<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2">
</HEAD>
<BODY>
There is some experimental code flying around teh Openwrt project for just this purpose, Though it's not ready for prine time quite yet.<BR>
QOS is also slated in openwrt<BR>
<BR>
-Pete Flaherty <BR>
<BR>
On Wed, 2006-02-01 at 16:16 +1100, Jason Potter wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Hi All,</FONT>
<FONT COLOR="#000000">Can an account be automatically created for a particular mac address when it</FONT>
<FONT COLOR="#000000">tries to connect, so that it can be tracked?</FONT>
<FONT COLOR="#000000">Option 1 is what I think I am looking for.</FONT>
<FONT COLOR="#000000">I want people to be able to connect without logging in but be time limited</FONT>
<FONT COLOR="#000000">to 2 hours and speed limited to 64k.</FONT>
<FONT COLOR="#000000">Does anyone have this solution setup at the moment.</FONT>
<FONT COLOR="#000000">Cheers</FONT>
<FONT COLOR="#000000">Jason</FONT>
<FONT COLOR="#000000">-----Original Message-----</FONT>
<FONT COLOR="#000000">From: Benoit Grégoire [mailto:<A HREF="mailto:bock@step.polymtl.ca">bock@step.polymtl.ca</A>] </FONT>
<FONT COLOR="#000000">Sent: Wednesday, 1 February 2006 4:06 PM</FONT>
<FONT COLOR="#000000">To: <A HREF="mailto:wifidog@listes.ilesansfil.org">wifidog@listes.ilesansfil.org</A>; <A HREF="mailto:jasonp@iinet.net.au">jasonp@iinet.net.au</A></FONT>
<FONT COLOR="#000000">Subject: Re: [isf-wifidog] How to Auth non-browser based devices</FONT>
<FONT COLOR="#000000">On January 31, 2006 11:37 pm, Jason Potter wrote:</FONT>
<FONT COLOR="#000000">> Hi All,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Just an extension to the discussion below, what are the approaches to</FONT>
<FONT COLOR="#000000">> giving free wifi to devices in a venue that don't have a browser.</FONT>
<FONT COLOR="#000000">1-Tie MAC adress(es) to a single user account who vouches for it </FONT>
<FONT COLOR="#000000">(<A HREF="http://dev.wifidog.org/ticket/19">http://dev.wifidog.org/ticket/19</A>). Only slightly more insecure than normal</FONT>
<FONT COLOR="#000000">captive portal operation.</FONT>
<FONT COLOR="#000000">2-Whitelist specific servers ("perfectly" secure, allows the group to ask </FONT>
<FONT COLOR="#000000">money from their operators for the priviledge since they run a business on </FONT>
<FONT COLOR="#000000">your network). Good for the DS and VOIP operators, doesn't work for</FONT>
<FONT COLOR="#000000">allowing </FONT>
<FONT COLOR="#000000">you to connect to you own asterisk server for example.</FONT>
<FONT COLOR="#000000">3-Whitelist specific ports (such as SIP). Once you do that, anyone can</FONT>
<FONT COLOR="#000000">tunnel </FONT>
<FONT COLOR="#000000">any kind of traffic trough them.</FONT>
<FONT COLOR="#000000">4-Don't run any authentication at all. Works fine for those who only run a </FONT>
<FONT COLOR="#000000">portal to display a splash page and terms of service.</FONT>
<FONT COLOR="#000000">I hadn't tought of Pete's solution:</FONT>
<FONT COLOR="#000000">5-Whitelist a range of MAC adresses by manufacturer. Only works when the </FONT>
<FONT COLOR="#000000">manufacturer and the service to be whitelisted are the same, so it would</FONT>
<FONT COLOR="#000000">work </FONT>
<FONT COLOR="#000000">for the DS, but not for a wifi phone). Also, once the users know whose </FONT>
<FONT COLOR="#000000">device is whitelisted, they no longuer have to guess of find a MAC adress to</FONT>
<FONT COLOR="#000000">spoof.</FONT>
<FONT COLOR="#000000">If anyone has other ideas, please speak up. So far there is no perfect </FONT>
<FONT COLOR="#000000">solution.</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>