Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-19 Thread George Metz 
Yeah, I know. I was more replying to someone else saying that WEP was 
enough. It's clearly not.

The actual Access Point SHOULD work exactly like a standard ethernet 
bridge/hub, so it should pass through the IPSec without issue. My 
suggestion was more in the nature of here's how you get it up quickly 
if you can't locate the information you're looking for.

It's infinitely better to do it right the first time, but when you're in 
a time crunch with folks who don't understand why you have to jump 
through hoops, life gets a bit more difficult. :)

Sean E. Covel wrote:
George,

My original message included IPSEC.  I guess my biggest concern is: Can
IPSEC from a windows machine pass through the WAP and end at the Bering
box.  This would require a few things:  The WAP passing IPSEC.  The MS
Box using IPSEC.  Bering able to understand whatever it is that
Microsoft embraced and extended when they wrote their implementation
of IPSEC.  I was hoping someone had done this and would point out all
the potholes in the road.
I read in detail about the WEP flaws.  15 min. to break RC4 encryption
because their implementation is so flawed, and no infrastructure to
change keys when they have been compromised.  That's why IPSEC is so
important.
Sean

On Thu, 2003-12-18 at 12:19, George Metz wrote:

The problem with this approach is that WEP, the security protocol that 
most Wireless points use, is fairly weak and relatively easily broken. 
If you want to ensure that only authorized users can get in, you kind of 
want to use both WEP (Wired Equivalent Protocol, even though it's not... 
:) ) and something like IPSec for authenticated access to the WAN. 
Otherwise, someone who really wants to can eventually sniff and break 
the encryption, and use your pipe for anything they want.

As a note, if the intended home environment happens to have metal siding 
of any type, this can REALLY kill your ability to use WiFi out in your 
yard. On the other hand, it makes it really difficult for someone to 
pick up your WiFi signal from across the street, as well. Old wiring and 
proximity to a microwave transmission tower can also have all sorts of 
interesting effects.

Remember, if you want to get it set up quick and dirty, set up the DMZ, 
don't worry about the IPSec for now and just go with the built-in 
encryption, and just get her online with a strong caution that anyone 
can drive down the street with a laptop and pick up anything she sends 
across it, so don't send credit cards or other financial data over the 
line. Then, when you've got time, go back and research, then implement 
the IPSec tunnel. WEP should be enough to fend off the simply curious 
for the time being, though turning off the WAP when she's not going to 
be using it might not be a bad idea. (Trips, busy weeks at work, etc.)



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-19 Thread Mike Noyes 
On Fri, 2003-12-19 at 09:24, George Metz wrote:
 Yeah, I know. I was more replying to someone else saying that WEP was 
 enough. It's clearly not.

George,
Is NoCatAuth/NoCatSplash an acceptable solution to wireless security?

NoCat
http://nocat.net/

BTW, do we have a package for this yet?

It looks like it's popular with the people running FreeNetworks.

http://freenetworks.org/

-- 
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-19 Thread Mike Noyes 
On Fri, 2003-12-19 at 10:16, Mike Noyes wrote:
 On Fri, 2003-12-19 at 09:24, George Metz wrote:
  Yeah, I know. I was more replying to someone else saying that WEP was 
  enough. It's clearly not.
 
 George,
 Is NoCatAuth/NoCatSplash an acceptable solution to wireless security?
 
 NoCat
 http://nocat.net/
 
 BTW, do we have a package for this yet?

Additional link:

NoCatSplash
http://nocat.net/wiki/index.cgi?NoCatSplash

-- 
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-19 Thread George Metz 
Mike,

Not really. Actually, I'd PROBABLY consider using that as an additional 
step, except that IIRC IPSec will handle all the auth. All this is 
really doing is preventing unauthorized users from using your net 
connection, whereas IPSec is actually establishing a tunnel, allowing 
you to send all of your data between the LEAF box and the client in an 
encrypted form.

