Using OpenBSD to build a secure access point
At home I have two networks, one for my family and me and one for my guests. Once you are on the family network you can access our backup server, our music and video server, our printers, etc. The guest network can only access to the internet.
To build that network I used two embedded computers made from Alix boards from PC-Engine. These little boards are great for building small network appliances. They are affordable, versatile, and great for encryption. They are powered by an AMD Geode which contains an encryption coprocessor. OpenBSD takes advantage of that coprocessor to accelerate the network encryption from WAP to ssh. These boxes are good candidates for encrypted tunnels.
You can download a flash image directly from the flashrd website.
An I have installed an Atheros IEEE 802.11a/g/n card on my Alix box for the wireless network. The first thing is to bridge the WIFI card and the NIC card connected to the router.
$ cat /etc/hostname.bridge0 add vr0 add athn0 -learn vr0 up
Now that the interfaces are bridged together you can configure the WIFI network interface. Of course you will need to replace the Xs in the field @wpakey@ by your password. Unless you want your password to be 8 Xs.
$ cat /etc/hostname.athn0 up media autoselect mode 11g mediaopt hostap chan 4 nwid GuestNet wpakey xxxxxxxx
And finally configure the network interface that will be connected to the main router.
$ cat /etc/hostname.vr0 dhcp
Your friends now can enjoy your network.