VPN advice (was Re: [ale] [OT] WEP auth modes)

[Chris Ricker]

On Wed, 5 Mar 2003, Joe wrote:

> I know it's insecure. And I've decided I've got to do something about
> that.  My wireless boxen are a WinXP box (gag, retch), a WinME box
> (choke, hurl), and a laptop that may have a number of different OS's
> on it in the near future, including Gentoo Linux (installing now),
> FreeBSD, OpenBSD, Red Hat 8, and Lycoris Linux.  I need a VPN solution
> that will work for all those. I admit to being frightened of IPsec,
> but I suspect it's the only game in town. Is there some good
> documentation (web site, book, whatever) that will make it possible to
> get IPsec working on all these platforms without losing much more
> hair? I've done the "PPP-over-SSH" thing before, between Linux
> boxen, but I doubt there's a Windows solution that will play that
> way. Am I wrong?

IPSec is your best bet for that range of platforms. Setting IPSec itself
up isn't that difficult with most implementations. Where it gets fun is
getting different implementations to play together ;-). On the Linux side,
use Super FreeS/WAN <http://www.freeswan.ca/code/super-freeswan/> to
simplify the interoperability with Windows.

Another solution you could use is CIPE
<http://sites.inka.de/sites/bigred/devel/cipe.html>. It's IP or Ethernet
tunneled over encrypted UDP. Setting it up is a little simpler than
IPSec, and it's available for both Linux and Windows. I don't think there's
any *BSD support though (could be wrong -- I mostly use IPSec).

> Also, my AP is on the same Ethernet segment as all my other machines.
> I suspect that's bad, and I should put a firewall between the
> AP and the rest of my network. Presumably that FW would be one end
> of the VPN.

Yes.

> It seems to me that folks will still be able to sniff
> my wifi network and find out MAC addresses and so forth, even with
> a VPN in place, correct?

Yep.

later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale