This page documents one of the most common wireless networking applications; sharing a single broadband connection (eg ADSL, Cable, ...) with your neighbours/friends.
In Australia, the ACA is
responsible for setting the rules, and have released this
fact sheet that explains the licensing requirements for Wireless LANs (WLANs). The bottom line seems to be: If you charge money for your wireless LAN, then you are a carrier, and require a carrier license (expensive!). Conversely, it would
seem that if you share your ADSL connection with some friends and don't charge them, then the ACA has no problem with that.
But what about your the ISP? Every one is different; some prohibit such sharing, and some allow it. You will need to consult the agreement between the ISP and the ADSL customer to determine what they permit.
| Click on the diagram at right to see the typical design. |
 |
The main elements of the typical design are as follows:
- Friend #1 has the broadband Internet connection. That connection is assumed to be provided by an Ethernet ADSL modem, and the local network is protected by a standard Router/Firewall.
- Friend #1 also hosts a FreeNet.
It is provided by a wide-beam antenna connected to an Access Point (AP). A Router/Firewall protects the local network from the wireless network. (It should always be assumed that any wireless network will be the target of hackers). This Router/Firewall also supports Virtual Private Network (VPN) tunnels, so that the other friends can access the Internet, but hackers are blocked.
- Friend #2, Friend #3, ..., Friend #n.
These are identical in design. Each has an AP Client connected to the AP at Friend #1's house, using narrow-beam
antennas. Again, a Router/Firewall protects each friend's local network from wireless hackers. Also, these Router/Firewalls must have VPN support - so the friend's can get through to the ADSL connection.
We should always assume that any wireless network is insecure. The current state of the built-in encryption (WEP) is such that it is very
broken. Other techniques such as MAC-address or IP-address filtering are quite easy to subvert. So, we will assume we have to add our own level of security
over the top of the wireless network, so that even if a hacker does get access to the Wireless LAN, he/she will not get into the private LAN of any of the
Friends.
If you are a network security expert, and/or well versed in setting up your own Linux PC as a firewall/router, by all means do so - you do not need to read this section. For the rest of us, the easiest and cheapest way to build our FreeNet securely is to buy stand-alone Router/Firewalls - the ones that include built-in IPSec VPN firewall support.
The requirements of your Router/Firewall with VPN are:
- 1 x WAN port (RJ45 ethernet)
- 1 (or more) LAN port(s) (RJ45 ethernet)
- VPN (IPSec based) support. Include VPN client, and VPN
server support. Number of supported VPN tunnels must be at least equal to the
number of client Friends.
- Good price
- Reliable firmware
The following products are recommended as suitable
Because the Linksys WRT54GS includes a wireless interface, this is the box of
choice as it saves you buying separate APs.
- Each 'friend' in the above diagram has a Linksys WRT54GS, loaded with OpenWRT firmware.
- Friend #1 configures his wireless interface into AP mode. The other friends use their WRT54GS as wireless clients.
- All WRT54GS configured with a suitable VPN package. OpenVPN or
OpenSWAN are suitable.
