Re: [WISPA] How to Authenticate/Protect(Was Ethernet based authentication)
Mac, I'm surprised you haven't been able to get funds from the governements to help keep the network going this far along in the game. I recognized that the first two months was gonna have to be donated, but with the network up, I'd think government would kick in at this point to help keep it going. Expecially with Mayors (New Orelans) boasting about their own networks they are building. What steps have you tried to get formal assistance from the governements (local,state, or federal) apposed to just donations? I'm sure this is an issue of time more than anything, (paperwork and grant writing sucks :-( ), but was courious what you've tried so far. As much as I respect what you have done to make all this happen in a time of need, without asking what you'd get in return, sooner or later this project is going to have to get funded to keep it going. Tom DeReggi RapidDSL & Wireless, Inc IntAirNet- Fixed Wireless Broadband - Original Message - From: "Mac Dearman" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Saturday, December 03, 2005 12:09 AM Subject: Re: [WISPA] How to Authenticate/Protect(Was Ethernet based authentication) When I first started I used a YDI BCU and still have 2 of them and a Brilan BCU. It authenticates via MAC addy and when I tell you it will absolutely shut down a non paying sub - - believe me it will! It has been my main most method of authentication for the last 4 years. I am moving over to a MAC/IP via radius here pretty quick as I "may" have some subs that have a marginal signal and PPPoE demands a crystal clear and glimmering network connection to avoid trouble for a sub to sign on from what I have gathered over the years. Butche is the PPPoE/MT king - - he can chime in here and straighten all of us out on everything from wireless wife trouble to the 2nd Advent!! :-) Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: Mac, The PPTP I mentioned is, according to my understanding, the main VPN protocol out there. The reasons I want to avoid it are that the connection has to be initiated through an icon click and the client software for Macintosh is 58$. Mostly, I am looking to authenticate the users... Jason Mac Dearman wrote: Its called "VPN" Its the most simple thing you can do to provide absolute security with the lowest overhead. If security is your issue - - its about the only way to really protect data transfer. IMHO Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: List, I am on the precipice, ready to take the plunge and become a WISP (After 1 year of zoning, permits, 16 hr days, etc), but one thing still bothers me. I haven't decided how to authenticate clients to my network and REALLY protect their data. The CPE's I will use, rootenna/Senao2611 combos, do only WEP, which only obfuscates data nowadays. MAC addresses can be cloned. Proxy login via a browser is obnoxious for the end user. Ditto PPPoE & VPN logins. There is just no elegant, KISS solution. I was looking at PPPoE or PPTP (poptop/linux) with Radius as my system, since this would accomplish it, but seems like so much trouble and overhead. PPTP is not Mac friendly, PPPoE requires clients (gasp) or a router (gack!) and the PPPoE server shipping with Linux is meant "for testing purposes only - man". I want an Always On (apparently) system for my clients that just works. How do you other (small) WISPs do this? Tangent: How do you Senao 2611 users keep Netbios & windows network neighborhood data off the wireless network. I was told to add a SOHO router to the mix, but don't want to invest in more equipment to maintain. Jason Wallace -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.10/190 - Release Date: 12/1/2005 -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
Anyone using the Peplink units? On 12/2/05, Dylan Oliver <[EMAIL PROTECTED]> wrote: > I've got high hopes for this WPA2/802.1x CPE: > http://www.peplink.com/productsLoader.php?productName=surf. > I've had no responses to my inquiries on availability, however. Anyone know > something about this? > > Otherwise, I'd suggest selling support for OpenVPN as a value-added service. > > Best, > -- > Dylan Oliver > Primaverity, LLC > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > -- -RickG -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
On Fri, 2 Dec 2005, Mac Dearman wrote: When I first started I used a YDI BCU and still have 2 of them and a Brilan BCU. It authenticates via MAC addy and when I tell you it will absolutely shut down a non paying sub - - believe me it will! The trouble with this is that you will require one of these devices on each segment of the network. If you bridge your entire network (NOT a good idea), you can use just one. They do work well, however. Even better than these (my opinion) would be a Mikrotik router configured as a hotspot using MAC authentication. Using the Mikrotik, you could put one on every segment to handle the routing as well as hotspot on each segment. Instead of MAC auth, you can do PPPoE to the MT at each segment and this would bypass the hotspot. Just some ideas. I already mentioned how to get around the need for a client on the computer. I "may" have some subs that have a marginal signal and PPPoE demands a crystal clear and glimmering network connection to avoid trouble for a sub to sign on from what I have gathered over the years. This is only partly true. Of course, PPPoE will PREFER a connection without dropped packets, but it will function with as high as 5-10% with some clients. Butche is the PPPoE/MT king - - he can chime in here and straighten Aw, SHUCKS! :-) all of us out on everything from wireless wife trouble to the 2nd Advent!! :-) Now for the wireless wife thing...well, maybe another time. :-) -- Butch Evans BPS Networks http://www.bpsnetworks.com/ Bernie, MO Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
