How to better secure my wireless transmissions on my home WLAN? VPN?

I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
f/w 4.20.7).

Connected wirelessly to this is a home-built desktop PC running XP Home
SP2 using a 54g PCI unbranded card.

Also connected wirelessly is a laptop PC (Medion 42792), also running
XP Home SP2 using an internal 54g Broadcom based card. (Most of the
time, this laptop is CAT5 cabled to the router, but the wife likes to
roam the house with it, so it does go wireless.)

Neither machine is left on server-like.

My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
wireless transmissions, using VPN I am guessing. I have looked at
OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
want).

If possible, I would also like both machines to be accessible from
another PC behind a similar setup in another location, via the
internet.

Any pointers would be very much appreciated.

"__spc__" <(E-Mail Removed)> wrote in news:1129533584.138528.85590
@f14g2000cwb.googlegroups.com:

> I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
> f/w 4.20.7).
>
> Connected wirelessly to this is a home-built desktop PC running XP Home
> SP2 using a 54g PCI unbranded card.
>
> Also connected wirelessly is a laptop PC (Medion 42792), also running
> XP Home SP2 using an internal 54g Broadcom based card. (Most of the
> time, this laptop is CAT5 cabled to the router, but the wife likes to
> roam the house with it, so it does go wireless.)
>
> Neither machine is left on server-like.
>
> My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
> wireless transmissions, using VPN I am guessing. I have looked at
> OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
> want).


Any financial stuff or things of that nature, I would use wire. It's as
simple as that.

>
> If possible, I would also like both machines to be accessible from
> another PC behind a similar setup in another location, via the
> internet.
>

It's called port forwarding. You should keep the machine out of the DMZ.

http://www.homenethelp.com/web/expla...arding-dmz.asp

The other possibility would be port triggering -- look it up but I doubt
that it's going to work for you in Remote Desktop Sharing situation over
the Internet with two machines on the LAN if that's what you're after.

Port forwarding only works with one IP/machine behind the router and you
should use a static IP on the router for the machine.

Port Triggering is for a game situation where you have more than one
machine using the same port(s) behind the router to play the game over
the Internet with multiple players as an example.

You can also use IPsec that's on the Win 2k and above O/S(s) if you're
looking for a VPN between the machines on the LAN or WAN -- use Google.

Duane

Thanks for this Duane - the links were useful, and I read them in
conjunction with the WRT54G user manual which helped greatly.

So, for port forwarding, do I need a static IP address from my ISP - so
that I know which address to use when accessing the service externally?

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed). com> on 17 Oct 2005
00:19:44 -0700, "__spc__" <(E-Mail Removed)> wrote:

>I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys
>f/w 4.20.7).
>
>Connected wirelessly to this is a home-built desktop PC running XP Home
>SP2 using a 54g PCI unbranded card.
>
>Also connected wirelessly is a laptop PC (Medion 42792), also running
>XP Home SP2 using an internal 54g Broadcom based card. (Most of the
>time, this laptop is CAT5 cabled to the router, but the wife likes to
>roam the house with it, so it does go wireless.)
>
>Neither machine is left on server-like.
>
>My WLAN is WPA-PSK (TKIP), but I want to increase the security of my
>wireless transmissions, using VPN I am guessing. I have looked at
>OpenVPN (too complicated) and iOpus IPIG (not sure it does what I
>want).

WPA is in general quite secure, on a par with VPN. PSK (shared key) can be a
weakness, but only if (a) too short a passphrase is used and/or (b) the
passphrase falls into the wrong hands. If you want to maximize your security,
set a maximum length passphrase (at least more than 20 characters) of
pseudo-random characters, and change it regularly -- I change my passwords
whenever daylight savings kicks in or out, just as I do my smoke detector
batteries.

Good way to generate secure passwords:
Password Safe* <http://passwordsafe.sourceforge.net/>
Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
it's open source and free, and has been subjected to extensive peer review.

