Using OpenBSD to build a secure access point

Posted by Fred C (W6BSD) on Sep 24 2012 - updated on Aug 18 2015
Alix PCEngine

At home I have two networks, one for my family and me and one for my guests. Once you are on the family network you can access our backup server, our music and video server, our printers, etc. The guest network can only access to the internet.

To build that network I used two embedded computers made from Alix boards from PC-Engine. These little boards are great for building small network appliances. They are affordable, versatile, and great for encryption. They are powered by an AMD Geode which contains an encryption coprocessor. OpenBSD takes advantage of that coprocessor to accelerate the network encryption from WAP to ssh. These boxes are good candidates for encrypted tunnels.

For this network appliance I use an image that I have created using the tool flashrd and an OpenBSD 5.6 image.

You can download a flash image directly from the flashrd website.

Bridge configuration.

An I have installed an Atheros IEEE 802.11a/g/n card on my Alix box for the wireless network. The first thing is to bridge the WIFI card and the NIC card connected to the router.

$ cat /etc/hostname.bridge0
add vr0
add athn0 -learn vr0

Now that the interfaces are bridged together you can configure the WIFI network interface. Of course you will need to replace the Xs in the field @wpakey@ by your password. Unless you want your password to be 8 Xs.

$ cat /etc/hostname.athn0
up media autoselect mode 11g mediaopt hostap chan 4
   nwid GuestNet wpakey xxxxxxxx

And finally configure the network interface that will be connected to the main router.

$ cat /etc/hostname.vr0

Your friends now can enjoy your network.

 Network      OpenBSD      Embedded