I am no expert Alan, but it seems to me nothing in the VPN sections of your
diagram traverses the internet or is outside the firewall between your LAN
and the internet. IOW, it seems to me that it is all within your local
network(s). What am I missing? Or are you simply wanting to secure the
wireless communications within your LAn(s)?
Or are you trying to VPn from a wireless client within your LAN to some box
out on the internet? In that case, isn't the VPN service out on the network
that hosts that remote box? My understanding of the VPN support in the
router (Linksys or openWRT) is to permit a VPN connection from out on the
internet to reach on of the machines on your LAN and behind the router. Or
am I completely missing this?
On 1/25/07, Alan Dayley <
alandd@consultpros.com> wrote:
>
> > I'm pretty sure this is completely possible but I have not yet set it
> up. I am looking for confirmation and any tips prior to committing to
> the solution.
>
> I wish to create secure wireless access on the internal network. Secure
> in this case means:
>
> - - All data between the wireless clients and the access point is
> encrypted.
> - - Authentication of the wireless client is required, meaning if the
> client does not have the right credentials, they cannot connect.
>
> Here is my current plan. Please shoot holes or add to the defenses as
> you see fit:
>
> Internet
> |
> |
> Firewall
> |
> |
> Switch
> | \----wired workstations and servers....
> |
> WRT54GL running OpenWRT (or similar)
> |
> VPN running in the WRT54GL
> ||
> Wireless AP
> ||
> || (VPN connection)
> ||
> Wireless client (Windows or Linux)
> ||
> ||
> VPN client running in wireless client
>
> Comments and Questions about the above:
>
> 1. Running the VPN in the access point seems the least likely to
> complicate or disturb the wired network.
>
> 2. What firmware distribution is best for running a VPN (ipsec or other)
> in the wireless router?
>
> 3. What client VPN software, especially for the Windows users, is
> recommended? OpenVPN (http://openvpn.se/) looks good but needs to work
> with whatever VPN server is in the access point.
>
> 4. Any other tips?
>
> Alan
>
>
> > ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Be who you are and say what you feel, because those who mind don't matter
and those who matter don't mind. - Dr. Seuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)