The real difference is that NoCat is designed to allow folks to login 
and use the hotspot - making it great for a community project where you 
only want to charge a small upkeep fee or only let community residents 
access it (like, say, wireless for an apartment complex). You're still 
going to be sending all of your data in the clear or only using WEP 
encryption though. Which means that anyone with a little free time on 
their hands and a few handy tools is going to be able to pick up 
everything you're sending to the WAP in the first place.

George

Mike Noyes wrote:

On Fri, 2003-12-19 at 10:16, Mike Noyes wrote:

On Fri, 2003-12-19 at 09:24, George Metz wrote:

Yeah, I know. I was more replying to someone else saying that WEP was 
enough. It's clearly not.
George,
Is NoCatAuth/NoCatSplash an acceptable solution to wireless security?
   NoCat
   http://nocat.net/
   
   BTW, do we have a package for this yet?


Additional link:

NoCatSplash
http://nocat.net/wiki/index.cgi?NoCatSplash




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-19 Thread Mike Noyes 
On Fri, 2003-12-19 at 12:26, George Metz wrote:
 Not really. Actually, I'd PROBABLY consider using that as an additional 
 step, except that IIRC IPSec will handle all the auth. All this is 
 really doing is preventing unauthorized users from using your net 
 connection, whereas IPSec is actually establishing a tunnel, allowing 
 you to send all of your data between the LEAF box and the client in an 
 encrypted form.

George,
Thanks for the clarification. It appears that people using NoCat are
also using IPSec.

See last FAQ:
http://nocat.net/wiki/index.cgi?FAQPages

-- 
Mike Noyes mhnoyes at users.sourceforge.net
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread George Metz 
The problem with this approach is that WEP, the security protocol that 
most Wireless points use, is fairly weak and relatively easily broken. 
If you want to ensure that only authorized users can get in, you kind of 
want to use both WEP (Wired Equivalent Protocol, even though it's not... 
:) ) and something like IPSec for authenticated access to the WAN. 
Otherwise, someone who really wants to can eventually sniff and break 
the encryption, and use your pipe for anything they want.

As a note, if the intended home environment happens to have metal siding 
of any type, this can REALLY kill your ability to use WiFi out in your 
yard. On the other hand, it makes it really difficult for someone to 
pick up your WiFi signal from across the street, as well. Old wiring and 
proximity to a microwave transmission tower can also have all sorts of 
interesting effects.

Remember, if you want to get it set up quick and dirty, set up the DMZ, 
don't worry about the IPSec for now and just go with the built-in 
encryption, and just get her online with a strong caution that anyone 
can drive down the street with a laptop and pick up anything she sends 
across it, so don't send credit cards or other financial data over the 
line. Then, when you've got time, go back and research, then implement 
the IPSec tunnel. WEP should be enough to fend off the simply curious 
for the time being, though turning off the WAP when she's not going to 
be using it might not be a bad idea. (Trips, busy weeks at work, etc.)

George

[EMAIL PROTECTED] wrote:
I have done something similar but not using a DMZ.   I simply added a second
Private network for the WiFi network using a normal NIC and a Separate
Wireless Access Point.   Simply don't add any rules that will allow the two
networks to interact into your shorewall rules and you have 2 independent,
isolated internal networks both of which have internet access through your
firewall.   The WiFi equipment we used had the capability to encrypt it's
own communications which we implemented to ensure that other laptops could
not be connected to the wireless network and use our satellite connection
without permission.   All of our gear was from Alloy.
Andrew Gray

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel
Sent: Tuesday, 16 Dec 2003 06:19
To: [EMAIL PROTECTED]
Cc: Leaf User List
Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Julian,

On Mon, 2003-12-15 at 11:32, Julian Church wrote:

Hi Sean

On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED]
wrote:

Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.
Strange!

That's exactly what I'm planning at home, except there are two laptops,
both running Mac OS X (which has an IPSEC client built in.
As far as I've determined by searching the internet, as long as your
access point is set up as a transparent bridge, the IPSEC traffic will
pass straight through.
cheers

Julian




Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?  I was hoping to learn from someone else's mistakes ;-).
Don't want to be the trailblazer on this one.  It just sounds too easy.
Anyone actually done it?  Even with 802.11a/b/g?


