Hi Waldemar ( & Ralph), Waldemar Brodkorb schrieb: > On Thu, 31 May 2007 at 17:37 +0200, Karsten Ensinger wrote: >> Is it possible to force Freewrt to tag all packages one receives >> via WLAN with a specific VLAN-ID (say VLAN7) and prohibit any >> possibility to "fake" a different VLAN-ID via WLAN (this means >> to force substitution of any already included VLAN-ID into the >> specific one (VLAN7) or alternatively to drop packages already >> tagged on reception)? > > I have no idea. You have a vconfig utility in the base install on > Linksys/Asus/Netgear routers. Did you try to play with it?
I have not played with vconfig before, because I wanted to fully understand the problem and its solutions before. I am more the brain based type and not an "immediate trial and error" one (which does not mean that I get it right the first time all the way and that I do not have to use "trial and error" once in a while). ;-) I think Ralph got it on the point when he mentioned (in his own follow up to my question) that I am too late for tagging when the packages arrive at the AP (due to the shared media). >> [...] >> Unfortunately I also want to be able to connect with my laptop >> via WLAN and reach some machines on the internal net. Therefore >> it is not an option to block all traffic from WLAN to the internal >> switch ports. >> Who said it would be an easy problem? ;-) > > The multiple ssid feature in the development version is fully > untested. Furthermore we will integrate a complete new ifupdown > infrastructure in the development version really soon. So if you > like to beta test the multiple ssid feature, we could assist you. > > Who said it would be an easy answer ;) Are there any "stable" snapshots (at least verified that I do not immediatley brick my AP) I can get somewhere? Or do I have to setup my own development environment? Any written guidance for something like that? Any "stable" labels available? >> Is there a solution which will secure the WLAN side but enables >> my laptop to reach machines on the internal net? Maybe the VLAN >> idea is completely wrong for the WLAN side? > > Or at least more complicated. For these scenarios many drivers have > virtual accesspoint support. Madwifi seems the best solution for > that, so if you are using a Netgear WGT634u, you are lucky, because > this could even be configured (manually with help of the madwifi > documentation) in the stable FreeWRT 1.0 system. Unfortunately it is an Asus WL-500gP (I liked the idea of two USB2 ports. One to use with an USB stick for additional software packages and one to use for a hdd extension). Do you think it is worth to think about another layer of encryption in addition to the multiple SSIDs? Maybe an OpenVPN serving my (already WPA secured) "private" SSID stream? Or am I too paranoid? Btw. it IS possible to use WPA encryption while using the multiple SSID feature, isn't it? Regards Karsten _______________________________________________ freewrt-users mailing list [email protected] https://www.freewrt.org/lists/listinfo/freewrt-users
