The best thing to do for wireless now is to use the
'umd-secure' ssid. That will encrypt all your data, as well
as make sure you don't attach to a rogue AP, and the
authentication is a lot cleaner (who want's to pull up a
web browser to authenticate if you only want to check
your imap mail, or do IM, or ...). The VPN was there for
the older wireless network, for users who wanted to make
sure their data was secure. SSL protects most sensitive
data, so the VPN is generally overkill for encryption. The
new wireless network supports WPA/WPA2 on the 'umd-secure'
ssid, which is the way to go if you've got the software/drivers
that will support it.
btw: 'umd-tunnelall' sends all your traffic through the VPN,
'umd' just sends traffic destined to UMD IP addresses through
the VPN [this is known as 'split tunneling']. The 'umd' profile
almost always performs better if you're off campus. If you're
on campus it doesn't really matter. In this case your traffic
destined for off campus will be encrypted while it's on campus,
but when it leaves for the wild, wild internet it's in the clear
and thus fairly vulnerable.
-Karl
OIT/NTS
Mehmet Ergun wrote:
Hi,
I'm new to the list. I'm trying to understand how UMD's VPN works with
wireless connections. In fact, I found about and subscribed to the list
while trying to setup vpnc on Ubuntu (yes, newbie :))).
I have a quick question, I hope you can help: I use an open wireless
access point to connect, and I (now, just started...) use the
"UMD-AllTunnell" (not sure what it is and how it differs from "UMD") vpn
thingy.
Does that mean that it is okay for me now to, say, do shopping online
(giving credit card info etc) thru this unsecured access point?
Also, what is the difference between the "UMD-AllTunnell" and "UMD"
connections?
Thanks for any help in advance,
Mehmet.
