Need to share some thoughts on wireless networking with m0n0wall. ;)
Please comment(pros or cons) on this.
WEP is, as we all know, pretty bogus. And i cant understand why people
when using it. Of course it is more secure than running without, but if
wants to, they can easy hack it. So what, you say? Well, if you are a
like me, you like to have a little control over who is accessing your
since pretty much anyone can connect to your wireless network(if not
configured), one should take his/her precausions.
I would like to have some kind of encryption other/in addition to WEP
for my wireless
clients. I also want users connecting to my wireless network to
Either to the bulit in PPTP service in m0n0wall, or since im running
Directory, to my windoze wannabe RADIUS service. I like the VPN feature
and use it to connect via internet. So why not use it for wireless?
One thing tough; DHCP is generally a bad idea on wireless networks, but
want this since changing ip adress config on my windows 2k laptop is
roaming between school, work and home.
I am aware that dhcp works on wireless interface in brigde mode(with
is that no filter rules apply in brigde mode.
So what i am thinking:
-DHCP on wireless interface. (not possible in m0n0wall(...yet))
-Enable PPTP server in m0n0wall.
-Add some firewall rules on wireless interface:
GRE Wireless net * * * - for VPN
TCP Wireless net * * 1723 - for VPN
UDP * 68 wi-ip 67 - DHCP
UDP * 68 255.255.255.255 67 - DHCP
UDP wi-ip 67 * 68 - DHCP
And you are good to go! works like a charm :)
Your wireless clients will now get a leased ip-address, but cannot
connect to internet
or your LAN, untill they authenticate to the PPTP service in m0n0wall.
In windows, a simple setup of a new network vpn connection does the
Only thing needed to be done on m0n0wall, is adding DHCP for optional
maby include the above firewall rules into the filter.inc file. (or one
could add these
manually as i did).
Does this sound like fun or not?
Same effect can ofcourse be achieved with static ip-adresses, but i hate
ip adresses all the time! :)
I will, if not anyone else is already looking into it, write the code
for the dhcp
on optional interfaces as soon as i get the time, and post a note to the