Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Dylan Oliver
I've got high hopes for this WPA2/802.1x CPE:
http://www.peplink.com/productsLoader.php?productName=surf. I've had no
responses to my inquiries on availability, however. Anyone know
something about this?

Otherwise, I'd suggest selling support for OpenVPN as a value-added service.
Best,-- Dylan OliverPrimaverity, LLC
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Mac Dearman


 Its called VPN  Its the most simple thing you can do to provide 
absolute security with the lowest overhead. If security is your issue - 
- its about the only way to really protect data transfer. IMHO


Mac Dearman
Maximum Access, LLC.
www.inetsouth.com
www.radioresponse.org (Katrina relief efforts)
318-728-8600 - Rayville
318-728-9600
318-376-2562 - cell




Jason wrote:


List,

   I am on the precipice, ready to take the plunge and become a WISP 
(After 1 year of zoning, permits, 16 hr days, etc), but one thing 
still bothers me.  I haven't decided how to authenticate clients to my 
network and REALLY protect their data.  The CPE's I will use, 
rootenna/Senao2611 combos, do only WEP, which only obfuscates data 
nowadays. MAC addresses can be cloned.  Proxy login via a browser is 
obnoxious for the end user.  Ditto PPPoE  VPN logins.  There is just 
no elegant, KISS solution.  I was looking at PPPoE or PPTP 
(poptop/linux) with Radius as my system, since this would accomplish 
it, but seems like so much trouble and overhead.  PPTP is not Mac 
friendly, PPPoE requires clients (gasp) or a router (gack!) and the 
PPPoE server shipping with Linux is meant for testing purposes only - 
man.  I want an Always On (apparently) system for my clients that 
just works.


How do you other (small) WISPs do this?

   Tangent: How do you Senao 2611 users keep Netbios  windows network 
neighborhood data off the wireless network.  I was told to add a SOHO 
router to the mix, but don't want to invest in more equipment to 
maintain.


Jason Wallace


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Dylan Oliver
Mac - what type of VPN do you use?
Best,-- Dylan OliverPrimaverity, LLC
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Butch Evans

On Fri, 2 Dec 2005, Jason wrote:


How do you other (small) WISPs do this?


You can use something like this:
http://tinyurl.com/duy7z

This radio supports PPPoE.  This would allow you to set your 
client's computer up for DHCP, and you still have PPPoE 
authentication to the network.  There are other manufacturers who 
make a similar radio, though I don't know for sure who to send you 
to.  I have had NO issues with this radio.


--
Butch Evans
BPS Networks  http://www.bpsnetworks.com/
Bernie, MO
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Jason

Mac,
   The PPTP I mentioned is, according to my understanding, the main VPN 
protocol out there.  The reasons I want to avoid it are that the 
connection has to be initiated through an icon click and the client 
software for Macintosh is 58$.


Mostly, I am looking to authenticate the users...

Jason

Mac Dearman wrote:



 Its called VPN  Its the most simple thing you can do to provide 
absolute security with the lowest overhead. If security is your issue 
- - its about the only way to really protect data transfer. IMHO


Mac Dearman
Maximum Access, LLC.
www.inetsouth.com
www.radioresponse.org (Katrina relief efforts)
318-728-8600 - Rayville
318-728-9600
318-376-2562 - cell




Jason wrote:


List,

   I am on the precipice, ready to take the plunge and become a WISP 
(After 1 year of zoning, permits, 16 hr days, etc), but one thing 
still bothers me.  I haven't decided how to authenticate clients to 
my network and REALLY protect their data.  The CPE's I will use, 
rootenna/Senao2611 combos, do only WEP, which only obfuscates data 
nowadays. MAC addresses can be cloned.  Proxy login via a browser is 
obnoxious for the end user.  Ditto PPPoE  VPN logins.  There is just 
no elegant, KISS solution.  I was looking at PPPoE or PPTP 
(poptop/linux) with Radius as my system, since this would accomplish 
it, but seems like so much trouble and overhead.  PPTP is not Mac 
friendly, PPPoE requires clients (gasp) or a router (gack!) and the 
PPPoE server shipping with Linux is meant for testing purposes only 
- man.  I want an Always On (apparently) system for my clients that 
just works.


How do you other (small) WISPs do this?

   Tangent: How do you Senao 2611 users keep Netbios  windows 
network neighborhood data off the wireless network.  I was told to 
add a SOHO router to the mix, but don't want to invest in more 
equipment to maintain.


