I tried getting chilispot working, but it needed to talk to my webserver/radius server which is the main thing i'm trying to protect. Since I also didn't feel like getting radius properly setup, I just punted and went for the simpler WPA-PSK configuration.

However before I went simple I split the wired and wireless networks into two IP address ranges, and I renumbered my IP address space out of 192.168.1

I followed wiki.openwrt.org/HotspotOpenvpnHowto to split the wifi (many nvram commands) Later I discovered that some of my problems getting chillispot working were actually caused by routing issues so I needed to add iptables -A FORWARD -i eth1 -o vlan1 -j ACCEPT # wifi to outside iptables -A FORWARD -i eth1 -o vlan0 -j ACCEPT # wifi to lan iptables -A FORWARD -i vlan0 -o eth1 -j ACCEPT # lan to wifi

I also added slightly more generalized commands to the firewall.user

Eventually I decided I didn't actually need the complexity of chillispot yet, and just started down the WPA-PSK path

http://openwrt.org/OpenWrtDocs/nas Gave some information on setting up the propritary wpa config tool.

I also installed wpasupplicant on my linux laptop. Theoretically it'd be better if I actually got the WPA2/cert mode working, but eh, i'm not ready for that yet.

To get wpa working on the WRT54G I needed to add

nvram set wl0_akm=psk nvram set wl0_crypto=aes+tkip nvram_wpa_psk=<password>

I needed both wl0_akm and wl0_crypto for openwrts nas startup script.

Next I need to move the mini out to the living room, and then set up a some kind of client box in my office. Do I try for getting LDAP authentication working so I can unify the passwords between my mac, my windows partition and all my linux boxen?