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
__ NOD32 1.579 (20031215) Information __

This message was checked by NOD32 antivirus system.
http://www.nod32.com


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread Sean E. Covel 
George,

My original message included IPSEC.  I guess my biggest concern is: Can
IPSEC from a windows machine pass through the WAP and end at the Bering
box.  This would require a few things:  The WAP passing IPSEC.  The MS
Box using IPSEC.  Bering able to understand whatever it is that
Microsoft embraced and extended when they wrote their implementation
of IPSEC.  I was hoping someone had done this and would point out all
the potholes in the road.

I read in detail about the WEP flaws.  15 min. to break RC4 encryption
because their implementation is so flawed, and no infrastructure to
change keys when they have been compromised.  That's why IPSEC is so
important.

Sean

On Thu, 2003-12-18 at 12:19, George Metz wrote:
 The problem with this approach is that WEP, the security protocol that 
 most Wireless points use, is fairly weak and relatively easily broken. 
 If you want to ensure that only authorized users can get in, you kind of 
 want to use both WEP (Wired Equivalent Protocol, even though it's not... 
 :) ) and something like IPSec for authenticated access to the WAN. 
 Otherwise, someone who really wants to can eventually sniff and break 
 the encryption, and use your pipe for anything they want.
 
 As a note, if the intended home environment happens to have metal siding 
 of any type, this can REALLY kill your ability to use WiFi out in your 
 yard. On the other hand, it makes it really difficult for someone to 
 pick up your WiFi signal from across the street, as well. Old wiring and 
 proximity to a microwave transmission tower can also have all sorts of 
 interesting effects.
 
 Remember, if you want to get it set up quick and dirty, set up the DMZ, 
 don't worry about the IPSec for now and just go with the built-in 
 encryption, and just get her online with a strong caution that anyone 
 can drive down the street with a laptop and pick up anything she sends 
 across it, so don't send credit cards or other financial data over the 
 line. Then, when you've got time, go back and research, then implement 
 the IPSec tunnel. WEP should be enough to fend off the simply curious 
 for the time being, though turning off the WAP when she's not going to 
 be using it might not be a bad idea. (Trips, busy weeks at work, etc.)
 
 George
 
 [EMAIL PROTECTED] wrote:
  I have done something similar but not using a DMZ.   I simply added a second
  Private network for the WiFi network using a normal NIC and a Separate
  Wireless Access Point.   Simply don't add any rules that will allow the two
  networks to interact into your shorewall rules and you have 2 independent,
  isolated internal networks both of which have internet access through your
  firewall.   The WiFi equipment we used had the capability to encrypt it's
  own communications which we implemented to ensure that other laptops could
  not be connected to the wireless network and use our satellite connection
  without permission.   All of our gear was from Alloy.
  
  Andrew Gray
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel
  Sent: Tuesday, 16 Dec 2003 06:19
  To: [EMAIL PROTECTED]
  Cc: Leaf User List
  Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
  
  
  Julian,
  
  On Mon, 2003-12-15 at 11:32, Julian Church wrote:
  
 Hi Sean
 
 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED]
 wrote:
 
 
 Here is what I am proposing to do:
 
 Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
 
 The question is, of course, how to secure the WIFI and Laptop.  I was
 hoping that the Laptop could establish an IPSEC connection through the
 WAP to Bering.
 
 Strange!
 
 That's exactly what I'm planning at home, except there are two laptops,
 both running Mac OS X (which has an IPSEC client built in.
 
 As far as I've determined by searching the internet, as long as your
 access point is set up as a transparent bridge, the IPSEC traffic will
 pass straight through.
 
 cheers
 
 Julian
 
 
  
  
  Since this needs to be up-and-running quickly, and I'm doing it in my
  spare time, I wanted to go the path of least resistance.  How soon till
  you implement?  I was hoping to learn from someone else's mistakes ;-).
  Don't want to be the trailblazer on this one.  It just sounds too easy.
  Anyone actually done it?  Even with 802.11a/b/g?
  
  
  
  
  ---
  This SF.net email is sponsored by: IBM Linux Tutorials.
  Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
  Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
  Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
  
  leaf-user mailing list: [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ: http://leaf-project.org

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread Christopher Harewood 
Sean: 

I have a very similar setup to the one you propose.  The only difference 
is that my internet is delivered via dialup instead of cable modem.  Other 
than that (and that's a fairly small distinction), I've managed to get it 
up and running (with a goodish amount of help from the other list 
members).  My laptop connection is IPsec encrypted through the WAP to the 
Bering box.  It can communicate with other PCs on my lan (Win2K and Win98se) as 
well as surf the net.  Without the IPsec auth, you can't even ping the box.  
Which is about the way I wanted it.  If you search this list with my name, 
you'll see how I started, faltered, and ultimately succeeded.  Any 
questions, just yell.  

I have one minor bug (can't see Bering weblet from laptop), but I'm sure 
I'll lick it in time.  An unrelated hardware problem made me RMA my 
laptop.  Once it's back, I'll give you specifics, if you desire.  

:Max



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread Sean 
The list comes through!  As usual!

Thanks guys.  Gotta go order some hardware...

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Christopher Harewood
 Sent: Thursday, December 18, 2003 6:48 PM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
 
 
 Sean: 
 
 I have a very similar setup to the one you propose.  The only 
 difference 
 is that my internet is delivered via dialup instead of cable 
 modem.  Other 
 than that (and that's a fairly small distinction), I've 
 managed to get it 
 up and running (with a goodish amount of help from the other list 
 members).  My laptop connection is IPsec encrypted through 
 the WAP to the 
 Bering box.  It can communicate with other PCs on my lan 
 (Win2K and Win98se) as 
 well as surf the net.  Without the IPsec auth, you can't even 
 ping the box.  
 Which is about the way I wanted it.  If you search this list 
 with my name, 
 you'll see how I started, faltered, and ultimately succeeded.  Any 
 questions, just yell.  
 
 I have one minor bug (can't see Bering weblet from laptop), 
 but I'm sure 
 I'll lick it in time.  An unrelated hardware problem made me RMA my 
 laptop.  Once it's back, I'll give you specifics, if you desire.  
 
 :Max
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign 
 up for IBM's Free Linux Tutorials.  Learn everything from the 
 bash shell to sys admin. Click now! 
 http://ads.osdn.com/?ad_id=1278alloc_id=3371 op=click
 
 
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED] 
 https://lists.sourceforge.net/lists/listinfo/l eaf-user
 SR 
 FAQ: 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-16 Thread Julian Church 
Hi Sean

On Mon, 15 Dec 2003 15:18:55 -0500, Sean E. Covel [EMAIL PROTECTED] 
wrote:

Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?
I was hoping to do it sometime over the Christmas holiday, but there seems 
to be a shortage of Airport Extreme cards (ie Apple's branded 802.11g 
cards) in the UK at the moment so I'm a bit stuck for now.

I was hoping to learn from someone else's mistakes ;-).
Don't want to be the trailblazer on this one.  It just sounds too easy.
Anyone actually done it?  Even with 802.11a/b/g?
I'll certainly get in touch if I get anywhere.

Regards

Julian

--
[EMAIL PROTECTED]
www.ljchurch.co.uk
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-16 Thread aggray 
I have done something similar but not using a DMZ.   I simply added a second
Private network for the WiFi network using a normal NIC and a Separate
Wireless Access Point.   Simply don't add any rules that will allow the two
networks to interact into your shorewall rules and you have 2 independent,
isolated internal networks both of which have internet access through your
firewall.   The WiFi equipment we used had the capability to encrypt it's
own communications which we implemented to ensure that other laptops could
not be connected to the wireless network and use our satellite connection
without permission.   All of our gear was from Alloy.

