On Wed, 3 Oct 2001, Austad, Jay wrote: > I'm thinking either IPSec (Freeswan), or CIPE between access points for > encryption. Freeswan would probably be best because it will work with other > IPSec implementations. With CIPE, I think you are stuck connecting to only > other CIPE boxes. Thing I like about Freeswan is that you can also set up Windows boxes to authenticate against it. One of our clients is going to be doing a 2mi wireless link between two buildings, running an IPSec gateway on each end doing encryption over the link.. they may also end up wanting wireless clients within the building(s), if they do, it'll be simple to generate a X.509 cert for each of the clients, and have them authenticate to the freeswan box before they get anywhere. :) I guess you havne't actually implemented any of this yet? It sounded like you had. :( > As for routing, we can run OSPF on each node and broadcast a default route > in from each internet connection point. Anyone on the network will be > routed out the closest internet connection. However, BGP would be the way > to go. We don't need to broadcast any routes, just pull them down from a > router just outside each internet connection. Most use authentication, > however, MANY also have public snmp communities, and you can pull the table > via snmp, however, getting it into your local routing table might be a > problem. Initially, OSPF and injecting default routes is probably the best > solution. You happen to have any links to OSPF under Linux (Zebra, or something else?)? Never played with it.. haven't actually really searched OSPF all that much, should do that one of these days. :) -- Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700 http://www.real-time.com | Fax : (952)943-8500