Solved

Would this setup for a WISP work?

Posted on 2007-11-29
3
904 Views
Last Modified: 2013-12-15
I intend to set up a small Wireless Internet Provider (for about 30 people). I was thinking of using a sort of VPN for authentication. Would this work:

- Server with 2 network cards. One of them connected to the Internet link, the other to an access point that's in bridge mode. Maybe some security in the AP in the form of MAC address-locking.
- VPN (PPTPD) on the server.

On the client:
- AP set to AP client mode capable of authenticating through PPTP.

I think this would provide me with user/pass authentication (which is something I want), and some security. If someone want's to hack it, at least they'd have to bypass the MAC and PPTP security, which is better than nothing.

Or am I totally wrong?

Regards,

TJ
0
Comment
Question by:tjbraza
3 Comments
 
LVL 14

Assisted Solution

by:arrkerr1024
arrkerr1024 earned 200 total points
Comment Utility
Are the 30 people the same every time?  In other words, is it a fixed pool of people, and you can register their machines or mac addresses ahead of time?

Maybe WPA-Enterprise is something you should look at - it is supported by most APs and most OSs and you can do anything from windows authentication to a radius server to shared key authentication.

The VPN should work as well, but I'd go for WPA/WPA2-Enterprise.
0
 

Author Comment

by:tjbraza
Comment Utility
Yes, they are the same 30 people always. Their MAC address is known beforehand because the client AP is provided by me.
0
 
LVL 2

Accepted Solution

by:
hattmardy earned 300 total points
Comment Utility
Yes what you're doing can work. A lot of people do it with PPTP, or even PPPoE. You can find CPE equipment that use those protocols:
http://www.deliberant.com/estore/web/pc-1167-7-dlb2112-80211bg-12dbi-integrated-radio.aspx

You can set this in WISP mode with the WAN type as PPPoE. This particular model supports both PPPoE and PPtP.

This is much better than MAC authentication only because it is very easy to spoof MAC addresses, so it's not very secure.

And as arrkerr1024 said, WPA2-enterprise is also a good solution.

-Matt
<a href="www.matthardy.info">Matt Hardy</a>
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Issue to mail 11 36
Automating a script for user accounts LINUX 14 39
My bash alias isn't executing 5 31
Cisco Air AP 6 26
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now