Alan Dayley wrote:
[big snip]
> Comments and Questions about the above:
> 
> 1. Running the VPN in the access point seems the least likely to
> complicate or disturb the wired network.

I agree.  I had this exact scenario setup for awhile with OpenVPN *but*
with a Linux 'server' rather than a WRT.  However, I've got a WRT54g and
I'm in middle-planning stage of setting that up just as you describe.

> 2. What firmware distribution is best for running a VPN (ipsec or other)
> in the wireless router?

It used to be all about OpenWRT but lately, all the buzz seems to be
around DD-WRT.  I see article after article about setting up this and
that with DD-WRT but only rarely do you see such articles for other
firmware upgrades.

I think this is because DD-WRT ships with so much by default (including
OpenVPN) and has some nice web screens for configuring quite a bit of it.

> 3. What client VPN software, especially for the Windows users, is
> recommended?  OpenVPN (http://openvpn.se/) looks good but needs to work
> with whatever VPN server is in the access point.

Yeah, definitely OpenVPN.  Simple (relatively speaking) to setup, comes
with DD-WRT, and has clients for everything under the sun.

> 4. Any other tips?

Have you done performance testing with a simple peer-to-peer OpenVPN
setup over wireless and are you satisfied with the performance?  I ask
because when I first set things up before, I wanted it configured so
that the *only* way you could get on the wireless network is through
OpenVPN.  That is, no easily crackable WEP or WPA connections.  What I
found, though, was that the added encryption layer over wireless, unless
the signal strength was top-notch, was actually pretty noticeable.  I
eventually turned if off for "normal" laptop use (email, web browsing,
etc) since anything I care about in that realm is already encrypted at a
client layer.  I still have it for those cases where it's a pain to
tunnel protocols through stunnel or ssh (like AppleShare or RDP).

Kurt

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss