From: [EMAIL PROTECTED] > Although a VPN is a possibility, I'm thinking more along the > lines of > a wireless hotspot than an extended network. I want to make it as > plain and simple as possible for punters to walk in off the street > and get internet access. No client downloads, no convoluted key > setup process, just walk in, put the password in and go. I kind of > want an excuse for this: > > http://www.flickr.com/photos/[EMAIL PROTECTED]/146733948/in/ > set-72057594135255982/ > > I may have to settle for some token protection method, such as WPA, > purely for the purposes of simplicity. Alternatively use a separate > AP that supports WPA2 and a bunch of other protocols, and not bother > trying to do it all in OpenBSD. Terms and conditions apply, your > data is never totally secure, etc, etc. Shame really, one box would > be better than two.
Most hotspots don't provide any sort of confidentiality (in my experience), so you could go for a traditional hotspot using a captive portal gateway to just authenticate access. But you said you want confidentiality, right? So you are going to have to look at WEP (weak but easy), WPA (strong and equally as easy with PSK), openvpn or ipsec (requires a client but strong), or similar. Recent FreeBSD has WPA(2?) support or you could pick up a $50 WAP to provide it too. Don't know if there's anything with good security and good ease-of-client-setup outside of that... DS
