Once for all: Which WLAN components do you recommend for home and small office use?

ndee

Lifer
Jul 18, 2000
12,680
1
0
I'm wondering. One criteria: It must have good security settings though.

n0cmonkey, you know why ;)

thanks
 
Aug 27, 2002
10,043
2
0
With the exception of federal and military security data and bank data traffic 128-bit WEP encription is more than enough for anybody, if your using our wap as a router it's usually cheaper to get one with a built in hardware firewall, since distance is crucial the only two brands I would ever suggest are:
Linksys- They have long range, I usually see 70-90 meters through walls before losing all connection, and are extremely simple to configure.
Ornico Gold Series- Slightly longer range than the Linksys with a few more security options, dollar for dollar though I almost always go with linksys unless someone specifically requests Ornico.

I don't deal with (Cisco)Aironet anymore, If you can get your hands on the older 100mV equipment before Cisco bought them you'll have the longest reaching wireless equipment available with the same standards used today that they were using 4 years ago. The Cisco products are way overpriced considering what you get. The switch to 136 and 160 bit encription are not worth the extra $100-$150 premium per component.
 

bex0rs

Golden Member
Oct 20, 2000
1,291
0
0
I use a generic access point with wep and all management services disabled attached via a crossover cable to an interface in my freebsd gateway/firewall. I've set up the freebsd box to be an ipsec security gateway which only allows encrypted packets and IKE over the interface the access point is attached to. It does allow (unencrypted) dhcp requests through, but I have set up my dhcp server on the freebsd box to only give out IPs to known mac addresses.

Authentication right now is done via a preshared key, and all traffic between the client and server is required to be encrypted. This keeps unauthenticated clients off my wireless segment (because I know everyone is trying to hax0r me!) and provides excellent security.

On the client side, I use a lucent pcmcia gold card in my laptop running windows XP. Although XP has ipsec support built in, it is pretty much useless for setting up tunnel mode which is what is needed to connect to a network "beyond" the ipsec endpoint (ie. the internet), so I use a 3rd party vpn client: SSH-Sentinel. Once encrypted traffic hits the vpn endpoint after travelling over the wireless connection, it is decrypted and directed to where it needs to go by the freebsd gateway.

And for the curious, more info on the server. FreeBSD 4.7 w/ ipsec and ipfilter compiled into kernel. Has 4 network interfaces (internet segment, 2 wired segments, and wireless segment). Runs ipf/ipnat and racoon -which is able to generate ipsec policies based on client requests - very useful for clients with dynamic IPs.

I never bothered to test throughput before all this, but with the current setup I am able to get about 4 Mbit/sec throughput on the wireless segment with 128 bit rijndael encryption from across the room.

I realize this is very much overkill for a home setup, but I thought it was a good learning experience setting it all up. In terms of cost, I already had all the hardware sitting around, so all that the project used was my time - about half a weekend.

~bex0rs