Fantastic news ;) !! We use some ddwrt, openwrt routers, coovap (ubuntu) and higher end Meraki / Ruckus stuff. Might be a pain to configure each. What about the idea of a common shared secret and then assigning a 'network' or huntgroup to each user. We could then block end users authenticating from a nas with a called-station-id which wasn't in db (or if a network wasn't set). Just an idea? On 24 Oct 2011, at 22:26, Arran Cudbard-Bell wrote:
On 24 Oct 2011, at 23:09, Jennyanydots Napoleon Shoehorn wrote:
This is very interesting, really appreciate the replies.
Other than using a VPN, how do other wifi providers actually operate securely?
They don't :)
It's either VPN or same shared secret. If your equipment is running something like DD-WRT or Open WRT, it should be possible to cross compile FreeRADIUS and setup a RadSec gateway on the Access Point.
The code works and PKI administration isn't as bad as everyone thinks it is.
-Arran
Arran Cudbard-Bell a.cudbardb@freeradius.org
Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html