Currently I use WEP encryption to secure my private WLAN. But WEP is little bit old... and hackable. So I tried to setup WPA on my Linux-laptop, but with no success 
I don't know what I do wrong, although I don't want invest a lot of time in it. What I want, is an open wifi network (no WEP/WPA/WPA2) where everybody is free to connect to... but they don't have Internet-connectivity, only when you are able to set up a VPN-connection to the gateway.
Unauthorized users will have the next access:
- Connection to a webpage, which tells them that the must be authorized to get access to the Internet
- DHCP-lease in the 192.168.250.0/25
- DNS which resolves 'everything' into the gateway name (where the webpage is running) 192.168.250.1
- Able to connect to port 22 (SSH) and login when they have an account
- Able to connect to port 1194 (OpenVPN) to setup a VPN-connection
Authorized users will be able to:
- Setup SSH-tunnels for their connectivity
- Setup VPN-connection for their connectivity
When we draw a graph of this all, we will have somehting like this:
