[MLB-WIRELESS] PPTP via 802.11

Dan Flett conhoolio at hotmail.com
Mon Aug 16 12:55:29 EST 2004

Hi All,

> I'm just playing with the same thing, but using windows boxes. I came
> across OpenVPN which seems to work well, and is easy enough to setup,
> though haven't got the routing quite figured out yet (XP pro doesnt
> the nicest routers, but it was handy)
> http://openvpn.sourceforge.net/

I've been using OpenVPN for a while now - I use it across the Internet
and across the Melbourne Wireless network (well at wherever there's a
node that's connected to my node).  I found it a bit of a pain to set up
for Linux, but that may be my lack of compilation experience at the
time.  It's available as a package now.

> Rowan Crowe wrote:
> >Using an "... over ..." solution also means that I can set things up
> >allow an unencrypted backdoor for people who stumble across the AP.
> >example, any direct IP access on port 80 brings up a web page with
> >information on how to configure PPTP settings.
> >Any experiences or suggestions are appreciated...

On my Melbourne Wireless node I redirect port 80 for anyone who stumbles
across it.  It works as follows:

* My Node PC runs DHCP: to recognised MAC addresses it gives specific
unique IP addresses, to unrecognised MAC addresses it gives addresses
from a different range.

* My Node PC also runs DNS (TinyDNS/DJBDNS): It is connected via my
internal network to my Internet Router PC and is a caching DNS server.
So anyone connected to my node can resolve Internet domain names to
Internet IP addresses, as well as Melbourne wireless domain names and

* My firewall (Shorewall) redirects any port 80 requests from any
clients who have IP addresses in my DHCP 'unrecognised MAC' range to
port 8081 on the router.

* I have an Apache 'Virtual Host' webserver running on port 8081 which
first brings up a brief "you are being redirected" page.  This page
redirects client's browsers to a "Welcome To My Node" page which
explains what's going on, and what Melbourne Wireless is all about.  I
have also configured an Apache 404 error page that redirects clients to
the Welcome page.

* My firewall does not redirect any port 80 requests to IP addresses in
the range, so my visitors are free to browse my Node's
website and the websites of other nodes on the network.

On a node not connected to the Internet you could set up a name-serving
DNS server that simply directs all Internet Top-Level Domains to the IP
address of your node.

Another simpler way to achieve this is to use a "Captive Portal"
application such as NoCatAuth (http://nocat.net/) which uses it's own
authentication system or ChilliSpot (http://www.chillispot.org/) which
relies on a RADIUS authentication server.  I'm not sure how these
programs do what they do, but you probably don't need to run a DNS
server to make them work.



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list