I am no expert Alan, but it seems to me nothing in the VPN sections of your diagram traverses the internet or is outside the firewall between your LAN and the internet.  IOW, it seems to me that it is all within your local network(s).  What am I missing?  Or are you simply wanting to secure the wireless communications within your LAn(s)?
<br><br>Or are you trying to VPn from a wireless client within your LAN to some box out on the internet?&nbsp; In that case, isn&#39;t the VPN service out on the network that hosts that remote box?&nbsp; My understanding of the VPN support in the router (Linksys or openWRT) is to permit a VPN connection from out on the internet to reach on of the machines on your LAN and behind the router.&nbsp; Or am I completely missing this?
<br><br><div><span class="gmail_quote">On 1/25/07, <b class="gmail_sendername">Alan Dayley</b> &lt;<a href="mailto:alandd@consultpros.com">alandd@consultpros.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>I&#39;m pretty sure this is completely possible but I have not yet set it<br>up.&nbsp;&nbsp;I am looking for confirmation and any tips prior to committing to<br>the solution.<br>
<br>I wish to create secure wireless access on the internal network.&nbsp;&nbsp;Secure<br>in this case means:<br><br>- - All data between the wireless clients and the access point is encrypted.<br>- - Authentication of the wireless client is required, meaning if the
<br>client does not have the right credentials, they cannot connect.<br><br>Here is my current plan.&nbsp;&nbsp;Please shoot holes or add to the defenses as<br>you see fit:<br><br>Internet<br> |<br> |<br>Firewall<br> |<br> |<br>Switch
<br> | \----wired workstations and servers....<br> |<br>WRT54GL running OpenWRT (or similar)<br> |<br>VPN running in the WRT54GL<br> ||<br>Wireless AP<br> ||<br> || (VPN connection)<br> ||<br>Wireless client (Windows or Linux)
<br> ||<br> ||<br>VPN client running in wireless client<br><br>Comments and Questions about the above:<br><br>1. Running the VPN in the access point seems the least likely to<br>complicate or disturb the wired network.<br>
<br>2. What firmware distribution is best for running a VPN (ipsec or other)<br>in the wireless router?<br><br>3. What client VPN software, especially for the Windows users, is<br>recommended?&nbsp;&nbsp;OpenVPN (<a href="http://openvpn.se/">
http://openvpn.se/</a>) looks good but needs to work<br>with whatever VPN server is in the access point.<br><br>4. Any other tips?<br><br>Alan<br><br><br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.5 (GNU/Linux)<br>
Comment: Using GnuPG with SUSE - <a href="http://enigmail.mozdev.org">http://enigmail.mozdev.org</a><br><br>iD8DBQFFuUmRDQw/VSQuFZYRAuViAJ4tdhTFsqAchQBZ5yaKusKm++4lFgCfXBPV<br>H2YeQvo6OyNEBqEmujyG/28=<br>=EQap<br>-----END PGP SIGNATURE-----
<br>---------------------------------------------------<br>PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.plug.phoenix.az.us">PLUG-discuss@lists.plug.phoenix.az.us</a><br>To subscribe, unsubscribe, or to change&nbsp;&nbsp;you mail settings:
<br><a href="http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss">http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss</a><br></blockquote></div><br><br clear="all"><br>-- <br>Be who you are and say what you feel, because those who mind don&#39;t matter and those who matter don&#39;t mind.&nbsp;&nbsp;- Dr. Seuss