On Sun, Jan 15, 2006 at 12:10:13PM +0400, Bruno Carnazzi wrote: > Hi all, > > I use an OpenBSD/i386 3.8 as a gateway for routing my residential ADSL > access. I'm going to use an USB dongle (this is my last externel port > available :( to provide some Wifi access for some laptops (mainly my > Powerbook). I'd like it to be secured enough. So, here's some question > about this : > > * What's the best supported wifi chipset "USB-availbale) (ural vs wi vs atu ?) > * What's the best "linking" method : routing (AP) or bridging ? I > think in AP mode, filtering could be easier (of course, a filtering > wifi bridge is also possible) ? Is bridging more CPU-friendly (no nat) > ? (It's only a PII-233 that already share a 2Mbps with an in-kernel > PPPoE on 2 PCMCIA cards -> lots of interrupts !)
ural is the only one that works in hostap mode. You will need USB2 to get full speeds out of it which your PII won't have onboard. > * Wireless security : i'd like to use MAC@ filtering (it should be ok) > and a ciphering technology for privacy. I know OpenBSD doesn't yet > support WPA. What are some good alternative (in L2 or L3) ? WEP is not > a solution. Is it possible to use IPSec in transport mode to protect > this traffic or something else (OpenVPN ?) You need to specify what you want. Access control based on MAC addresses is stupid and can be easily worked around, if you just want access control that isn't retarded you should look at authpf.
