VAP



  • Anyone playing with Sam Leffler's VAP patch yet? Comments?

    http://groups.google.com/group/mailing.freebsd.current/msg/55273fc20d613aaa

    I need to set up a fresh build tree before I can try it, mostly academic curiosity as I have no pressing need for it in a simple home network setup.



  • We have been following this discussion and are interested to bring that feature to pfSense. However there has not been made any serious attempt yet to integrate it. You are welcome to test and report back what you find or even to provide patches  ;)



  • As I seem to remember being noted in the pfSense blog, this is going to be some way off production yet. FreeBSD 7.0 has only just released; this patch is against -CURRENT, which is unlikely to see the light of day as FreeBSD 8.0-RELEASE for another 18 months or so. It may be more or less than that; at the moment there's no published roadmap for FreeBSD 7.1-RELEASE, let alone any thought of turning HEAD into a release.

    I doubt it's possible to merge this work to RELENG_7 easily. Since RELENG_7 was branched and HEAD opened for checkins again, the two branches have diverged quite significantly, meaning that code in HEAD isn't always easy to apply to RELENG_7. It may well break the ABI, which is against the rules of a FreeBSD -STABLE branch, so any patch could not then be checked into RELENG_7. I expect this to need quite a bit of work for drivers to catch up and for the whole set of changes to become stable, simply because it's groundbreaking code.

    Even if it's impossible for this to be checked in to RELENG_7, it may be that someone produces a patch for RELENG_7 that the pfSense developers could apply before building pfSense, in much the same way as there's a IPsec NAT-T patch that has been made for RELENG_7. The NAT-T patch which breaks the ABI so can't be merged to the -STABLE branch - sadly this feature 'missed the boat' for FreeBSD 7, much as I hope the patch will be adopted by one or more FreeBSD developers and checked in to HEAD. Such a patch for this code will likely be some while off.

    VAPs are useful for me. I'm using 3Com 8760 access points on my setup. For example, I have a couple of older devices that support WPA but not WPA2; I can make them use a separate WPA only VAP, and use my RADIUS server to enforce that the devices that lack WPA2 support are the only devices that can use the WPA VAP. The 8760 operates with 802.1q tagged VLANs; you can set a default VLAN for each VAP and use your RADIUS server to direct the AP to bridge to a different VLAN when you wish to do so. VAP, VLAN and RADIUS makes for a powerful combination.


Log in to reply