RADIUS Setup

10 posts / 0 new

Sat, 01/02/2016 - 00:56

n4ldr

RADIUS Setup

I have a Tunnel connection to an existing mesh network..
I see there is a ppp-mod-radius package in the list.

Any information how to setup / configure the Radius to not interfere with the Tunnel, but block un-authorized internet traffic thru the mesh-network ?

73 N4LDR

Sat, 01/02/2016 - 12:13

K5DLQ

Mesh tunnels do not use ppp,

Mesh tunnels do not use ppp, they use vtun

Sat, 01/02/2016 - 12:43

n4ldr

Security

Understand the vtun, but it does required wan.
My concern is to not allow the wan connection for internet usage from other computers on the mesh without some sort of login.

Was wondering if anyone had setup the RADIUS protection.

Sat, 01/02/2016 - 14:07

(Reply to #3) #4

wb6tae

If you are looking to secure

If you are looking to secure outbound connections from the mesh to the wan/Internet, you should probably look at doing some kind of access control between your gateway mesh node and the outside world. This would be similar to hotel access systems, and usually involves some type of access router. You could use a small Linux box, like a Raspberry-Pi as the gateway/control router. A user would have to login to a web service running on the gateway router to authenticate themselves and enable routing to the outside world - and/or you could control access based on MAC Address of IP Address.

I cannot point you to any specific tutorials or instruction. But, a quick search turned up this page: https://mohammadthalif.wordpress.com/2010/12/14/list-of-open-source-capt...

CAVEAT: Given the huge amount of commercial content on the Internet (virtually every page as an ad of some sort), allowing mesh users open Internet access is bound to lead to Part-97 rule violations.

Sat, 01/02/2016 - 13:25

wb6tae

RADIUS will not provide any

RADIUS will not provide any additional security protection over a local password. It only provides a centralized service for managing access accounts.

Also, it is not clear whether the module you have noted is a client mod to be used in accepting a pop connection, or a server, though I strongly suspect it is the former.

Sat, 01/02/2016 - 13:33

K5DLQ

And.. The purists will say

And.. The purists will say that "breaks" the mesh because a WAN route is advertised but may not be an available route.

Sat, 01/02/2016 - 17:50

(Reply to #6) #7

n4ldr

Well the open access to a

Well the open access to a computer on the mesh is what I wanted to prevent to keep it in Part 97.
I really don't want to become a internet provider LOL
Saw the radius in the package list and assumed someone already thought about this and put it in the list.

Guess the better solution will be to use a openwrt router with HotSpot Scripting to manage the connections.

Thanks

Sat, 01/02/2016 - 17:50

(Reply to #7) #8

n4ldr

Well the open access to a

Sat, 01/02/2016 - 18:55

(Reply to #8) #9

KG6JEI

Just don't check the "mesh

Just don't check the "mesh gateway" checkbox and you will not be an Internet gateway (even if you are a tunnel connection).

Locally in San Diego we have agreed no one will enable that feature as an example.

Sat, 01/02/2016 - 20:02

(Reply to #9) #10

wb6tae

One good reason for a wan gateway

I can think of one good reason for having a mesh-wan gateway: Updating the package list and accessing other software sources specific to mesh operation (like the AREDN code). However, if that is the desire, a very simple firewall on a access router would eliminate any chance of abuse.

Amateur Radio Emergency Data Network

Menu SF

You are here

RADIUS Setup

Amateur Radio Emergency Data Network

Search form

Menu SF

You are here

RADIUS Setup