-3

I have a business proposal to build a wireless Internet service to an entire building where people would be charged very few at the expense of potential low speed. Anyway the drawing would be something like this:

13 APs ----> OpenBSD ----> DSL Internet

OpenBSD would be used as a router.

Has anyone try that?

Ideally, the scenario would be like this:

  • Wifi SSID would be broadcasting throughout the building.
  • Users would be allowed access to the Internet by their MAC addresses.
  • QoS must be used to stop abuse of the bandwidth.

Is that even feasible with OpenBSD?

Thanks!

voretaq7
  • 79,879
  • 17
  • 130
  • 214
ohmyidontknow
  • 1
  • Why would you use OpenBSD than let's say just put ian a small Miktorik which is fully optimized for this task? With the advantage that the hardware likely costs a LOT less than what you want to pay for your OpenBSD thing (in the range of 100 USD). – TomTom Aug 11 '12 at 06:42
  • 2
    MAC addresses are trivial to spoof, even by non technical people. – Hennes Aug 11 '12 at 06:44
  • @TomTom - I'll take a look! OpenBSD because of the nerdish challenge, but money comes first this time I guess. – ohmyidontknow Aug 11 '12 at 06:48
  • 2
    Not only. Nerdish Challenge is fine at home, it is utterly - sorry - stupid when other people have to pay the price of a nerdish challenge. I rather prefer some hardware with a third party maintained firmware and a support helpline. Nothing against OpenBSD, but some router manufacturer that makes stuff specializd among other things for wireless ISP's is a LOT better in a position to give you good service than a nerdish challenge ;) – TomTom Aug 11 '12 at 06:50
  • @Hennes Wouldn't OpenBSD take care of that? – ohmyidontknow Aug 11 '12 at 06:50
  • 2
    No. The network only sees which MAC the user provides. And even with encryption turned on the MAC will be (and must be) transmitted without encryption. Anyone can listen in and see which MACs are being used. And almost all wireless drivers allow you to set your own MAC. Thus anyone can listen, wait for the other to turn off he laptop and then 'steal' their access. – Hennes Aug 11 '12 at 06:52
  • @Hennes You're right. Though, I don't think many people would be smart enough to do that inside the broadcast domain. And if they did, the QoS would put them under some level playing constraint, and my 'boss' would call me to fix it (more $ perhaps for that new feature). Greedness aside, MAC registering seems not the way to go definitely. – ohmyidontknow Aug 11 '12 at 07:02
  • @TomTom The service doesn't need to be great at first. I was thinking of making it great later. Many ideas... Well, you're right. I should just do a good job and take my money. Thanks for the tips! – ohmyidontknow Aug 11 '12 at 07:06
  • 1
    A *solution* looking for a *problem*? – ewwhite Aug 11 '12 at 07:55

1 Answers1

2

It is feasible, but maybe it is not quite as trivial as you think.

There are a few points to consider, which are not mentioned in your post, but which are crucial:

  1. OpenBSD is rather secure, but someone will need to keep it updated. (OK, same is true of any OS. And even for devices with what seems 'no OS' but 'just a firmware').
  2. Frequency bands. Careful plotting of which channels and how much broadcast power is needed.
  3. Number of users per AP (20-30 seems normal. Less if you use encryption).
  4. MAC addresses are trivial to spoof. If you want to limit it use WPA2 with a decent key.
  5. Legal issues. On whose name is the network connection. What is somebody does something illegal. Do you keep log files to shift blame? Are you allowed to log at all (privacy). You will probably need to mention this at the Captive portal.
  6. Power to access points (are they expensive enough to rewire and put them behind an UPS).
  7. Power to the BSD server. Does it boot unattended?

As to setting up a captive portal with OpenBSD and pf: This site seems has a nice description and that part seems easy enough. I really should copy and paste part of that here, but I can't find the copyright and that site.

Hennes
  • 4,842
  • 1
  • 19
  • 29
  • Maybe there is a chance for OpenBSD after all... =) Look, to put some perspective... I live in this shitty building, but really close to my nice job. I live there because traffic is too stressful. I don't know the details, but those guys certainly don't seem to care if it's legal or not. Yes, I'm not even sure they'll pay me after all... So, no need to UPS, etc... Anyway, back to the project... The ideal thing would be: - SSID broadcasting freely. - User connects and is directed to web page instructing him/her to contact those responsible for the service. – ohmyidontknow Aug 11 '12 at 07:21
  • So the project don't need to be perfect at first. I would like to make it perfect, as they pay me extra $ (for UPS, load balancing, etc). I guess I need more research, but I won't give up on BSD just yet. Thanks anyway! – ohmyidontknow Aug 11 '12 at 07:34