> I would like to produce a topology/solution which requires > minimal hotspot equipment (e.g. AP, bband router/gateway) > and uses a web interface to pass registration/login (also bank) > details to the RADIUS server
You could use a Linux workstation or even a small single board computer as the router/gateway. If you are not going to encrypt user data, then you should not even need too much processing power! > (using SQL & SMTP). ?? You mean the Radius server looks up the username/password in a SQL database? What do you need SMTP for? > One problem I have is that RADIUS communicates with NAS/RAS, > although this is too costly to implement per hotspot, can SSL > be used to get the information to a combined NAS/RAS & RADIUS > central location securely across the Internet? you can use IPSec between the gateway and the Radius server to secure the connection and protect the user credentials. Check out: FreeSwan (http://www.freeswan.org/) AFAIK SSL needs ordered, reliable, connection-oriented type of transport (TCP, not UDP). You could perhaps write your own little conversion layer to transport the contents of the UDP Radius packets to and from the Radius server as part of a SSL/TLS connection. Note that since Radius uses the source IP and source port, you'll have to either spoof those, map those to loopback addresses, or perhaps modify your Radius server code. The IPSec solution might be easier. > And how are all other IPs except the registration/login > pages blocked until authentication has been verified? iptables will do that. You can redirect requests from unauthenticated clients. Checkout the scripts provided with NoCat (http://nocat.net/). Actually that software will be a very good reference for you to try out and get started with all this! -Puneet _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
