The actual Access Point SHOULD work exactly like a standard ethernet bridge/hub, so it should pass through the IPSec without issue. My suggestion was more in the nature of "here's how you get it up quickly if you can't locate the information you're looking for."
It's infinitely better to do it right the first time, but when you're in a time crunch with folks who don't understand why you have to jump through hoops, life gets a bit more difficult. :)
Sean E. Covel wrote:
George,
My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft "embraced and extended" when they wrote "their" implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road.
I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important.
Sean
On Thu, 2003-12-18 at 12:19, George Metz wrote:
The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want.
As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects.
Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.)
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
