no Wifi encryption but requires VPN login

[Techno Pride]

hi all,

my school's wireless network is totally open, meaning anyone can connect to it. However, the admin requires us to log onto VPN before resources and the Internet can be accessed. Is this a safe practice?

Since unauthorized users can connect to the network, will they be able to access my shared folders if I'm connected to both the network and through VPN?

many thanks.

 

[nightowl]

Yes, this connection is fully encrypted once you establish a VPN connection. Unauthorized users will most likely not be able to access your system once you establish the VPN connection because all traffic should be forced into the VPN tunnel. Also, the VPN client may have a statefull firewall as part of the client functionality.

The bottom line is that you will be fine using the VPN connection and your school is using this as a authentication/encryption method because it is easier to support than trying to have students set up an 802.1x EAP connection over wireless, if their wireless client even supports it.

 

[Techno Pride]

thanks nightowl.

I was confused because the school has setup 2 SSIDs: one which is open, and the other which uses WPA2-Enteprise (PEAP). In both networks, we've to tunnel through VPN anyway.

Isn't the other WLAN with WPA2 sorta redundant?

 

[spidey07]

They probably run both for migration purposes. Not all clients support WPA2. So until every client supports it they have to run the "legacy" ssid.

 

[HannibalX]

What client? If the client allows split tunneling like MSVPN then YES you will be vulnerable. If you have a truly secure client like Cisco VPN then you will be ok.