Specializing in
Long Distance
Wireless Networking.

ADSL Sharing - Howto

This page documents one of the most common wireless networking applications; sharing a single ADSL (broadband) connection with your neighbours/friends.

			Legal Issues
			Typical Design
			Security
			Design

Legal Issues

In Australia, the ACA is responsible for setting the rules, and have released this fact sheet that explains the licensing requirements for Wireless LANs (WLANs). The bottom line seems to be: If you charge money for your wireless LAN, then you are a carrier, and require a carrier license (expensive!). Conversely, it would seem that if you share your ADSL connection with some friends and don't charge them, then the ACA has no problem with that.

But what about your the ISP? Every one is different; some prohibit such sharing, and some allow it. You will need to consult the agreement between the ISP and the ADSL customer to determine what they permit.

Typical Design

Click on the diagram at right to see the typical design

The main elements of the typical design are as follows:

	Friend #1 has the ADSL Internet connection. That connection is assumed to be provided by an Ethernet ADSL modem, and the local network is protected by a standard Router/Firewall.
	Friend #1 also hosts a FreeNet. It is provided by a wide-beam antenna connected to an Access Point (AP). A Router/Firewall protects the local network from the wireless network. (It should always be assumed that any wireless network will be the target of hackers). This Router/Firewall also supports Virtual Private Network (VPN) tunnels, so that the other friends can access the Internet, but hackers are blocked.
	Friend #2, Friend #3, ..., Friend #n. These are identical in design. Each has an AP Client connected to the AP at Friend #1's house, using narrow-beam antennas. Again, a Router/Firewall protects each friend's local network from wireless hackers. Also, these Router/Firewalls must have VPN support - so the friend's can get through to the ADSL connection.

Security

We should always assume that any wireless network is insecure. The current state of the built-in encryption (WEP) is such that it is very broken. Other techniques such as MAC-address or IP-address filtering are quite easy to subvert. So, we will assume we have to add our own level of security over the top of the wireless network, so that even if a hacker does get access to the Wireless LAN, he/she will not get into the private LAN of any of the Friends.

If you are a network security expert, and/or well versed in setting up your own Linux PC as a firewall/router, by all means do so - you do not need to read this section. For the rest of us, the easiest and cheapest way to build our FreeNet securely is to buy stand-alone Router/Firewalls - the ones that include built-in IPSec VPN firewall support.

The requirements of your Router/Firewall with VPN are:

	1 x WAN port (RJ45 ethernet)
	1 (or more) LAN port(s) (RJ45 ethernet)
	VPN (IPSec based) support. Include VPN client, and VPN server support. Number of supported VPN tunnels must be at least equal to the number of client Friends.
	Good price
	Reliable firmware

The following products are recommended as suitable

Linksys WRT54GS, loaded with OpenWRT firmware.

Design

Because the Linksys WRT54GS includes a wireless interface, this is the box of choice as it saves you buying separate APs.

	Each 'friend' in the above diagram has a Linksys WRT54GS, loaded with OpenWRT firmware.
	Friend #1 configures his wireless interface into AP mode. The other friends use their WRT54GS as wireless clients.
	All WRT54GS configured with a suitable VPN package. OpenVPN or OpenSWAN are suitable.

Copyleft: Rob Clark 2003 Comments?: Webmaster

FWD Number:
71950

Recommended Site: