Enabling per-device traffic analysis with separate VLANs, 802.1x MAC based authentication, and OpenWRT

Why For analysing what devices do on a network - specifically the shared medium of a wireless LAN - just packet tracing based on IP address is often not sufficient. There are multicasts, the initial DHCP requests, and potentially other types of traffic not captured by that. Even MAC address based packet tracing is problematic given recent defaults of MAC address randomization e.g. on Android (default since Android 10, optional before).

Howto combine Chillispot with OpenSwan on one machine

Imagine the following setting: there is some (possibly 802.11a/b/g wireless) network, which can range from a single access point to a complete backbone network of access points working together via WDS, or even a wired network infrastructure. This (W)LAN should serve two purposes: act as an open “hotspot” type network where users do not need any special client configuration to use it (other than maybe a username/password combination or some prepaid account) simultaneously allow registered/special users to use it for purposes that are not open to the first public group These are usually seen as two different use cases, and both are already in extensive use.