On Wed, 3 Oct 2001, Austad, Jay wrote:
> I'm thinking either IPSec (Freeswan), or CIPE between access points for
> encryption.  Freeswan would probably be best because it will work with other
> IPSec implementations.  With CIPE, I think you are stuck connecting to only
> other CIPE boxes.

Thing I like about Freeswan is that you can also set up Windows boxes to
authenticate against it.

One of our clients is going to be doing a 2mi wireless link between two
buildings, running an IPSec gateway on each end doing encryption over the
link.. they may also end up wanting wireless clients within the
building(s), if they do, it'll be simple to generate a X.509 cert for each
of the clients, and have them authenticate to the freeswan box before
they get anywhere.  :)

I guess you havne't actually implemented any of this yet? It sounded like
you had.  :(

> As for routing, we can run OSPF on each node and broadcast a default route
> in from each internet connection point.  Anyone on the network will be
> routed out the closest internet connection.  However, BGP would be the way
> to go.  We don't need to broadcast any routes, just pull them down from a
> router just outside each internet connection.  Most use authentication,
> however, MANY also have public snmp communities, and you can pull the table
> via snmp, however, getting it into your local routing table might be a
> problem.  Initially, OSPF and injecting default routes is probably the best
> solution.

You happen to have any links to OSPF under Linux (Zebra, or something
else?)? Never played with it..  haven't actually really searched OSPF all
that much, should do that one of these days.  :)

Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500