Wireless Masochism

Andrew McNabb amcnabb at mcnabbs.org
Mon Jul 4 21:22:38 MDT 2005


On Sat, Jul 02, 2005 at 10:42:05AM -0600, Charles Curley wrote:
> 
> Question: how do I get the security to work with the Linuxant driver
> loader?
> 

I'm going to be redoing wireless security in a few weeks in my
apartment.  I'm sick and tired of WEP, WPA, and everything like that.
It's just not my style.  So what I'm going to do, which I really think
will work well, is the following:

1) The wireless access point will be hooked up directly to a firewall.

2) The firewall will not route any packets from the wireless interface.

3) Only one port on the firewall will be open on the wireless interface.

4) On that  port will listen OpenVPN (supported on Linux, *BSD, Mac OS,
Windows, and others).

5) If you want to get onto the Internet or any other usable network, you
have to connect to the VPN, and all of your traffic will be encrypted
with SSL.

I've been using OpenVPN for the last week or so, and I've been extremely
impressed.  On all platforms I've tried, it's been very easy to set up
(3 to 10 minutes to install, and 0 to 10 seconds of user time to get
connected once it's installed), and it's been very robust.  I really
like the degree of configurability, the straightforward nature of the
documentation, and the overall simplicity.  It's one of the few projects
I've run into where every time I try to do something I think will be
difficult, it ends up being ridiculously easy.

In the end, this approach for wireless security seems so much simpler
than WEP/WPA, and it doesn't matter if your WAP or wireless NIC
manufacturer is an idiot (and they ALL are).

This is still 30% theory, so I'll let you know in a week or two how it
goes.

-- 
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55  8012 AB4D 6098 8826 6868
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20050704/d146e7aa/attachment.bin 


More information about the PLUG mailing list