Karsten Ensinger schrieb am Sonntag, 3. Juni 2007 09:25: Hi all!
> Do you think it is worth to think about another layer of encryption > in addition to the multiple SSIDs? Maybe an OpenVPN serving my > (already WPA secured) "private" SSID stream? Or am I too paranoid? "Just me being paranoid doesn't mean they're not after me." SCNR It's not necessary because WPA provides strong encryption without any known weaknesses - besides weak passwords, of course. I thought of a scenario like this: You use you AP completely unencrypted but forbid any traffic *through* your AP, allowing only OpenVPN connections to it. In OpenVPN you define two different subnets, one for your own network and one for your neighbour's network. You can define routing and packet filter rules on your Asus router to separate both traffic paths. Of course this scenario also works with an encrypted AP but it's not necessary since OpenVPN provides strong encryption. Another possibility is to allow your WLAN traffic (WPA encrypted) to pass through to the internet. It's the "untrusted" traffic (for your neighbour) and has to be separated by VLAN tagging from your LAN. And again you have to use OpenVPN for your own machine. In OpenVPN you can define a trusted network which will be routed to your LAN *and* to the internet. In any case it brings more problems to you than to your neighbour. ;-) Also you will have to use the TUN mode of OpenVPN, not TAP, since TAP devices are (simulated) adapters plugged into a physical network. And your aim is just the opposite: to separate networks. -- bye, Adalbert Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly. _______________________________________________ freewrt-users mailing list freewrt-users@freewrt.org https://www.freewrt.org/lists/listinfo/freewrt-users
