From owner-freebsd-net Mon Mar 24 15:20:58 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 734BE37B401 for ; Mon, 24 Mar 2003 15:20:53 -0800 (PST) Received: from fubar.adept.org (fubar.adept.org [63.147.172.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0DA043F85 for ; Mon, 24 Mar 2003 15:20:52 -0800 (PST) (envelope-from mike@adept.org) Received: by fubar.adept.org (Postfix, from userid 1001) id C4E2115227; Mon, 24 Mar 2003 15:20:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by fubar.adept.org (Postfix) with ESMTP id C249715226 for ; Mon, 24 Mar 2003 15:20:15 -0800 (PST) Date: Mon, 24 Mar 2003 15:20:15 -0800 (PST) From: Mike Hoskins To: net@freebsd.org Subject: Re: AirportExtreme with FreeBSD HostAP In-Reply-To: <000001c2f197$0bfa8b80$cd00a8c0@grievous> Message-ID: <20030324150614.P15938-100000@fubar.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-19.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org (I removed the -questions CC, looks like this is moving to -net...) On Sun, 23 Mar 2003, Aaron Daubman wrote: > >From my experiences, I cannot get my PowerBook to connect to my FreeBSD > 4-Stable (built 2 nights ago) HostAP, WinXP clients work fine. I've only had experience with a couple APs in infastructure mode... However, I've seen this issue in the past. Actually, at the time, it was a XP client having the problem... So maybe it is just some config detail? > The PowerBook returns invalid password (128bit wep Key entered in Hex) > supplied. Of course you've re-checked for typos. Aren't 26-character hex keys fun? > Has anybody had experience getting an AirportExtreme client to work with a > FreeBSD HostAP? Any Pointers? (Must I disable WEP (as useless as it may > be...)?) At least with WEP you obscure the data for some reasonable amount of time. You can change the keys regularly to mitigate playback, and some APs and NICs have this built in. Granted, you don't verify or control connection attempts with WEP alone, but you do obtain some benefit. MAC filtering and the like in conjunction with WEP can provide reasonable security. IOW, I wouldn't jump to just turning WEP off unless you have no other alternative and know anything intended for transmission across the network in question is "cleartext-able"(sm). I actually just use a dumb 802.11b (Netgear) AP in infrastructure mode at home now. It dangles off a "DMZ" interface on my FreeBSD firewall. That interface only has Squid and dhcpd bound to it. DHCP listens for requests and only assigns IPs to MACs I know about. Transparent redirection forces all web traffic to Squid, and Squid won't allow any access except from the manually-keyed IPs in dhcpd.conf. Pretty secure, and no "client" or driver issues. I've got 2k, XP, OS 9 and X clients. (House full of geeks.) I know that's not much help, but do you have to use HostAP? :) -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message