Wireless Masochism

Hans Fugal hans at fugal.net
Tue Jul 5 12:01:58 MDT 2005


There's two problems between what you and Bryan said - routing and
layer 2 traffic (like IPX). 

Routing is only as complicated as you make it. What you really want is
for the vpn peer to be your default route.  You can either have the
server push the default route option, or configure the client to set the
default route.

Layer 2 traffic, if you care about it, is solved by using tap mode
(bridging). 

There's always a hybrid of course - you could allow or disallow certain
things when not using the vpn. e.g. if you allow web traffic without a
vpn setup, joe schmoe visitor can do 90% or more of what he does without
you needing to fuss with the VPN or even WEP keys. ssh and other
encrypted stuff you might allow sans vpn because it's already encrypted.
ICMP comes to mind too... all these complicated "should I..." questions
are what made me too lazy, and I just left WEP on (for rudimentary
authentication) and don't enforce VPN although I do use it myself from
time to time.

On Tue,  5 Jul 2005 at 11:03 -0600, Von Fugal wrote:
> The only pain I see is routing through the VPN once set up. You could
> either use UDP over VPN to do dhcp from the VPN server and set the route
> that way, but then you have to be careful not to lose your route through
> the wireless router.
> 
> I've thought about taking this approach to wireless security and this is
> the barrier that has prevented me from trying until I have enough
> ambition. I also share my wireless with a few people and wouldn't thrust
> upon them the need to manually set up routes each time they connect.
> 
> Von Fugal



> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='

-- 
 .O.  Hans Fugal            | De gustibus non disputandum est.
 ..O  http://hans.fugal.net | Debian, vim, mutt, ruby, text, gpg
 OOO                        | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95  CB5E FC98 E8CD E0AA D460
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20050705/7ffe2876/attachment.bin 


More information about the PLUG mailing list