[ previous ] [ next ] [ threads ]
 
 From:  Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] managing multiple APs with 1 m0n0wall
 Date:  Mon, 06 Jun 2005 21:24:18 +0200 
On Mon, 2005-06-06 at 20:40, till wrote:
> Hello,
> 
> On 6/6/05, Henning Wangerin
> <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk> wrote:
> > On Mon, 2005-06-06 at 18:55, till wrote:
> > 
> > > No, I want _one_ m0n0wall for 2 locations.
> > 
> > How are your locations connected? Do you have a fixed (VPN) link between
> > them?
> 
> Not at all or not yet. Both have Internet access. That's all.

Not much ;-)

> I've been searching around about this issue and I have found a post by
> someone on wifigeek.net , who had a different approach to the whole
> captive portal/authorization theme.
> 
> Check the post here:
> http://www.wifigeek.net/ftopict-145.html
> 
> Basically, this exclusivly relies on DNS and all you need to
> distribute is a DNS server which then gets the user to a website
> (online) where they sign in and then they are "ready to surf". I was
> wondering if m0n0wall could be used to accomplish the same thing.

I have trouble seeing how that would prevent me (as a user on you AP) to
connect to the net if I simply setup my own dns-info on my pc.

Ok you could block DNS in a firewall (but you don't want any hardware
except the AP, as I understand)
That could be bypassed by simply making a vpn-connection directly to my
home IP, and then setting my dns to go thru the VPN-tunnel.

> Since I have multiple locations and would not like to distribute more
> hardware than necessary, 

Good idea.

> it sounded like a good idea to me. When I
> speak of multiple locations, then I mean, that they are around 300 km
> apart from each other. 

As long as they are not seen as on the same LAN, it's getting tricky.

> Both are hooked up to the Internet and that's
> all so far.

I don't see how you would avoid some sort of vpn home to the central
office, or a portal at each point.

The VPN-idea might be able to create a virtual LAN, so the users would
only have to be set up i one place.

-- 
Henning Wangerin <mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk>