authpf and a decent ruleset.
use a central box and tunnel it back.
redirect all unauthenticated http traffic to a website showing
them what to do to get authenticted.
see http://www.ualberta.ca/CNS/wireless/ for a description of what
we use here.
* Johan P. Lindstrvm <[EMAIL PROTECTED]> [2005-07-16 10:48]:
> Thanks for all the replies, I see now that I should explain myself further.
> The scenario I am thinking of is when you run a public WiFi access point at
> let's say a campus with many new visitors from different organisations and
> you don't want to start messing around with WAP, WEP, IPSec, PPP or L2TP,
> having staff/manuals to help visitors setting up tunnels on their Windows XP
> / 2000 laptops is just not feasible. I am after a zero configuration
> solution for just the HTTP traffic, and if the sites browsed does not
> support https then there is little I can do on my end.
>
>
> On 7/15/05, Nick Holland <[EMAIL PROTECTED]> wrote:
> >
> > On Fri, Jul 15, 2005 at 06:03:01PM +0200, Johan P. Lindstrvm wrote:
> > ...
> > > I'm not too familiar with the inner workings of the needed technologies
> > > (sometimes a pro, often a con) but what if one would use a https proxy,
> > like
> > > say squid with SSL/TLS support, to obfuscate the http traffic leaving
> > your
> > > laptop over the WiFi LAN to your local OpenBSD box that runs the proxy,
> > that
> > > would then with some magic serve you the pages. So that http traffic
> > could
> > > not be intercepted on the open WiFi network.
> > ...
> >
> > Before you worry about this too much...
> >
> > IF you are worried about people packet sniffing your wireless
> > connection, you should probably be running some kind of encryption on
> > the traffic already, wireless or not. What's the point of encrypting
> > from your laptop to the firewall, if it is then sent plain-text to the
> > remote end over the common cable that many of your neighbors are also
> > attached to.
> >
> > By this point in time, any communications over the internet which should
> > not be sniffed should be encrypted end-to-end.
> >
> > That was a specific answer to a specific question.
> > the above reply is not meant to imply wireless security issues "don't
> > matter". IF the question is, "How do I keep people out of my wireless
> > network", or "how do I keep them from sniffing internal traffic in my
> > network", my answer would be very different...but that wasn't the
> > question.
> >
> > Nick.
>
--
Bob Beck Computing and Network Services
[EMAIL PROTECTED] University of Alberta
True Evil hides its real intentions in its street address.
