Thanks Bob I will certainly have a peek, I am starting to think authpf is the way to go, but the users at the intended facility are far from self sufficient/ self educating (plain lack of interest) and that usually spells trouble when helping out... or a fortune if you are a consultant, if you don't want to read the manual, then have some one else do it for you @ $110+ an hour =)
-- Johan On 7/27/05, Bob Beck <[EMAIL PROTECTED]> wrote: > > > authpf and a decent ruleset. > > use a central box and tunnel it back. > > redirect all unauthenticated http traffic to a website showing > them what to do to get authenticted. > > see http://www.ualberta.ca/CNS/wireless/ for a description of what > we use here. > > > > > * Johan P. Lindstrvm <[EMAIL PROTECTED]> [2005-07-16 10:48]: > > Thanks for all the replies, I see now that I should explain myself further. > > The scenario I am thinking of is when you run a public WiFi access point at > > let's say a campus with many new visitors from different organisations and > > you don't want to start messing around with WAP, WEP, IPSec, PPP or L2TP, > > having staff/manuals to help visitors setting up tunnels on their Windows XP > > / 2000 laptops is just not feasible. I am after a zero configuration > > solution for just the HTTP traffic, and if the sites browsed does not > > support https then there is little I can do on my end. > > > > > > On 7/15/05, Nick Holland <[EMAIL PROTECTED]> wrote: > > > > > > On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote: > > > ... > > > > I'm not too familiar with the inner workings of the needed technologies > > > > (sometimes a pro, often a con) but what if one would use a https proxy, > > > like > > > > say squid with SSL/TLS support, to obfuscate the http traffic leaving > > > your > > > > laptop over the WiFi LAN to your local OpenBSD box that runs the proxy, > > > that > > > > would then with some magic serve you the pages. So that http traffic > > > could > > > > not be intercepted on the open WiFi network. > > > ... > > > > > > Before you worry about this too much... > > > > > > IF you are worried about people packet sniffing your wireless > > > connection, you should probably be running some kind of encryption on > > > the traffic already, wireless or not. What's the point of encrypting > > > from your laptop to the firewall, if it is then sent plain-text to the > > > remote end over the common cable that many of your neighbors are also > > > attached to. > > > > > > By this point in time, any communications over the internet which should > > > not be sniffed should be encrypted end-to-end. > > > > > > That was a specific answer to a specific question. > > > the above reply is not meant to imply wireless security issues "don't > > > matter". IF the question is, "How do I keep people out of my wireless > > > network", or "how do I keep them from sniffing internal traffic in my > > > network", my answer would be very different...but that wasn't the > > > question. > > > > > > Nick. > > > > -- > Bob Beck Computing and Network Services > [EMAIL PROTECTED] University of Alberta > True Evil hides its real intentions in its street address.
