• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How to impliment IPSec over 802.11

B

Buddha Bart

Diamond Member
Well I've heard all about how WEP just doesnt hack it, but I still want to setup a wireless network in my house.

Now what little i've heard/read about IPSec seems to indicate that it would be the way to go, but I have no idea how to actually impliment it.

How do i set it up on the server side (I use a linux machine as my internet gateway)?

How do i set it up on the client side?

bart
 
WEP is just mainly for data going from your wireless device to the AP....not over the net....

Now if you are referring to IPSec...that is the security policies over the net to authenticate the caonnection (ie VPN)...IPSec and WEP are to different things.....

 
Right but for my needs they'd serve the same purpose. I need to encrypt my traffic so that no one can drive by and read it. The guy who wrote kismit, www.kismetwireless.net, lives about a quarter mile from my house, and he hates me. There's no question my network will be sniffed. Frequently.

I was hoping that I could run IPSec on top of WEP, so that even when he cracks WEP, he still gets nothing, because everythign is encrypted.

bart
 
Just set up a VPN server (Windows 2000 or Linux) and connect your AP to it. Your 802.11 will establish the link and your authentication to the VPN server will ensure your data will be HIGHLY encrypted. 😉
 
Originally posted by: Buddha Bart
Right but for my needs they'd serve the same purpose. I need to encrypt my traffic so that no one can drive by and read it. The guy who wrote kismit, www.kismetwireless.net, lives about a quarter mile from my house, and he hates me. There's no question my network will be sniffed. Frequently.

I was hoping that I could run IPSec on top of WEP, so that even when he cracks WEP, he still gets nothing, because everythign is encrypted.

bart
Click to expand...

How did you manage to piss him off? 😛

I think one of the VPN setups for Linux is FreeS/WAN, but I dont use linux so Im not positive. Just setup a server for it and everything should be cool. Dont forget freshmeat 😉
 
How did you manage to piss him off?
Click to expand...

He's one of those
long-disgusting-hair / black-pants black-shirts / overweight / i've-been-using-linux-since-i-was-a-fetus / 26-year-old-virgin / everyone-in-the-world-is-dumb / i-do-it-the-hard-way-because-i'm-hardcore / my-answer-to-everything-is-"NO!! INSECURE!!"
people.

So when I replaced him at his old job (he got moved to another department) I managed to actually do a lot of the things that he'd been shouting "NO!! INSECURE!!" about, and in the proccess semi-inadvertantly made a public ass of him a whole bunch of times.

I think one of the VPN setups for Linux is FreeS/WAN
Click to expand...
Yea a friend of mine just pointed me to that, it looks good. I'm gonna have to take the time tommorow to comb through the whole online documentation. Now to figure out the windows/client side.

bart
 
Originally posted by: Buddha Bart
How did you manage to piss him off?
Click to expand...

He's one of those
long-disgusting-hair / black-pants black-shirts / overweight / i've-been-using-linux-since-i-was-a-fetus / 26-year-old-virgin / everyone-in-the-world-is-dumb / i-do-it-the-hard-way-because-i'm-hardcore / my-answer-to-everything-is-"NO!! INSECURE!!"
people.

So when I replaced him at his old job (he got moved to another department) I managed to actually do a lot of the things that he'd been shouting "NO!! INSECURE!!" about, and in the proccess semi-inadvertantly made a public ass of him a whole bunch of times.
Click to expand...

Ahh, thatll do it.

I think one of the VPN setups for Linux is FreeS/WAN
Click to expand...
Yea a friend of mine just pointed me to that, it looks good. I'm gonna have to take the time tommorow to comb through the whole online documentation. Now to figure out the windows/client side.

bart
Click to expand...

Check freshmeat.net. I saw some config helper tool thingamajigy there for it.
 
Just remember one thing in your research - It really doesn't matter HOW you get from the client to the server, wired or wireless. IPSec works at Layer3+, and 802.11 at layer 1.

A few suggestions..

If you're concerned about him coming onto your network, I'd set things up separately from your main network - IE, put a 2nd NIC in whatever machine will be the IPSec "server", and connect your access point to it. If you can, scrounge up some firewall software for that NIC and tignten it down. That will prevent him from coming onto your network and being able to break things, even ithout snooping.

Also, be sure to put sone kind of security features on your access point - Limit the workstations by MAC, etc. If he can't get on, he might be able to sniff, but can't get an IP to really do anything.

Best of luck!

- G
 
Just set up a VPN server (Windows 2000 or Linux) and connect your AP to it. Your 802.11 will establish the link and your authentication to the VPN server will ensure your data will be HIGHLY encrypted.

Ok, stupid question: can Windows 2000 Pro do this or do you need Server?
 
win2k pro does do ipsec, in both directions (responsd, and request).

you can tell win2k pro to accept incoming connections, via pptp, so it could be VPN server that way. but pptp isn't that secure.

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top