Using hostapd behind the AP (on the wired side)

Bryan J. Smith b.j.smith at ieee.org
Tue Sep 27 10:20:05 EDT 2005


Jan Lühr <listen at stephan.homeunix.net> wrote:
> Usually you use VPN-based approaches in this scenario.

I understand this.  But there might be scenarios where there
is a sister board to the AP board.

> Why do you want to use WPA?

It's not just to offer WPA, but a variety of authentication
mechanisms, including a more traditional RADIUS server.

Remember, we're not just looking to support standards-based
APs and STAs, but also proprietary ones.  Ones where the
vendor could use various options.  But we'd like to stick
with standards-based ones (WPA, 11i, RADIUS) by default.

> AFAIK WinXP is the first Win32 / Win64 actually
> supporting WPA - and there are hardly any applications
> supporting non-PSK WPA shipped with wlan cards.

Even WPA-PSK would be nice for starters.

> AFAIK wpa_supplicant/Win32 is in development and if
> you follow this list, you'll find problems refering
> some cards.

Yep, already noted that supplicant.  It would also be
something that could complement this solution.

> What is a "standard AP" in you opinion?

Something that is servicing 802.11a/b/g STAs.

> AFAIK freeradius is an independent project not covered by
> hostap.

I understand this.  But I also noted various capabilities in
hostapd as well.

> A lot of people use IPSec for these issues.

Yeah, I've been trying to argue such.

> So - why don't you do this?

We don't have our own radio yet to mass produce.
We're still relying on different vendors for those.

Furthermore, we have already, and we are still further
developing our capabilities that are geared towards mesh
(eventually 802.11s) augmentation.  That means no centralized
AS, but a localized AS, possibly to each AP, with
peer-to-peer replication.

What we're looking for is a codebase so we can support a
number of additional protocols, including WPA/802.11i.

> I guess most people just get appropriate hardware and have
> less problems.

And most people aren't dealing with 802.11 that goes 10 miles
and is a mesh, with no centralized back-end.  ;->

I.e., I'm not some SOHO geek trying to build an AP.  I'm a
developer further developing our peer-to-peer authentication
framework.  Not only for our products, but in a way that
would be useful for future 802.11s developments.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)



More information about the HostAP mailing list