Wireless ISP
Erik Norgaard
norgaard at locolomo.org
Wed Jan 25 08:36:58 PST 2006
FootballCALL wrote:
> Hi,
>
> I am based in the UK and wish to set up a wireless community broadband service to residents and businesses in my community. From my access point, I would like other users to 'share' my connection through wireless technology and therefore they will pay a nominal amount for their internet access.
>
> I therefore require a home page/login page so only registered users can use the connection, and also need to manage bandwidth of these users.
>
> Is this something you can help with?
This depends on what kind of access you want to offer and the need for
security:
A web only? Then set up a proxy with authentication. Create a website
for initial registration and maybe allow any connection to a service
like paypal to receive payments.
If you want to offer more than web-only, then it becomes complicated.
You can require registered users to authenticate using putty - each user
is given an account with authpf as shell.
Depending on setup, this may not limit the number of connections to one,
so you risk that people share their credentials.
I have created a simple setup that relies on mac addresses. IP is
assigned statically and I maintain a static arp table. All other
web-address is directed to a default page that shows they don't have access.
The advantage is that users are not bothered with authentication, the
disadvantage is that mac addresses can be spoofed.
The bad thing is that to make new users aware of the AP it is open and
unencrypted, so you can get a lease and reach the access-denied page.
But, this also means that any one can start sniffing for valid mac/ip
address pair and spoof their way to access.
For my single AP with only a few users, I think I should be able to
catch abuses and if so implement stronger checks.
For security, the proper way would be to issue encryption keys and
require registered users to open a VPN to the gateway. This will:
- force authentication
- encrypt traffic
- prevent spoofing of traffic
- allow the AP to announce itself and be open
and likely some more goodies. The disadvantage is the complex setup, in
particular for the novice users, and when people get on other networks
they might have to reconfigure their computer.
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
More information about the freebsd-questions
mailing list