Date: Fri, 30 Jun 2006 10:48:27 +0200 From: Erik Norgaard <norgaard@locolomo.org> To: questions@FreeBSD.org Subject: wifi: Combining open non-encrypted AP and EAP-TLS in one Message-ID: <44A4E55B.3020908@locolomo.org>
next in thread | raw e-mail | index | archive | help
Hi: I have got the idea that I want to set up a hostap on my FBSD box. My idea is that I want to allow strangers to associate and get their network configuration via dhcp. Any attempt to access the Internet will then be redirected to a web page explaining that they have to register first. Once registered, the AP should support (or rather require) EAP-TLS and allow access to the Internet. I know, this sounds very much like VPN. Indeed it is, (and I might fall back on this). But the difference is that it is bound to a particular wireless network. Users may connect to other networks where all this is not required. So for usability I think it is easier if the wifi controller takes care of connecting with the correct certificate. So, my first question: Is it possible to configure a Wireless NIC in hostap mode to support both non-encrypted open association as well as EAP-TLS (or some other type of encryption/authentication scheme)? Secondly, is it possible to make the firewall (on the the hostap box) aware of whether a client uses security and only allow access if the wireless connection is encrypted? I use packet filter, and this is somewhat like authpf w. ssh that can invoke rules, or it could be solved with the traditional VPN. But I would like to use the EAP-TLS scheme. Thanks, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44A4E55B.3020908>