Wireless LAN. VPN/IPSec/PPPoE?

Wireless LAN. VPN/IPSec/PPPoE?

Post by Poole, Thomas [WOLL:4009:EXCH » Fri, 11 Feb 2000 04:00:00



I've been asked to help setup a wireless LAN on a university campus.

The idea is that students and staff can use their Win/Mac/Linux laptops
on campus to access the campus network and the rest of the internet.

The main issues I see are security and authentication. We require that
any person trying to access the wireless LAN be authenticated, and any
traffic sent over the air should be encrypted.

Of course, we'll be using a Linux firewall to route between the campus
LAN and wireless network. Any suggestions on hardware or software for
the firewall is appreciated.

At this point, I'm looking for suggestions as to the right technology to
use.

I'm thinking IPSec will do the job nicely. Is this the best solution? Is
this well supported in Linux? Does this require a separate tunnel for
each user?

I've looked at PPPoE briefly, but everything seems to deal with the
client side. I need to be able to terminate the PPPoE tunnel at the
Linux box. Does PPPoE offer encryption?

Keep in mind that we need Win/Mac/Linux clients for whatever solution we
go with.

I'm still new to a lot of this technology so pointers to the relevant
documentation would be appreciated. I know about the firewall and net
howto's and am in the process of making my way thru them now.

Thanks,
Thomas...

 
 
 

Wireless LAN. VPN/IPSec/PPPoE?

Post by Aaron Steink » Fri, 11 Feb 2000 04:00:00


i've spent the last couple of weeks contemplating the same problems...
most hardware that is IEEE 802.11 compliant already uses WEP (wired
equivalent Privacy) which is based on rc4 40-bit encrytion

for long term compatability, i think i'm going to use the IEEE 802.11 system
rather than OpenAir or a proprietary system

most systems have a max bandwidth of 2Mbps and an indoor range of 500ft from
the base station

higher bandwidth systems usually have smaller range

main players are www.proxim.com and www.zoom.com

apple's 'AirPort'  is also worth a look! (IEEE 802.11 compliant, 11Mbps,
150ft, fairly cheap, compatable with all other IEEE 802.11 cards)



Quote:> I've been asked to help setup a wireless LAN on a university campus.

> The idea is that students and staff can use their Win/Mac/Linux laptops
> on campus to access the campus network and the rest of the internet.

> The main issues I see are security and authentication. We require that
> any person trying to access the wireless LAN be authenticated, and any
> traffic sent over the air should be encrypted.

> Of course, we'll be using a Linux firewall to route between the campus
> LAN and wireless network. Any suggestions on hardware or software for
> the firewall is appreciated.

> At this point, I'm looking for suggestions as to the right technology to
> use.

> I'm thinking IPSec will do the job nicely. Is this the best solution? Is
> this well supported in Linux? Does this require a separate tunnel for
> each user?

> I've looked at PPPoE briefly, but everything seems to deal with the
> client side. I need to be able to terminate the PPPoE tunnel at the
> Linux box. Does PPPoE offer encryption?

> Keep in mind that we need Win/Mac/Linux clients for whatever solution we
> go with.

> I'm still new to a lot of this technology so pointers to the relevant
> documentation would be appreciated. I know about the firewall and net
> howto's and am in the process of making my way thru them now.

> Thanks,
> Thomas...


 
 
 

Wireless LAN. VPN/IPSec/PPPoE?

Post by Dave Kristo » Wed, 16 Feb 2000 04:00:00



> [...]
> main players are www.proxim.com and www.zoom.com

Don't forget Lucent's WaveLAN (www.wavelan.com).

Dave Kristol

 
 
 

1. Network to Network IPSec VPN using RHEL/CentOS: separate VPN Router and LAN Gateway

Hi there,

I followed the RHEL documentation at
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
and was able to deploy network to network IPSec VPN between two
private networks, as long as I set the IPSec Routers to be the same as
the LAN gateways.

But according to the documentation, it is possible to have the IPSec
routers different from the LAN gateways. The image shown in the above
cited page shows it. Also, it is even clearer depicted in an older
documentation at http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...
especially with this image:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-...

However, if I choose to have the Gateway different from the routers,
then in the /etc/sysconfig/network-scripts/ifcfg-ipsec1 file, I need
to specify the gateway IP address for SRCGW, which is different from
the IP address of the IPSec router itself.
Then I am not able to run the "ifup ipsec1" command and get the error
of "RTNETLINK answers: Invalid argument".

I googled around and people seemed to suggest that the SRCGW needs to
the local intranet IP for the IPSec Router itself. But is this true if
this router is different from the LAN gateway? Most likely, before the
VPN is setup, there is already a LAN gateway for each private network
which is functioning as a NAT and firewall. When VPN is introduced, we
may want to leave the gateway alone  and don't change the gateway
setup for any of the LAN host at all.  As long as the LAN gateway is
able to forward VPN request to the IPSec Router, this should also
work, right?

But how do I get around the "RTNETLINK answers: Invalid argument"
problem?
Thank you very much.

Shi

2. Video

3. AT&T business account with VPN (IPSec) and linux PPPoE ????

4. Live CD - iso image 2

5. ipsec vpn session end causes pppoe to die...

6. test

7. only show Wireless LAN submenu if Wireless LAN is selected

8. Linux on the desktop, motivated by privacy concerns

9. IPSec/VPN to Cisco router with IPSec IOS ?

10. VPN works through wired ports, but with wireless VPN connection not working

11. LAN-to-LAN VPN(Poptop+PPTP client) problem

12. VPN mpd LAN-to-LAN Routing Problem?

13. How to make an ipsec vpn connection *through* a FreeBSD 4.5 firewall