On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy stuff),
OpenVPN isn't exactly awesome on Windows.
No, but 'not exactly awesome' is pretty much a given
Joachim Schipper wrote:
On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy stuff),
OpenVPN isn't exactly awesome on Windows.
No,
On Mon, Apr 02, 2007 at 08:38:55AM -0500, Chris Black wrote:
Joachim Schipper wrote:
On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy stuff),
OpenVPN isn't exactly awesome on Windows.
---
Lars Hansson
mail-lists wrote:
This would be great. However, I've yet to find an IPsec client that's
'easy' to set up.. ie. an end user can do it. Perhaps you know of a good
way to solve this issue? I'd love to hear it!
TheGreenbow.
---
Lars Hansson
On Sat, Mar 31, 2007 at 03:03:06PM +1000, Sunnz wrote:
So both OpenVPN and Ipec are VPN? Which one is more secure? If I have
UNIX(like) OS only in my network which one can be used?
Yes, they can both be used to implement VPNs. Most operating systems
have some degree of support for IPsec, and
Hi Henning,
* Siegbert Marschall [EMAIL PROTECTED] [2007-03-29 22:13]:
If somebody does something bad with my unencrypted access-point
using my internet-access, here in germany I am liable.
no, you're not. it's not that easy. (and I just leave mine wide open)
well, I didn't say what you are
Eric Dillenseger [EMAIL PROTECTED] writes:
Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
For my own networks, that's exactly what I do.
Trouble is, you will encounter networks run by people who
computers... should be random and
long enough?
2007/3/30, Damon McMahon [EMAIL PROTECTED]:
From: Nick ! [EMAIL PROTECTED]
Date: 29 March 2007 2:16:31 PM
To: OpenBSD-Misc misc@openbsd.org
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote
Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
You then have an AP with many more capabilities than any
linksys/netgear/whatever AP.
This would be great. However, I've yet to find an IPsec client
mail-lists([EMAIL PROTECTED])@Fri, Mar 30, 2007 at 07:41:35AM -0500:
Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
You then have an AP with many more capabilities than any
linksys/netgear/whatever
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
mail-lists wrote:
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
You are not mistaken. Openvpn uses SSL over regular IP packets with its
own server/client setup on a dedicated port (1194). IPSec is a different
protocol (proto esp rather than tcp or udp). We moved from an
On 3/30/07, mail-lists [EMAIL PROTECTED] wrote:
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
Depends on what you mean by equal to - OpenVPN makes use of SSL/TLS
rather than the transport protocols IPsec employs, but they are of
similar equivalence in terms of security.
On 30-Mar-07, at 7:03 AM, Sunnz wrote:
You mean you can choose an unlimited set of characters as the key??
What I meant was that you're only choosing from [a-f0-9] when you
could use characters from the whole alphabet, upper and lowercase as
well as punctuation. I can't claim to
But would any hacker actually try to brute force it by 16 character of
from length 1 to length 40? Maybe I only used 16 possible characters
instead of 60, but it is a really long key.
And I suppose the the hash could be converted to 36 characters
[a-z0-9] if I am really paranoid?
2007/3/30,
On Fri, 30 Mar 2007 07:41:35 -0500, mail-lists wrote
Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
You then have an AP with many more capabilities than any
linksys/netgear/whatever AP.
This
On Thu, 29 Mar 2007 22:12:35 +0200 (CEST), Siegbert Marschall wrote
Well,
I'd be more scared of the hacker that can bypass wep,
than the average joe without wep.
The hacker knows how to exploit your wep-decrypted network traffic,
the average joe doesn't even if it were plain-text
Darren Spruell wrote:
On 3/30/07, mail-lists [EMAIL PROTECTED] wrote:
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
Depends on what you mean by equal to - OpenVPN makes use of SSL/TLS
rather than the transport protocols IPsec employs, but they are of
similar equivalence in
On Fri, 30 Mar 2007 08:45:44 -0500, mail-lists wrote
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
good enough to accomplish the job securely. Better than ipsec if you have no
control of the network you are on, i.e. you are a mobile user who happens to
be on a wireless
On 30-Mar-07, at 10:58 AM, Sunnz wrote:
But would any hacker actually try to brute force it by 16 character of
from length 1 to length 40? Maybe I only used 16 possible characters
instead of 60, but it is a really long key.
$ bc
16^40
1461501637330902918203684832716283019655932542976
60^30
Actually...
