Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. The actual Access Point SHOULD work exactly like a standard ethernet bridge/hub, so it should pass through the IPSec without issue. My suggestion was more in the nature of here's how you get it up quickly if you can't locate the information you're looking for. It's infinitely better to do it right the first time, but when you're in a time crunch with folks who don't understand why you have to jump through hoops, life gets a bit more difficult. :) Sean E. Covel wrote: George, My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft embraced and extended when they wrote their implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road. I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important. Sean On Thu, 2003-12-18 at 12:19, George Metz wrote: The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
On Fri, 2003-12-19 at 09:24, George Metz wrote: Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. George, Is NoCatAuth/NoCatSplash an acceptable solution to wireless security? NoCat http://nocat.net/ BTW, do we have a package for this yet? It looks like it's popular with the people running FreeNetworks. http://freenetworks.org/ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
On Fri, 2003-12-19 at 10:16, Mike Noyes wrote: On Fri, 2003-12-19 at 09:24, George Metz wrote: Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. George, Is NoCatAuth/NoCatSplash an acceptable solution to wireless security? NoCat http://nocat.net/ BTW, do we have a package for this yet? Additional link: NoCatSplash http://nocat.net/wiki/index.cgi?NoCatSplash -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Mike, Not really. Actually, I'd PROBABLY consider using that as an additional step, except that IIRC IPSec will handle all the auth. All this is really doing is preventing unauthorized users from using your net connection, whereas IPSec is actually establishing a tunnel, allowing you to send all of your data between the LEAF box and the client in an encrypted form. The real difference is that NoCat is designed to allow folks to login and use the hotspot - making it great for a community project where you only want to charge a small upkeep fee or only let community residents access it (like, say, wireless for an apartment complex). You're still going to be sending all of your data in the clear or only using WEP encryption though. Which means that anyone with a little free time on their hands and a few handy tools is going to be able to pick up everything you're sending to the WAP in the first place. George Mike Noyes wrote: On Fri, 2003-12-19 at 10:16, Mike Noyes wrote: On Fri, 2003-12-19 at 09:24, George Metz wrote: Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. George, Is NoCatAuth/NoCatSplash an acceptable solution to wireless security? NoCat http://nocat.net/ BTW, do we have a package for this yet? Additional link: NoCatSplash http://nocat.net/wiki/index.cgi?NoCatSplash --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
On Fri, 2003-12-19 at 12:26, George Metz wrote: Not really. Actually, I'd PROBABLY consider using that as an additional step, except that IIRC IPSec will handle all the auth. All this is really doing is preventing unauthorized users from using your net connection, whereas IPSec is actually establishing a tunnel, allowing you to send all of your data between the LEAF box and the client in an encrypted form. George, Thanks for the clarification. It appears that people using NoCat are also using IPSec. See last FAQ: http://nocat.net/wiki/index.cgi?FAQPages -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) George [EMAIL PROTECTED] wrote: I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html __ NOD32 1.579 (20031215) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
George, My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft embraced and extended when they wrote their implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road. I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important. Sean On Thu, 2003-12-18 at 12:19, George Metz wrote: The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) George [EMAIL PROTECTED] wrote: I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Sean: I have a very similar setup to the one you propose. The only difference is that my internet is delivered via dialup instead of cable modem. Other than that (and that's a fairly small distinction), I've managed to get it up and running (with a goodish amount of help from the other list members). My laptop connection is IPsec encrypted through the WAP to the Bering box. It can communicate with other PCs on my lan (Win2K and Win98se) as well as surf the net. Without the IPsec auth, you can't even ping the box. Which is about the way I wanted it. If you search this list with my name, you'll see how I started, faltered, and ultimately succeeded. Any questions, just yell. I have one minor bug (can't see Bering weblet from laptop), but I'm sure I'll lick it in time. An unrelated hardware problem made me RMA my laptop. Once it's back, I'll give you specifics, if you desire. :Max --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
The list comes through! As usual! Thanks guys. Gotta go order some hardware... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Harewood Sent: Thursday, December 18, 2003 6:48 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Sean: I have a very similar setup to the one you propose. The only difference is that my internet is delivered via dialup instead of cable modem. Other than that (and that's a fairly small distinction), I've managed to get it up and running (with a goodish amount of help from the other list members). My laptop connection is IPsec encrypted through the WAP to the Bering box. It can communicate with other PCs on my lan (Win2K and Win98se) as well as surf the net. Without the IPsec auth, you can't even ping the box. Which is about the way I wanted it. If you search this list with my name, you'll see how I started, faltered, and ultimately succeeded. Any questions, just yell. I have one minor bug (can't see Bering weblet from laptop), but I'm sure I'll lick it in time. An unrelated hardware problem made me RMA my laptop. Once it's back, I'll give you specifics, if you desire. :Max --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371 op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l eaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Hi Sean On Mon, 15 Dec 2003 15:18:55 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to do it sometime over the Christmas holiday, but there seems to be a shortage of Airport Extreme cards (ie Apple's branded 802.11g cards) in the UK at the moment so I'm a bit stuck for now. I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? I'll certainly get in touch if I get anywhere. Regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html __ NOD32 1.579 (20031215) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Sean At 10:02 15.12.2003 -0500, Sean E. Covel wrote: Please stop me before I go running off down the wrong road!!! Here's the situation: My sister-in-law is dying to get herself a laptop and WIFI. They already have a cable modem and a virus-laden P2P, chat, teenager PC in the house. They have no firewall currently. She can never get on the PC, so she wants a laptop she can use anywhere. Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Only IPSEC connections would be allowed in the DMZ. I'm recommending she go with 802.11g so there is enough bandwidth left after IPSEC to do some useful work. Does this make any sense? Has anybody done it? Can a WAP passthrough IPSEC? I looked into adding a WIFI card to Bering but 802.11g cards are not well supported, AND I don't want to become full-time tech support for this configuration. You can easily use 802.11b, which is currently supported (and cheap), unless you need high speed access to something on your local LAN. I am running an encrypted tunnel between 2 WLAN connected sites on derelict Pentium hardware and I am saturating easily the WAN uplink. Even with 802.11g, a bad radio link does not give you good speed, so you best check out the site. Good propagation conditions is the keywword here, which partially translates to good antennas/cabling. For Windoze IPSEC set up you can look up the freeswan users mailing list (unfortunately down at the time being :-( ) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html