Grant wrote:
>>> My Gentoo router's wireless network is encrypted via WPA and doesn't
>>> DHCP. I'd like to take this a step further in case my WPA key gets
>>> hacked. Can I issue only certain IPs to certain MAC addresses?
>>>
>>> Does WPA2 require hardware support?
>>>
>> I don't think so. It should just be a driver/firmware update if you've
>> got some device that supports WPA and not WPA2. The AES encryption of
>> WPA2 requires a little more hardware power than WEP or WPA normally
>> uses, but I don't think it needs any special chip or anything like
>> that.
>>
>> You can also do VPN over your wifi connection, and require it for
>> access to the rest of your network or the internet. At least then if
>> someone hacks your wireless key, they still can't do anything without
>> having your VPN certificate.
>>
>
> It sounds like VPN may be the strongest thing going. Could I turn off
> WPA and keep everything hidden within the VPN? Could I use a password
> instead of a certificate for access? Is the only downside that the
> client needs to have VPN software installed?
>
> - Grant
>
>
That's not much of a downside, VPN encryption (IPsec, SSL, L2TP, and
maybe PPTP) is usually more secure than that datalink-layer WPA or WPA2
anyway. As for if you can set it up without a certificate, I believe
that PPTP and L2TP can operate with nothing more than a "shared secret".
But, a certificate just makes it all the more secure. And yes, your
transmitted data will still be encrypted in a VPN even if you're using
an open wireless hotspot.
