[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] ipcop, bot and wireless
From:       "Stefanos E. Tsorakis" <ad.ts () fit ! ac ! cy>
Date:       2010-06-10 20:58:08
Message-ID: 052b01cb08df$a1091f90$281d2ac2 () sysadmin
[Download RAW message or body]

For what is worth, we had the same situation but on an academic network. 
Students should be only able to connect on the internet and staff should be 
able to access other services on the wired network as well.

The solution is quite simple actually. IPCop with RED,GREEN, BLUE and 
ORANGE, on the BLUE network the only device listed is the captive portal 
machine, which in turn is connected on PoE switches were all 40 access 
points are connected from multiple buildings. The captive portal is giving 
out IP addresses to the wireless clients and it is configured to use Active 
Directory for logons but it could be configured to use local, radius or 
other LDAP source for authentication. When anybody, students and staff, are 
connected on the wireless they can only access port 80 and 443. If any 
member of staff require access on the internal network they have to connect 
via OpenVPN and then they have full access.

With this solution you meet your requirements of having a firewall between 
BLUE and GREEN and I do not think that having to connect with OpenVPN which 
takes a mere few seconds would be such a big problem for your internal 
staff.

Hope this helps

----- Original Message ----- 
From: <fernando@lozano.eti.br>
To: "Kyle Hutson" <Kyle@nrg-inc.com>; <ipcop-user@lists.sourceforge.net>
Sent: Thursday, June 10, 2010 1:08 AM
Subject: Re: [IPCop-user] ipcop, bot and wireless


> Hi Kyle,
>
>
> We do use OpenVPN (Zerina) and that is my fallback plan if I can't get 
> anything more transparent for
> employees on the wireless network. I suppose connecting to Zerina from 
> blue or gray would be the
> same as from red, but have not tried yet
>
>
> []s, Fernando Lozano
>
>> > Our network covers a wide area spread between non-contiguous floors on
>> > the same building. It's an
>> > area of heavy eletromagnetical interference. It was already very hard
>> > to deploy the current wireless
>> > network, my boss won't like the idea of deploying a seccond set of APs
>> > and cables connecting them to
>> > the backbone. :-(
>>
>> It also sounds like you should be using secure protocols for employees
>> to access the LAN.
>>
>> Suggestions for that include
>> - OpenVPN on the IPCop box
>> - PPTP if everyone is using a Windows server on your LAN
>> - SSH if you've got a Linux server on your LAN
>> - RDP ("remote desktop") from the laptops to their respective desktops
>> or a terminal server in the LAN (but somehow I doubt that if they're not
>> springing for more WAPs, they're also not springing for extra PCs).
>>
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> IPCop-user mailing list
> IPCop-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ipcop-user 


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]