if i can use for my Wisp, the VPN for connection the CPE to AP, i will very happy, i no want use WEP or WPA ,etc
the idea is, only filter in the AP with Mac address list, and in the side of customer, (the customer use a PCI card 802.11) can connect easy to my AP he only need the SSID. and run the wizard for make a VPN connection to MK
ok perfect work very great, i think the hacker no can broken the WEP, and my user no need to know the pre-shared key in WPA.
now, i am thinking, how filter or only give internet a my VPN user, only, because when the user make layer 2 connetcion (WIFI), no wake-up the VPN connection, he will need a IP address, for later make the VPN connection to MK
i want, only give internet the validate user in VPN in MK, this is easy, my problem is for make the logical for filter the internet (no give internet to user only connect to AP normal, example
the user power on the computer, and turn-on the wifi connection, the MK give a 192.168.0.23/24 ok perfect, he try to go to internet , but the MK (i dont no how, filter the service to internet), the user turn-on the VPN connection and the MK give internet only in the tunnel.
the idea is put more security, and more flexibilty, because some radios only work in WEP, other PCI card in WEP and WPA, and have problem for security, if i can make give internet only the VPN customer, is very great
i make this, the VPN PPTP to MK perfect, i test with mangle, for see the VPN trafic, but only see trafic when the user login VPN, i want mangle the established traffic no only the packet of login.
i don´t know is clear my request.
the user in 192.168.0.23/24 have IP by Dhcp MK but i no want he go to internet.
when make the VPN connection have 192.168.100.45/23 ,etc and he can work with internet
now you think
filter in firewall the 192.168.0.0/24 but no work because, the user can put the IP static example 192.168.100.x and gateway ,etc and go to internet (and no need the VPN), internet free
somebody have a idea for make this, only give internet a VPN user in LAN wifi