* NOT <http://www.passwordsafe.com/>
--
Best regards, HELP FOR CINGULAR GSM & SONY ERICSSON PHONES:
John Navas <http://navasgrp.home.att.net/#Cingular>

"__spc__" <(E-Mail Removed)> wrote in news:1129560420.782959.166180
@z14g2000cwz.googlegroups.com:

> Thanks for this Duane - the links were useful, and I read them in
> conjunction with the WRT54G user manual which helped greatly.
>
> So, for port forwarding, do I need a static IP address from my ISP - so
> that I know which address to use when accessing the service externally?
>
>

The static IP is for whatever IP/machine on your LAN the traffic for the
inbound port the application on the machine needs open to be forwared to
that IP. Set the NIC on the computer through the Windows O/S to use one
of the router's static IP(s) and not an IP that can be issued through the
DHCP of the router. If the DHCP IP(s) that can be issued are 5 as an
example, then the DHCP IP(s) the router can issue are from 192.168.1.100
through 192.168.1.105. 192.168.1.106 and out are static IP(s) on the
router. The D in DHCP means Dynamic.

So the NIC on the card would be set to *Use the following* IP(s)

IP = 192.168.1.106
Subnet = 255.255.255.0
Gateway = 192.168.1.1 or is know as the router's Device IP.

Use the following DNS IP(s) --- which are the ISP(s) IP(s)

DNS1 = XXX.XXX.XXX.XXX
DNS2 = XXX.XXX.XXX.XXX

You'll find the ISP's DNS IP(S) on one of the router's Admin Screens,
which you'll also see the ISP's IP that has been issued at the time to
the router. The DNS IP(s) are static IP(s) that you'll enter for DNS1 and
DNS2.

If you port forwarded to a machine that uses a DHCP IP, the IP could
change for the machine to something else. But using a static IP like
192.168.1.106 in the above example, the IP for the machine on the LAN
that is being port forwarded to will not change its IP and port
forwarding will always point to 192.168.1.106. because it's static.

That's what is meant by using a static IP on the router is make the
computer's NIC wire or wireless use one of the router's static IP(s) so
that the computer keeps the same IP and it never changes.

Duane

__spc__ wrote:
> Thanks for this Duane - the links were useful, and I read them in
> conjunction with the WRT54G user manual which helped greatly.
>
> So, for port forwarding, do I need a static IP address from my ISP - so
> that I know which address to use when accessing the service externally?

Pah, so ntl tell me I need to upgrade to their business tariff if I
want a static IP address. Hmmm, not sure how much that'll cost, but I
bet it's a lot more than the rate I'm on now...

> Pah, so ntl tell me I need to upgrade to their business tariff if I
> want a static IP address. Hmmm, not sure how much that'll cost, but I
> bet it's a lot more than the rate I'm on now...

You don't need to although it's a little more effort.

The WRT54G has the option of supporting a few dynamic DNS providers such
as dyndns.org. Go there, register a hostname and configure that in the
WRT54G

David.

"__spc__" <(E-Mail Removed)> wrote in news:1129576378.982307.162480
@g14g2000cwa.googlegroups.com:

>
> __spc__ wrote:
>> Thanks for this Duane - the links were useful, and I read them in
>> conjunction with the WRT54G user manual which helped greatly.
>>
>> So, for port forwarding, do I need a static IP address from my ISP -
so
>> that I know which address to use when accessing the service
externally?
>
> Pah, so ntl tell me I need to upgrade to their business tariff if I
> want a static IP address. Hmmm, not sure how much that'll cost, but I
> bet it's a lot more than the rate I'm on now...
>
>

What's a static IP from the ISP have to do with anything? I don't know
about this NTL. The BB connection I used when doing port forwarding never
changed even using a DHCP IP from the ISP. But my router was up 24/7 365
connected to the Internet and the IP never changed when I was using port
forwarding on the router.

Duane

> about this NTL. The BB connection I used when doing port forwarding never
> changed even using a DHCP IP from the ISP. But my router was up 24/7 365
> connected to the Internet and the IP never changed when I was using port
> forwarding on the router.

Same with NTL as long as the connection stays up. Mine has changed only
when the router has been down and replaced by an alternate router or say
a PC for a short while but that's to be expected.

Even when the router has been turned off and on again, the same IP
address has been maintained.

Don't know which tarrif the OP is on but if it's the 3Mbps one then by
the end of the year that's supposed to go to 10Mbps at no extra charge.


David.

Thanks David - I will have a look at the DDNS options.

Duane - ntl is the biggest provider of cable broadband in Great
Britain; their tech support last night confirmed that they have short
lease times on IP addresses.

I don't want to chance the IP address changing if I'm to provide the
address to others to access the ports on one of my machines (even
though my router & modem are on 24/7).