21 March 2009

Internet ACCOUNTS over wireless

Here’s a little puzzle which hopefully falls within your specialty.

I may need to set up a system so that wireless users can clock on using what amounts to an Internet account. The idea is that the wireless itself will use standard routers (WAPs) talking WPA2, the clients will then “connect” through the wireless to a server, which then transproxies, records traffic, maybe rate-limits when talking to the main link.

The idea which first floated to mind was using PPPoE, but the RP-PPPoE service only speaks of using an Ethernet interface without an IP address, which seems incompatible with that idea.

PPTP (PopTop) has also been suggested, but that requires kernel patches rather than standard software, & can apparently be broken.

A major utility factor is minimal setup on Windows-XP or -Vista clients, hopefully also Mac & others. Local security (encryption) is also good, but not critical.

Ideally, a laptop is powered up, finds the wireless, is given a WPA2 key, clocks onto the wireless LAN, finds the connection service, is given a username & password, done (except maybe manually setting a proxy if they want to use HTTPS).

Hyperlinks to documentation of working systems are an excellent response, but whatever you know may be useful. (-:

Said server will also be running DNS, maybe fetching DHCP info from the WAPs, running a small intranet... this stuff, we can handle.


Stephen Thorne said...

PPTP hasn't required kernel patches for doing MPPE crypto since '05. It's all core kernel now.

Only need to install the pptp network manager packages and then everything is point and click

Leon RJ Brooks said...

Thanks, Mr Thorne... how does PPTP go for actual security these days?

The packages I have to hand are pptp-linux-1.7.2 & pptpd-server-1.3.0 (PoPToP, docs only mention 9x/NT/2000 but presumably XP/Vista is also fine...?).