Funny you should mention wireless. I have entered the wireless world
as of this morning.
Here's the project I just completed:
Have a wireless interface up and running in my Linux laptop. I used
SMC2632w PCMCIA wireless card for the "client side.
In my OpenBSD3.0 firewall, I installed a SMC2602w PCI wireless card.
This is a PCMCIA wireless card put on a PCI board with a hardware bridge.
OpenBSD3.0 supports it well as does Linux. Apparently these SMC cards
are the same hardware as D-Link as well.
First thing I did was just get basic wireless connectivity going.
My 2.4.17 kernel already had PCMCIA support and a module for the
card in it (wvlan.o). I had to upgrade my OpenBSD2.9 firewall to 3.0
to support the PCI card. Then I added a NAT entry for the separate
wireless network. So in the OPenbsd firewall I have:
xl0: PCI network card for cable modem connection. public IP pulled via DHCP
ne0: ISA network card for wired interal LAN on 192.168.2.1/24
wi0: PCI wireless aptapted card on 192.168.3.1/24
Once I got basic unencrypted unauthenticated wireless connectvity working
happily (this was pretty easy actually), I moved onto protected my
wireless LAN. There is WEP (wired equivalent privacy) which is built
in to the wireless cards and supported by both OS's, but it's notoriously
insecure. I wanted to use full-blown IPSEC to protect my wireless
from snooping and from unauthenticated users trying to use my network.
I know this is an unlikely scenario right now, but why take the chance.
and I wanted to learn about IPSEC -- specifically getting it to interoperate
cross platform.
IPSEC is built into openbsd. For linux I had to install the freeswan
utilities and patch and rebuild my kernel. To simply administration
I used shared secrets (ie passphrases) to authenticate the ipsec
connection rather than true automatic key exchange. After consulting
many a howto, I managed to get a working ipsec connection over wireless
between my Linux laptop and OBSD firewall. Once that was done, I added
firewall rules to prevent wireless traffic that was not already encrypted
with IPSEC (and therefore authenticated) from passing through.
I'll write up something more formal with config examples soon.
There was an article in last months linux journal showing an all linux
solution that inspired me.
One need not use IPSEC, though I would avoid WEP personally. VTUN
is an easy to use and cross-platform encrypted tunnel solution that
doesn't require kernel modification. vpnd is a linux-only solution
described in the linux journal article. You could probably get
creative with ssh as well. I like the transparency of IPSEC and wanted
to spend some time learning it.
On Thu, Mar 28, 2002 at 09:29:24PM +0000, Joey Kelly wrote:
> Fellow geeks:
>
> This is cool. We were talking about setting up a free wireless network; well,
> here is one way. One has to hold a valid ham license to use the described
> network, but a no-code tech license is easy to pass.
>
> The aforementioned arguments for/against gatewaying to the net using our
> broadband accounts would also apply to this scenario.
>
> http://slashdot.org/article.pl?sid=02/03/29/0157221&mode=thread&tid=126
> --
>
> Joey Kelly
> < Minister of the Gospel | Computer Networking Consultant >
> http://joeykelly.dhs.org
>
>
> "When Government fears the people, it's liberty.
> When people fear the Government, it's tyranny."
> -- Benjamin Franklin
>
> Ich möchte ein Berliner.
> ___________________
> Nolug mailing list
> nolug@nolug.org
-- Scott Harney<scotth@scottharney.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 ___________________ Nolug mailing list nolug@nolug.orgReceived on 03/29/02
This archive was generated by hypermail 2.2.0 : 12/19/08 EST