Solved

Would this setup for a WISP work?

Posted on 2007-11-29
3
912 Views
Last Modified: 2013-12-15
I intend to set up a small Wireless Internet Provider (for about 30 people). I was thinking of using a sort of VPN for authentication. Would this work:

- Server with 2 network cards. One of them connected to the Internet link, the other to an access point that's in bridge mode. Maybe some security in the AP in the form of MAC address-locking.
- VPN (PPTPD) on the server.

On the client:
- AP set to AP client mode capable of authenticating through PPTP.

I think this would provide me with user/pass authentication (which is something I want), and some security. If someone want's to hack it, at least they'd have to bypass the MAC and PPTP security, which is better than nothing.

Or am I totally wrong?

Regards,

TJ
0
Comment
Question by:tjbraza
3 Comments
 
LVL 14

Assisted Solution

by:arrkerr1024
arrkerr1024 earned 200 total points
ID: 20374251
Are the 30 people the same every time?  In other words, is it a fixed pool of people, and you can register their machines or mac addresses ahead of time?

Maybe WPA-Enterprise is something you should look at - it is supported by most APs and most OSs and you can do anything from windows authentication to a radius server to shared key authentication.

The VPN should work as well, but I'd go for WPA/WPA2-Enterprise.
0
 

Author Comment

by:tjbraza
ID: 20375446
Yes, they are the same 30 people always. Their MAC address is known beforehand because the client AP is provided by me.
0
 
LVL 2

Accepted Solution

by:
hattmardy earned 300 total points
ID: 20384588
Yes what you're doing can work. A lot of people do it with PPTP, or even PPPoE. You can find CPE equipment that use those protocols:
http://www.deliberant.com/estore/web/pc-1167-7-dlb2112-80211bg-12dbi-integrated-radio.aspx

You can set this in WISP mode with the WAN type as PPPoE. This particular model supports both PPPoE and PPtP.

This is much better than MAC authentication only because it is very easy to spoof MAC addresses, so it's not very secure.

And as arrkerr1024 said, WPA2-enterprise is also a good solution.

-Matt
<a href="www.matthardy.info">Matt Hardy</a>
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question