[MLB-WIRELESS] PPTP via 802.11
Dan Flett
conhoolio at hotmail.com
Mon Aug 16 12:55:29 EST 2004
Hi All,
> I'm just playing with the same thing, but using windows boxes. I came
> across OpenVPN which seems to work well, and is easy enough to setup,
> though haven't got the routing quite figured out yet (XP pro doesnt
make
> the nicest routers, but it was handy)
>
> http://openvpn.sourceforge.net/
I've been using OpenVPN for a while now - I use it across the Internet
and across the Melbourne Wireless network (well at wherever there's a
node that's connected to my node). I found it a bit of a pain to set up
for Linux, but that may be my lack of compilation experience at the
time. It's available as a package now.
> Rowan Crowe wrote:
> >Using an "... over ..." solution also means that I can set things up
to
> >allow an unencrypted backdoor for people who stumble across the AP.
For
> >example, any direct IP access on port 80 brings up a web page with
> >information on how to configure PPTP settings.
> >Any experiences or suggestions are appreciated...
On my Melbourne Wireless node I redirect port 80 for anyone who stumbles
across it. It works as follows:
* My Node PC runs DHCP: to recognised MAC addresses it gives specific
unique IP addresses, to unrecognised MAC addresses it gives addresses
from a different range.
* My Node PC also runs DNS (TinyDNS/DJBDNS): It is connected via my
internal network to my Internet Router PC and is a caching DNS server.
So anyone connected to my node can resolve Internet domain names to
Internet IP addresses, as well as Melbourne wireless domain names and
IPs.
* My firewall (Shorewall) redirects any port 80 requests from any
clients who have IP addresses in my DHCP 'unrecognised MAC' range to
port 8081 on the router.
* I have an Apache 'Virtual Host' webserver running on port 8081 which
first brings up a brief "you are being redirected" page. This page
redirects client's browsers to a "Welcome To My Node" page which
explains what's going on, and what Melbourne Wireless is all about. I
have also configured an Apache 404 error page that redirects clients to
the Welcome page.
* My firewall does not redirect any port 80 requests to IP addresses in
the 10.10.0.0/16 range, so my visitors are free to browse my Node's
website and the websites of other nodes on the network.
On a node not connected to the Internet you could set up a name-serving
DNS server that simply directs all Internet Top-Level Domains to the IP
address of your node.
Another simpler way to achieve this is to use a "Captive Portal"
application such as NoCatAuth (http://nocat.net/) which uses it's own
authentication system or ChilliSpot (http://www.chillispot.org/) which
relies on a RADIUS authentication server. I'm not sure how these
programs do what they do, but you probably don't need to run a DNS
server to make them work.
Cheers,
Dan
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list