Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Mar 2003 15:20:15 -0800 (PST)
From:      Mike Hoskins <mike@adept.org>
To:        net@freebsd.org
Subject:   Re: AirportExtreme with FreeBSD HostAP
Message-ID:  <20030324150614.P15938-100000@fubar.adept.org>
In-Reply-To: <000001c2f197$0bfa8b80$cd00a8c0@grievous>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

(I removed the -questions CC, looks like this is moving to -net...)

On Sun, 23 Mar 2003, Aaron Daubman wrote:
> >From my experiences, I cannot get my PowerBook to connect to my FreeBSD
> 4-Stable (built 2 nights ago) HostAP, WinXP clients work fine.

I've only had experience with a couple APs in infastructure mode...
However, I've seen this issue in the past.  Actually, at the time, it was
a XP client having the problem...  So maybe it is just some config detail?

> The PowerBook returns invalid password (128bit wep Key entered in Hex)
> supplied.

Of course you've re-checked for typos.  Aren't 26-character hex keys fun?

> Has anybody had experience getting an AirportExtreme client to work with a
> FreeBSD HostAP? Any Pointers? (Must I disable WEP (as useless as it may
> be...)?)

At least with WEP you obscure the data for some reasonable amount of time.
You can change the keys regularly to mitigate playback, and some APs and
NICs have this built in.  Granted, you don't verify or control connection
attempts with WEP alone, but you do obtain some benefit.  MAC filtering
and the like in conjunction with WEP can provide reasonable security.
IOW, I wouldn't jump to just turning WEP off unless you have no other
alternative and know anything intended for transmission across the network
in question is "cleartext-able"(sm).

I actually just use a dumb 802.11b (Netgear) AP in infrastructure mode at
home now.  It dangles off a "DMZ" interface on my FreeBSD firewall.  That
interface only has Squid and dhcpd bound to it.  DHCP listens for requests
and only assigns IPs to MACs I know about.  Transparent redirection forces
all web traffic to Squid, and Squid won't allow any access except from the
manually-keyed IPs in dhcpd.conf.  Pretty secure, and no "client" or
driver issues.  I've got 2k, XP, OS 9 and X clients.  (House full of
geeks.)  I know that's not much help, but do you have to use HostAP?  :)

-mrh


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030324150614.P15938-100000>