Jason Wallace




--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Mac Dearman
When I first started I used a YDI BCU and still have 2 of them and a 
Brilan BCU. It authenticates via MAC addy and when I tell you it will 
absolutely shut down a non paying sub - - believe me it will! It has 
been my main most method of authentication for the last 4 years. I am 
moving over to a MAC/IP via radius here pretty quick as I may have 
some subs that have a marginal signal and PPPoE demands a crystal clear 
and glimmering network connection to avoid trouble for a sub to sign on 
from what I have gathered over the years.


  Butche is the PPPoE/MT king - - he can chime in here and straighten 
all of us out on everything from wireless wife trouble to the 2nd 
Advent!! :-) 


Mac Dearman
Maximum Access, LLC.
www.inetsouth.com
www.radioresponse.org (Katrina relief efforts)
318-728-8600 - Rayville
318-728-9600
318-376-2562 - cell




Jason wrote:


Mac,
   The PPTP I mentioned is, according to my understanding, the main 
VPN protocol out there.  The reasons I want to avoid it are that the 
connection has to be initiated through an icon click and the client 
software for Macintosh is 58$.


Mostly, I am looking to authenticate the users...

Jason

Mac Dearman wrote:



 Its called VPN  Its the most simple thing you can do to provide 
absolute security with the lowest overhead. If security is your issue 
- - its about the only way to really protect data transfer. IMHO


Mac Dearman
Maximum Access, LLC.
www.inetsouth.com
www.radioresponse.org (Katrina relief efforts)
318-728-8600 - Rayville
318-728-9600
318-376-2562 - cell




Jason wrote:


List,

   I am on the precipice, ready to take the plunge and become a WISP 
(After 1 year of zoning, permits, 16 hr days, etc), but one thing 
still bothers me.  I haven't decided how to authenticate clients to 
my network and REALLY protect their data.  The CPE's I will use, 
rootenna/Senao2611 combos, do only WEP, which only obfuscates data 
nowadays. MAC addresses can be cloned.  Proxy login via a browser is 
obnoxious for the end user.  Ditto PPPoE  VPN logins.  There is 
just no elegant, KISS solution.  I was looking at PPPoE or PPTP 
(poptop/linux) with Radius as my system, since this would accomplish 
it, but seems like so much trouble and overhead.  PPTP is not Mac 
friendly, PPPoE requires clients (gasp) or a router (gack!) and the 
PPPoE server shipping with Linux is meant for testing purposes only 
- man.  I want an Always On (apparently) system for my clients that 
just works.


How do you other (small) WISPs do this?

   Tangent: How do you Senao 2611 users keep Netbios  windows 
network neighborhood data off the wireless network.  I was told to 
add a SOHO router to the mix, but don't want to invest in more 
equipment to maintain.


Jason Wallace





--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] How to Authenticate/Protect (Was Ethernet based authentication)

2005-12-02 Thread Butch Evans

On Fri, 2 Dec 2005, Mac Dearman wrote:

When I first started I used a YDI BCU and still have 2 of them and 
a Brilan BCU. It authenticates via MAC addy and when I tell you it 
will absolutely shut down a non paying sub - - believe me it will!


The trouble with this is that you will require one of these devices 
on each segment of the network.  If you bridge your entire network 
(NOT a good idea), you can use just one.  They do work well, 
however.  Even better than these (my opinion) would be a Mikrotik 
router configured as a hotspot using MAC authentication.  Using the 
Mikrotik, you could put one on every segment to handle the routing 
as well as hotspot on each segment.  Instead of MAC auth, you can do 
PPPoE to the MT at each segment and this would bypass the hotspot. 
Just some ideas.  I already mentioned how to get around the need for 
a client on the computer.


I may have some subs that have a marginal signal and PPPoE 
demands a crystal clear and glimmering network connection to avoid 
trouble for a sub to sign on from what I have gathered over the 
years.


This is only partly true.   Of course, PPPoE will PREFER a 
connection without dropped packets, but it will function with as 
high as 5-10% with some clients.



Butche is the PPPoE/MT king - - he can chime in here and straighten


Aw, SHUCKS!  :-)

all of us out on everything from wireless wife trouble to the 2nd 
Advent!! :-)


Now for the wireless wife thing...well, maybe another time.  :-)

--
Butch Evans
BPS Networks  http://www.bpsnetworks.com/
Bernie, MO
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/