16^40
1461501637330902918203684832716283019655932542976
60^27
1023490369077469249536000
Most advice I get from people are 8 characters or more... this is
stronger than 27 alphanumeric characters.
Yea, end of discussion...
Let's talk about VPN!!! :D
So both
I am curious about this too, so if anyone got the link it would be
great to post it, thanks.
So VPN is the way to go if you really want to secure your wireless network?
2007/3/29, Nick ! [EMAIL PROTECTED]:
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
IMHO you
Sunnz wrote:
So VPN is the way to go if you really want to secure your wireless network?
VPN only secures traffic to and from the gateway, not *among* machines
connected to the AP. If your AP is OpenBSD then VPN would work but most
off-the-shelf AP's cant act as VPN endpoints and for those
Then is it possible/practical to connect to a VPN machine on your LAN
and use the VPN's machines connection?
For a simplistic example, say I've got a wireless router gateway, with
a cable connected OpenBSD server, and I connect to the server 's VPN
via the router wirelessly from my laptop.
On 2007/03/29 21:44, Sunnz wrote:
I am curious about this too, so if anyone got the link it would be
great to post it, thanks.
So VPN is the way to go if you really want to secure your wireless network?
VPN is good at adding privacy and authentication protection to
transmitted data. I'm not
:
-- Forwarded message --
From: Jon Radel [EMAIL PROTECTED]
Date: Mar 29, 2007 1:17 AM
Subject: Re: Long WEP key
To: Nick ! [EMAIL PROTECTED]
Nick ! wrote:
Theo has claimed somewhere that I can never find the link to
http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but
I
it, thanks.
Here you go:
-- Forwarded message --
From: Jon Radel [EMAIL PROTECTED]
Date: Mar 29, 2007 1:17 AM
Subject: Re: Long WEP key
To: Nick ! [EMAIL PROTECTED]
Nick ! wrote:
Theo has claimed somewhere that I can never find the link to
http://www.tjrforum.com/archive/index.php
I'd be more scared of the hacker that can bypass wep,
than the average joe without wep.
The hacker knows how to exploit your wep-decrypted network traffic,
the average joe doesn't even if it were plain-text data.
On 29-Mar-07, at 9:59 AM, Nick ! wrote:
Nick ! wrote:
Theo has claimed somewhere that I can never find the link to
http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote
but
I can't find the original source.
I'd like to hear an actual developer position on that statement.
Well,
I'd be more scared of the hacker that can bypass wep,
than the average joe without wep.
The hacker knows how to exploit your wep-decrypted network traffic,
the average joe doesn't even if it were plain-text data.
it's not always about sniffing something, sometimes it's about
access
Hi,
I'd like to hear an actual developer position on that statement. I
read it as a criticism of the way WPA is used more than of the
protocol itself. As in, it's of little value to encrypt the traffic
if you allow anybody to access it. If Theo was saying that it sucks
even when you're
On Thu, Mar 29, 2007 at 10:22:36PM +1000, Sunnz wrote:
Then is it possible/practical to connect to a VPN machine on your LAN
and use the VPN's machines connection?
For a simplistic example, say I've got a wireless router gateway, with
a cable connected OpenBSD server, and I connect to the
From: Nick ! [EMAIL PROTECTED]
Date: 29 March 2007 2:16:31 PM
To: OpenBSD-Misc misc@openbsd.org
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based
* Siegbert Marschall [EMAIL PROTECTED] [2007-03-29 22:13]:
If somebody does something bad with my unencrypted access-point
using my internet-access, here in germany I am liable.
no, you're not. it's not that easy. (and I just leave mine wide open)
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL
Right. As long as we understand that it sucks, it's OK to use? I know
when I think about securing my data I'm interested in keeping only the
average joes out.
I don't know about you, but I use wireless security as an extra layer.
It might suck, but it keeps the next door neighbour's laptop
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based encryption? Do you mean WPA?
And to answer the original question: because OpenBSD doesn't support
that file on all my computers... should be random and
long enough?
2007/3/30, Damon McMahon [EMAIL PROTECTED]:
From: Nick ! [EMAIL PROTECTED]
Date: 29 March 2007 2:16:31 PM
To: OpenBSD-Misc misc@openbsd.org
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE
Jeremy Huiskamp wrote:
I'd like to hear an actual developer position on that statement.
Check the archives for Reyk's comments on WPA. It will be in OpenBSD one
day because, secure or not, it is gaining traction and is/will be
required by many AP's (especially enterprise AP's).
---
Lars
To: OpenBSD-Misc misc@openbsd.org
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-
based
encryption...
