DJA wrote:
kelsey hudson wrote:
As far as the other requirement goes, If you want to keep the garden
variety freeloading idiot out, WEP is sufficient. WPA is a hack and a
kludge and generally pain all around.
Please elaborate on why you think WPA is bad. I have been using WPA2 on
my access point with no problems. In fact, with NetworkManager,
KNetworkManager, and WPA_supplicant included in the standard FC6
installation, it all just worked out-of-the-box for me with no fiddling,
other than to install the IPW2200 firmware.
Mainly it's just that not all the chipsets out there support frame
capture (required for WPA), the driver support for the wext WPA backend
is spotty and broken for several drivers (ipw is an exception -- its
wext support is perfect). It's not something that can easily be
addressed with the stock ifconfig/iwconfig utilities. If you have an
access point which requires strong authentication it requires you to
keep that password in cleartext, in a text file.
wpa_supplicant/xsupplicant thus far have no method to prompt the user
for a password. On top of that, there are *SO MANY DIFFERENT FLAVORS*
and configurations of WPA that it's a colossal pain sometimes to
decypher how everything should be set up. For instance, here at work we
have to enter SSO credentials to log on to the wireless network. There
are at least 20 different ways of setting it up, and I tried all 20 of
them before I finally found one that works.
If you want to get fancy and keep all idiots out, even the more clever
ones, you can directly connect your open, unencrypted WAP to a box
(isolated network and addressing scheme); this box will run a VPN
concentrator software and your clients will be forced to use IPSEC to
connect to it. They will also not be allowed to connect to anything else.
NetworkManager is now starting to support VPN clients, although I
haven't tried that yet.
I haven't yet tried NetworkManager. I hear good things about it, but
last I looked into it, it had some problems, especially when roaming
bwetween different wired networks and wireless networks. But, I'll
probably look into it again, especially if it doesn't require any
gnome/kde desktop integration. I still can't stand those.
-Kelsey
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
