[opensource] DD-WRT bridge and OSU wireless

Ian Shortridge ianshortridge at gmail.com
Mon Feb 22 14:40:26 EST 2010


blah blah blah, spanning tree spanning tree spanning tree, someone saying
don't do it is enough motivation for you to try it.

On Mon, Feb 22, 2010 at 12:14 PM, Brian Swaney
<swaneybr at cse.ohio-state.edu>wrote:

> First off, I think OIT not only doesn't support routers for things like
> this, but strictly forbids them. You might get in a lot of trouble if you
> try to bridge osuwireless on something like that. I know ResNet does, but
> I'm pretty sure that applies everywhere. This is because your setup puts you
> in a position where to effectively perform a man-in-the-middle attack on
> anyone in range connecting to "osuwireless". Unless you have explicit
> permission from OIT to bridge a wireless connection with a router, I would
> stop right now. Also, everything said on this mailing list is logged and
> publicly archived, so if something happened, they could just see your
> inquiry on our website. I'm going to give a brief explanation of what I see
> going wrong; what you do with it is up to you.
>
> As for your configuration, the biggest problem I see is you have it set to
> "WPA Personal". I don't know much about DD-WRT specifically, but WPA
> personal is a completely different setup from WPA enterprise, which is what
> you want. Therefore, DD-WRT is asking you for all the wrong settings. What
> you will want is WPA enterprise, TKIP, PEAP, and MSCHAPv2. In those
> settings, you will need enter a username and password, and probably select a
> certificate (authority) instead of entering a pre-shared key (PSK). I do not
> know the key renewal interval for osuwireless.
>
> Furthermore, if you're trying to create an osuwireless SSID, OIT has their
> own specific (undocumented) settings you would need to configure. I think
> you will need a signed certificate for it to work, but I don't know the
> specific settings as to how many certs exist per device. Instead of trying
> to connect to osuwireless and share it, you'd want to consider connecting to
> a wired connection like most osuwireless routers.
>
> --
> Brian Swaney
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.cse.ohio-state.edu/pipermail/opensource/attachments/20100222/80dad975/attachment-0001.html


More information about the Opensource mailing list