Optional WPA and RSN
pjf at asn.pl
Thu Apr 21 13:28:04 EDT 2005
Since it's my first post on this list, I'd like to thank Jouni very much for
his outstanding work (hope the hostap project gives him a lot of fun and
The problem I'm trying to solve is wireless LAN in conference rooms - nothing
tough, I know, but I want it to be quite secure and compatible with current
standards - reason is obvious - Windows clients.
I have drafts of two possible solutions in my mind now - one is "purely
802.11" and the second needs extra software and encryption in higher layers.
The first - 802.11 solution - should work as following:
- clients connect without any encryption
- instead of first web page they get Chillispot authentication screen (UAM)
and info about possible encryption - WPA or RSN (for example with
authentication via PEAP)
- now they can reconfigure their systems, enable WPA2 and reconnect to AP once
more, this time securely, or login via Chillispot
- rest is done by DHCP etc.
BTW, the second solution would probably use PPTP or OpenVPN, but as they all
require more "clicks" by the end user and are some kinds of "work-arounds", I
would prefer the first method.
And here is my question: would it need a lot work (possibly hacking
hostapd/drivers) to make hostapd allow both no security at all and RSN (or at
least old WPA) at the same time on one access point?
pjf at asn.pl
More information about the HostAP