wireless gateway & openbsd

Shawn Rutledge plug-discuss@lists.plug.phoenix.az.us
Mon, 14 Oct 2002 18:19:48 -0700 

I agree, that would be really cool.

It's easy enough to give wireless users Internet access without giving
them access to machines on your wired LAN; but if you have your own 
wireless client machines, you might want to be able to access certain
LAN resources securely.  Maybe a VPN would be appropriate?

Or else, just connect everything up openly but assume that every machine
on the LAN also must be fully secure (use only SSH between your own
machines, require some cryptographic authentication for mounting
filesystems, accessing X displays, etc.  Those parts are harder to do
than they should be, IMO.  Too many overlapping but incomplete
security systems.)

If I get around to setting up WiFi, I'd do it for three reasons - to
allow the future machine in the car to get MP3s from a server on my LAN,
and be able remote-control the machine in the car; to use webpads around
the house; and to allow the neighbors access to the internet without also
being able to hack into stuff on the LAN.  So obviously the users which
get access to LAN machines would have to authenticate somehow.

I'd probably want high-gain antennas.  I was thinking of using either a
stacked dipole or 3 or 4 panel-style antennas back-to-back, like on the
cellsite towers.  I'd like to organize a neighborhood mesh network.

On Mon, Oct 14, 2002 at 05:31:20PM -0700, Tom Emerson wrote:
> Hmmm, I thought all the wireless buzz was about making open access 
> available everywhere ... so that people driving by your home will be able 
> to check their email & surf as they pass by??
>
>  ... wasn't this the AP access project that bases access on the MAC 
> address? (and it is totally spoofable).  My two cents worth, assume 
> _somebody_ is going to be sniffing your AP and potentially access your 
> network, secure your network with this in mind.

-- 
  _______                   Shawn T. Rutledge / KB7PWD  ecloud@bigfoot.com
 (_  | |_)                       http://ecloud.org  kb7pwd@kb7pwd.ampr.org
 __) | | \________________________________________________________________