[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Captive Portal + LAN Deny All + Access Points
 Date:  Mon, 24 Jan 2005 02:25:01 -0500
On Sat, 22 Jan 2005 12:23:30 +0800, John <naverxp at yahoo dot com dot sg> wrote:
> (Should i put AP users under another
> subnet?)

Definitely.  I wouldn't do it any other way.  Throw in a third
interface and put the AP on that, use captive portal with RADIUS HTTPS
authentication and don't bother with VPN.  Test the rules to make sure
the AP's subnet can't get to the LAN.