> transparent to Windows (and its users) isn't trivial and totally cheap
> ;)  So my access point remains strictly an admin ssh tool.

There's a low activity discussion going on over on the BURN list about
implementing IPSEC (which Windows finally has some halfway-functional
support for) to do this.  The main problem seems to be accommodating
roaming between subnets - the Security Associations include the IP
addresses of the endpoints.  I've got a few ideas involving automatically
tunneling protocols 50 & 51 to a central gateway and keeping a distributed
mapping of MAC to IP for the local DHCP servers that seem like they could
work, but I'm concentrating on getting a net4501/host-mode AP testbed
running right now.

It would notably amusing if the final push that got IPSEC into common
usage was wide deployment of 802.11.

On the SSH front, anyone know if OpenBSD's Authpf[0] is being ported to
Linux?  Being able to allow traffic (FW and NAT) based on having a current
SSH login seems a pretty straightforward solution to the auth half of the
problem.

[0] http://www.deadly.org/article.php3?sid=20020404012633
    http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8
- -- 
Jonathan Conway						      rise at knavery.net
history is paling & my surge protection failed, & so I FRIED
						- Concrete Blonde, "Fried"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6

iD8DBQE8tiQ1x9v8xy9f0yoRAjt9AJ4kmXt5Mh5bAUYb52soloqOWbeX/ACdHIcS
nZatV+wcYsIzGs8NS1HCq7I=
=TaH9
-----END PGP SIGNATURE-----





More information about the LUG mailing list