Wireless VPN from WRT54GL?
Kurt Granroth
plug-discuss at granroth.org
Thu Jan 25 20:54:40 MST 2007
Dazed_75 wrote:
> I am no expert Alan, but it seems to me nothing in the VPN sections of
> your diagram traverses the internet or is outside the firewall between
> your LAN and the internet. IOW, it seems to me that it is all within
> your local network(s). What am I missing? Or are you simply wanting to
> secure the wireless communications within your LAn(s)?
There generally are two major reasons to have a VPN network within your
own LAN:
1. Current wireless encryption methods (WEP and WPA) suck and are far
too easily cracked to trust to anything beyond simple web surfing.
2. You may want to lock down who connects to your wireless network in a
cryptographically strong manner.
For the first case, say you are on your laptop connected to your
wireless network and you send an email over standard SMTP. Even if your
network is encrypted with WEP or WPA, all it would take is a dedicated
neighbor to really want to read your email to crack in, set up a
sniffer, and read everything going out over the network.
In the second case, you can already lock down who can connect to your
wireless network in a strong enough fashion to discourage most casual
crackers using things like static DHCP given to specific MAC addresses.
However, if a cracker cares enough, that'll only go so far. If you
disable access to the wireless network unless they have a OpenVPN
certificate, though, then they can try all of their tricks and will
still come up short (short of convincing somebody with a cert to hand it
over to them).
Kurt
More information about the PLUG-discuss
mailing list