From owner-freebsd-current@FreeBSD.ORG  Tue May 25 10:00:16 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A568116A4CF
	for <freebsd-current@freebsd.org>;
	Tue, 25 May 2004 10:00:16 -0700 (PDT)
Received: from ebb.errno.com (ebb.errno.com [66.127.85.87])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7276F43D4C
	for <freebsd-current@freebsd.org>;
	Tue, 25 May 2004 10:00:16 -0700 (PDT)	(envelope-from sam@errno.com)
Received: from [66.127.85.91] ([66.127.85.91])
	(authenticated bits=0)
	by ebb.errno.com (8.12.9/8.12.6) with ESMTP id i4PH00WR095538
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Tue, 25 May 2004 10:00:01 -0700 (PDT)
	(envelope-from sam@errno.com)
From: Sam Leffler <sam@errno.com>
Organization: Errno Consulting
To: freebsd-current@freebsd.org
Date: Tue, 25 May 2004 09:56:59 -0700
User-Agent: KMail/1.6.1
References: <1144707194.20040524195834@sendmail.ru>
	<20040525003535.GB91089@jade.elsasser.org>
	<1085464712.319.18.camel@klotz.local>
In-Reply-To: <1085464712.319.18.camel@klotz.local>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200405250956.59927.sam@errno.com>
cc: Toxa <postfix@sendmail.ru>
cc: Martin <nakal@web.de>
Subject: Re: wi(4) and shared authmode
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2004 17:00:16 -0000

On Monday 24 May 2004 10:58 pm, Martin wrote:
> Am Tue, den 25.05.2004 schrieb Josh Elsasser um 2:35:
> > You could always use IPSEC.  It's a bit more work to get up and
> > running, but you can rest easy knowing you have actual security.
>
> Yes, but many people don't even want that someone can connect
> to their AP. They try to setup authmode or at least WEP.
> I've turned on WEP and IPsec here, because of samba.
> It broadcasts itself and it's not getting tunneled this way.
> Has anyone a solution to this? (I mean: getting the
> broadcast encrypted, not splitting the networks)

WPA/802.11i encrypts all non-PAE traffic.  It's also easy to add an option to 
discard all unencrypted traffic.  This is necessary for supporting WPA anyway 
(except for PAE traffic used for the initial key exchange msgs).

	Sam