Contributed by Dengue on from the howto dept.
"WEP got you down? Me too. I wanted a way to encourage neighbors to use my wireless access point, but I didn't want to leave them hangin' in terms of security. Since I didn't have a Cisco LEAP-capable WAP and several thousand dollars to spend on RADIUS software, I started to think of a different solution. I figured I would just run IPSec on the OpenBSD firewall that is on the backend of my WAP11 and require the neighbors to use IPSec also.However, VPN clients can be a pain to configure for Windows 2000 / XP folks or VPN software for other Windows variants (or Mac OS even) cost $150 or more. I wanted something a bit more simple, so for the heck of it, I tested out the new Linksys BEFVP41 VPN router as an OpenBSD IPSec client. Turns out, the BEFVP41 is pretty darn cool and works with OpenBSD! I came up with a WAP11 + BEFVP41 combo / configuration that keeps the neighbors' expenses down, is OS agnostic, plug and play for their home networks, and still lets me run my OpenBSD firewall off the backend of my WAP11. Read the mini how-to HERE !"
(Comments are closed)
By Not Really Anonymous () on
By skullY () skully@qecrccre.bet on mailto:skully@qecrccre.bet
At least, that's assuming your clients are connecting via 802.11. When they're hard wired such as you describe in section 5, another openbsd box can take the place of the BEFVP41 and would be arguably more secure, from the standpoint that the code is open and has been audited. There's also better debugging information when "random" hangups happen. I don't want to deploy equipment I have to maintain because it's locking up and I have no information to go on to figure out why.
Don't get me wrong, the info is mildly useful, I just think you should have thought it out a little better. It seems to me that what you have now is the result of spending an hour thinking about it, and a few hours implementing it, when the opposite should have been the case. You should also explain what you're doing a bit better. The only time I can figure out where the wap11 fits in is all the way in section 5, after you've explained everything else.
By Mike Ripley () ripleymj@verizon.net on mailto:ripleymj@verizon.net