When I first started I used a YDI BCU and still have 2 of them and a Brilan BCU. It authenticates via MAC addy and when I tell you it will absolutely shut down a non paying sub - - believe me it will! It has been my main most method of authentication for the last 4 years. I am moving over to a MAC/IP via radius here pretty quick as I "may" have some subs that have a marginal signal and PPPoE demands a crystal clear and glimmering network connection to avoid trouble for a sub to sign on from what I have gathered over the years. Butche is the PPPoE/MT king - - he can chime in here and straighten all of us out on everything from wireless wife trouble to the 2nd Advent!! :-) Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: Mac, The PPTP I mentioned is, according to my understanding, the main VPN protocol out there. The reasons I want to avoid it are that the connection has to be initiated through an icon click and the client software for Macintosh is 58$. Mostly, I am looking to authenticate the users... Jason Mac Dearman wrote: Its called "VPN" Its the most simple thing you can do to provide absolute security with the lowest overhead. If security is your issue - - its about the only way to really protect data transfer. IMHO Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: List, I am on the precipice, ready to take the plunge and become a WISP (After 1 year of zoning, permits, 16 hr days, etc), but one thing still bothers me. I haven't decided how to authenticate clients to my network and REALLY protect their data. The CPE's I will use, rootenna/Senao2611 combos, do only WEP, which only obfuscates data nowadays. MAC addresses can be cloned. Proxy login via a browser is obnoxious for the end user. Ditto PPPoE & VPN logins. There is just no elegant, KISS solution. I was looking at PPPoE or PPTP (poptop/linux) with Radius as my system, since this would accomplish it, but seems like so much trouble and overhead. PPTP is not Mac friendly, PPPoE requires clients (gasp) or a router (gack!) and the PPPoE server shipping with Linux is meant "for testing purposes only - man". I want an Always On (apparently) system for my clients that just works. How do you other (small) WISPs do this? Tangent: How do you Senao 2611 users keep Netbios & windows network neighborhood data off the wireless network. I was told to add a SOHO router to the mix, but don't want to invest in more equipment to maintain. Jason Wallace -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
Mac, The PPTP I mentioned is, according to my understanding, the main VPN protocol out there. The reasons I want to avoid it are that the connection has to be initiated through an icon click and the client software for Macintosh is 58$. Mostly, I am looking to authenticate the users... Jason Mac Dearman wrote: Its called "VPN" Its the most simple thing you can do to provide absolute security with the lowest overhead. If security is your issue - - its about the only way to really protect data transfer. IMHO Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: List, I am on the precipice, ready to take the plunge and become a WISP (After 1 year of zoning, permits, 16 hr days, etc), but one thing still bothers me. I haven't decided how to authenticate clients to my network and REALLY protect their data. The CPE's I will use, rootenna/Senao2611 combos, do only WEP, which only obfuscates data nowadays. MAC addresses can be cloned. Proxy login via a browser is obnoxious for the end user. Ditto PPPoE & VPN logins. There is just no elegant, KISS solution. I was looking at PPPoE or PPTP (poptop/linux) with Radius as my system, since this would accomplish it, but seems like so much trouble and overhead. PPTP is not Mac friendly, PPPoE requires clients (gasp) or a router (gack!) and the PPPoE server shipping with Linux is meant "for testing purposes only - man". I want an Always On (apparently) system for my clients that just works. How do you other (small) WISPs do this? Tangent: How do you Senao 2611 users keep Netbios & windows network neighborhood data off the wireless network. I was told to add a SOHO router to the mix, but don't want to invest in more equipment to maintain. Jason Wallace -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
On Fri, 2 Dec 2005, Jason wrote: How do you other (small) WISPs do this? You can use something like this: http://tinyurl.com/duy7z This radio supports PPPoE. This would allow you to set your client's computer up for DHCP, and you still have PPPoE authentication to the network. There are other manufacturers who make a similar radio, though I don't know for sure who to send you to. I have had NO issues with this radio. -- Butch Evans BPS Networks http://www.bpsnetworks.com/ Bernie, MO Mikrotik Certified Consultant (http://www.mikrotik.com/consultants.html) -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
Mac - what type of VPN do you use? Best,-- Dylan OliverPrimaverity, LLC -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
Its called "VPN" Its the most simple thing you can do to provide absolute security with the lowest overhead. If security is your issue - - its about the only way to really protect data transfer. IMHO Mac Dearman Maximum Access, LLC. www.inetsouth.com www.radioresponse.org (Katrina relief efforts) 318-728-8600 - Rayville 318-728-9600 318-376-2562 - cell Jason wrote: List, I am on the precipice, ready to take the plunge and become a WISP (After 1 year of zoning, permits, 16 hr days, etc), but one thing still bothers me. I haven't decided how to authenticate clients to my network and REALLY protect their data. The CPE's I will use, rootenna/Senao2611 combos, do only WEP, which only obfuscates data nowadays. MAC addresses can be cloned. Proxy login via a browser is obnoxious for the end user. Ditto PPPoE & VPN logins. There is just no elegant, KISS solution. I was looking at PPPoE or PPTP (poptop/linux) with Radius as my system, since this would accomplish it, but seems like so much trouble and overhead. PPTP is not Mac friendly, PPPoE requires clients (gasp) or a router (gack!) and the PPPoE server shipping with Linux is meant "for testing purposes only - man". I want an Always On (apparently) system for my clients that just works. How do you other (small) WISPs do this? Tangent: How do you Senao 2611 users keep Netbios & windows network neighborhood data off the wireless network. I was told to add a SOHO router to the mix, but don't want to invest in more equipment to maintain. Jason Wallace -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)
I've got high hopes for this WPA2/802.1x CPE: http://www.peplink.com/productsLoader.php?productName=surf. I've had no responses to my inquiries on availability, however. Anyone know something about this? Otherwise, I'd suggest selling support for OpenVPN as a value-added service. Best,-- Dylan OliverPrimaverity, LLC -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/