WAP-based encryption? Do you mean WPA?
And to answer the original question
On Fri, Mar 30, 2007 at 01:03:32AM +0200, Henning Brauer wrote:
* Siegbert Marschall [EMAIL PROTECTED] [2007-03-29 22:13]:
If somebody does something bad with my unencrypted access-point
using my internet-access, here in germany I am liable.
no, you're not. it's not that easy. (and I just
On Fri, Mar 30, 2007 at 10:51:23AM +0800, Lars Hansson wrote:
Jeremy Huiskamp wrote:
I'd like to hear an actual developer position on that statement.
Check the archives for Reyk's comments on WPA. It will be in OpenBSD one
day because, secure or not, it is gaining traction and is/will be
no, you're not. it's not that easy. (and I just leave mine
wide open)
As far as I know, if you leave it open you're not liable because
you cannot prove who would have strolled by. If you put any
sort of security at all to prevent outsiders it can be reasonably
assumed that you were the person
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey my key
But when I restart the net I see this message:
sudo sh /etc/netstart
ifconfig: strings too long
DHCPDISCOVER on wi0 to 255.255.255.255 port 67
On 3/28/07, Rafael Morales [EMAIL PROTECTED] wrote:
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey my key
But when I restart the net I see this message:
sudo sh /etc/netstart
ifconfig: strings too long
On 2007/03/28 09:32, Rafael Morales wrote:
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
see the nwkey description in ifconfig(8) or wi(4),
your key is too long
dhcp NONE NONE NONE nwkey my key
Nick ! wrote:
On 3/28/07, Rafael Morales [EMAIL PROTECTED] wrote:
[..]
Your symptons are pretty obviously the result of the key being set
wrong, as you guessed. I don't know what it might be. Try reading the
/etc/netstart script. By pen and paper, trace the values of variables.
In case you
On 3/28/07, Rafael Morales [EMAIL PROTECTED] wrote:
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey my key
Rafael,
I've received this error when I've tried to set a hexadecimal WEP key
without the leading 0x. Example:
DEADBEEF... rest of key
vs
0xDEADBEEF... rest of key
Try that
On Wed, Mar 28, 2007 at 09:32:44AM -0500, Rafael Morales wrote:
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey my key
But when I restart the net I see this message:
sudo sh /etc/netstart
Yes, you are right, I only add the 0x before the key.
Thanks and Regards
--- Gordon Stratton [EMAIL PROTECTED] escribis:
On 3/28/07, Rafael Morales [EMAIL PROTECTED]
wrote:
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey my key
Rafael,
I've received this error when I've
Hello.
There is a thing that I can't understand : why install and configure a
secure by default OS if you use a WEP-based encryption on your Wi-Fi
network, that anyone can crack in less than an hour ?
IMHO you should think to configure your AP to provide a WAP-based
encryption...
Best regards,
Maxime DERCHE wrote:
There is a thing that I can't understand : why install and configure a
secure by default OS if you use a WEP-based encryption on your Wi-Fi
network, that anyone can crack in less than an hour ?
Because it adds a minimum level of security that unencrypted doesn't?
Sure,
On 3/28/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
There is a thing that I can't understand : why install and configure a
secure by default OS if you use a WEP-based encryption on your Wi-Fi
network, that anyone can crack in less than an hour ?
Because it adds a minimum
Darren Spruell wrote:
Right. As long as we understand that it sucks, it's OK to use?
Care to explain how not using WEP and allowing average joe easy access
to your AP and network is better than running WEP and preventing him?
Maybe it's OK to run telnetd so long as it's on port 10023 too?
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based encryption? Do you mean WPA?
---
Lars Hansson
On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote:
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based encryption? Do you mean WPA?
And to answer the original question: because OpenBSD doesn't support
WPA, and Theo has claimed
On 3/28/07, Lars Hansson [EMAIL PROTECTED] wrote:
Darren Spruell wrote:
Right. As long as we understand that it sucks, it's OK to use?
Care to explain how not using WEP and allowing average joe easy access
to your AP and network is better than running WEP and preventing him?
No, because I'm
On 3/29/07, Darren Spruell [EMAIL PROTECTED] wrote:
On 3/28/07, Lars Hansson [EMAIL PROTECTED] wrote:
Care to explain how not using WEP and allowing average joe easy access
to your AP and network is better than running WEP and preventing him?
No, because I'm not trying to make the point that
58 matches
Mail list logo