Andrew Gray

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel
Sent: Tuesday, 16 Dec 2003 06:19
To: [EMAIL PROTECTED]
Cc: Leaf User List
Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???


Julian,

On Mon, 2003-12-15 at 11:32, Julian Church wrote:
 Hi Sean

 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED]
 wrote:

  Here is what I am proposing to do:
 
  Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
  |
  --- DMZ -- WAP -- Laptop (Windows XP)
 
  The question is, of course, how to secure the WIFI and Laptop.  I was
  hoping that the Laptop could establish an IPSEC connection through the
  WAP to Bering.

 Strange!

 That's exactly what I'm planning at home, except there are two laptops,
 both running Mac OS X (which has an IPSEC client built in.

 As far as I've determined by searching the internet, as long as your
 access point is set up as a transparent bridge, the IPSEC traffic will
 pass straight through.

 cheers

 Julian



Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?  I was hoping to learn from someone else's mistakes ;-).
Don't want to be the trailblazer on this one.  It just sounds too easy.
Anyone actually done it?  Even with 802.11a/b/g?




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


__ NOD32 1.579 (20031215) Information __

This message was checked by NOD32 antivirus system.
http://www.nod32.com




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Erich Titl 
Sean

At 10:02 15.12.2003 -0500, Sean E. Covel wrote:
Please stop me before I go running off down the wrong road!!!

Here's the situation:  My sister-in-law is dying to get herself a laptop
and WIFI.  They already have a cable modem and a virus-laden P2P, chat,
teenager PC in the house.  They have no firewall currently.  She can
never get on the PC, so she wants a laptop she can use anywhere.
Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.  Only IPSEC connections would be allowed in the DMZ.  I'm
recommending she go with 802.11g so there is enough bandwidth left after
IPSEC to do some useful work.
Does this make any sense?  Has anybody done it?  Can a WAP passthrough
IPSEC?
I looked into adding a WIFI card to Bering but 802.11g cards are not
well supported, AND I don't want to become full-time tech support for
this configuration.
You can easily use 802.11b, which is currently supported (and cheap), 
unless you need high speed access to something on your local LAN.
I am running an encrypted tunnel between 2 WLAN connected sites on derelict 
Pentium hardware and I am saturating easily the WAN uplink.
Even with 802.11g, a bad radio link does not give you good speed, so you 
best check out the site. Good propagation conditions is the keywword here, 
which partially translates to good antennas/cabling. For Windoze IPSEC set 
up you can look up the freeswan users mailing list (unfortunately down at 
the time being :-(  )

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Julian Church 
Hi Sean

On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] 
wrote:

Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.
Strange!

That's exactly what I'm planning at home, except there are two laptops, 
both running Mac OS X (which has an IPSEC client built in.

As far as I've determined by searching the internet, as long as your 
access point is set up as a transparent bridge, the IPSEC traffic will 
pass straight through.

cheers

Julian

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Sean E. Covel 
Julian,

On Mon, 2003-12-15 at 11:32, Julian Church wrote:
 Hi Sean
 
 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] 
 wrote:
 
  Here is what I am proposing to do:
 
  Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
  |
  --- DMZ -- WAP -- Laptop (Windows XP)
 
  The question is, of course, how to secure the WIFI and Laptop.  I was
  hoping that the Laptop could establish an IPSEC connection through the
  WAP to Bering.
 
 Strange!
 
 That's exactly what I'm planning at home, except there are two laptops, 
 both running Mac OS X (which has an IPSEC client built in.
 
 As far as I've determined by searching the internet, as long as your 
 access point is set up as a transparent bridge, the IPSEC traffic will 
 pass straight through.
 
 cheers
 
 Julian
 
 

Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?  I was hoping to learn from someone else's mistakes ;-). 
Don't want to be the trailblazer on this one.  It just sounds too easy. 
Anyone actually done it?  Even with 802.11a/b/g?




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html