WiFi VPN how to?

I am a wireless newbie just learning about LANS.

I have a Draytek 2200USB switch/router plugged into an ADSL. I have
recently added a wireless access point to the router. The computers
are PCs with Win2Kpro or XPpro.

I am concerned about security and have done all the basics (like MAC
filtering, 128 WEP, changed all default names/passwords) but I have
been reading that WEP is not secure enough.

The solution I keep coming accross is a VPN. But I am lost at the
layout of the network.

is it:

Laptop WinXPpro w/ wireless NIC --> VPN tunnel to Access point -->
Router --> Internet

And if so, how does the laptop connect to the Access Point via a VPN
into the router if it has to create a normal connection first? Is it
after the normal Access Point connection is made the Internet traffic
gets re-routed into the VPN tunnel?

Are there any online tutorials/ hows tos / diagrams out there? Or can
someone explain in laymans terms how to do it?

Thanks,
kimchiramen

"kimchiramen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I am a wireless newbie just learning about LANS.
>
> I have a Draytek 2200USB switch/router plugged into an ADSL. I have
> recently added a wireless access point to the router. The computers
> are PCs with Win2Kpro or XPpro.
>
> I am concerned about security and have done all the basics (like MAC
> filtering, 128 WEP, changed all default names/passwords) but I have
> been reading that WEP is not secure enough.
>
> The solution I keep coming accross is a VPN. But I am lost at the
> layout of the network.
>
> is it:
>
> Laptop WinXPpro w/ wireless NIC --> VPN tunnel to Access point -->
> Router --> Internet
>
> And if so, how does the laptop connect to the Access Point via a VPN
> into the router if it has to create a normal connection first? Is it
> after the normal Access Point connection is made the Internet traffic
> gets re-routed into the VPN tunnel?
>
> Are there any online tutorials/ hows tos / diagrams out there? Or can
> someone explain in laymans terms how to do it?

My research would indicate that VPN (virtual private network) is between two
computers connected by network or internet using a VPN client, such as:
http://tinyurl.com/74ru

I too would like a more secure connection to the internet.
WEP is being replaced by WPA, but needs to be supported by the router
manufacture and downloaded from them.

B


>
> Thanks,
> kimchiramen

"kimchiramen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I am a wireless newbie just learning about LANS.

It's handy to know something about LANs when you start with Wireless (and
VPN).

> I have a Draytek 2200USB switch/router plugged into an ADSL. I have
> recently added a wireless access point to the router. The computers
> are PCs with Win2Kpro or XPpro.

Whatever.

> I am concerned about security and have done all the basics (like MAC
> filtering, 128 WEP, changed all default names/passwords) but I have
> been reading that WEP is not secure enough.

Indeed.

> The solution I keep coming accross is a VPN. But I am lost at the
> layout of the network.
> is it:
> Laptop WinXPpro w/ wireless NIC --> VPN tunnel to Access point -->
> Router --> Internet

Actually it is: VPN Client --> VPN Server
Whatever is between those 2 or behind the VPN server doesn't matter.
Between the client and server can be: a wire, an access point, a LAN, the
internet, ...
Behind the server can be: a LAN, an internet connection, ...

> And if so, how does the laptop connect to the Access Point via a VPN
> into the router if it has to create a normal connection first? Is it
> after the normal Access Point connection is made the Internet traffic
> gets re-routed into the VPN tunnel?

Normally the laptop "associates" with the access point after which it gets
an IP address assigned by a DHCP server or it already has a fixed IP
address. After that, everything is the same as with wires.

> Are there any online tutorials/ hows tos / diagrams out there? Or can
> someone explain in laymans terms how to do it?

http://www.google.com

> Thanks,
> kimchiramen

Regards,

Thor.

thanks for the reply, I think I understand.

So I require the wireless NICs to connect to the router via the access
point using a VPN.

Then once the router handshakes with the wireless NIC, all data sent
between the router and the NIC is done in the VPN.

is that it?

sprout

On 15 Sep 2003 09:21:19 -0700, (E-Mail Removed) (kimchiramen)
wrote:

>I am a wireless newbie just learning about LANS.
>
>I have a Draytek 2200USB switch/router plugged into an ADSL. I have
>recently added a wireless access point to the router. The computers
>are PCs with Win2Kpro or XPpro.
>
>I am concerned about security and have done all the basics (like MAC
>filtering, 128 WEP, changed all default names/passwords) but I have
>been reading that WEP is not secure enough.
>
>The solution I keep coming accross is a VPN. But I am lost at the
>layout of the network.
>
>is it:
>
>Laptop WinXPpro w/ wireless NIC --> VPN tunnel to Access point -->
>Router --> Internet
>
>And if so, how does the laptop connect to the Access Point via a VPN
>into the router if it has to create a normal connection first? Is it
>after the normal Access Point connection is made the Internet traffic
>gets re-routed into the VPN tunnel?
>
>Are there any online tutorials/ hows tos / diagrams out there? Or can
>someone explain in laymans terms how to do it?
>
>Thanks,
>kimchiramen

I wouldn't bother with a VPN, WEP is secure enough for most
implementations, unless you are sending TOP SECRET documents across
it!

It would take the hacker, many days to acquire enough data packets to
perform a WEP crack.

Yes, WEP can be cracked, but there's too much hype about it being a
security threat.

AJ

PS do you shred all your bills, and garbage to stop, identify theft!
stop being paranoid.

Change the WEP keys daily/weekly if you are that paranoid.

Enable MAC Filrering
Enable 128-bit WEP
Enable Key rotation
Disable Broadcast ESSID
Disable DHCP or statically allocate ALL MAC addresses.
Use a tool to check for rouge MAC addresses on the LAN
Know the range of your AP - site survey - and locate so it doesn't
transmit/receive for miles.

>> So I require the wireless NICs to connect to the router via the access
point using a VPN.

Then once the router handshakes with the wireless NIC, all data sent
between the router and the NIC is done in the VPN.

is that it?

sprout:

1) WiFi client > AP-NAT-router
This involves the RF connection and the setup of TCP/IP on your WiFi client.
Your WiFi client will send packet to the LAN port of the router.
The NAT will change your IP address within the packet.
The packet will be sent out the WAN port of the router.

2) VPN client > VPN server
Your WiFi client is the VPN client.
For PPTP VPN, this involves:
A PPTP control connection from the VPN client to TCP port 1723 on the VPN
server.
And GRE packets are sent from the VPN client to the VPN sever.
GRE is IP sub protocol #47 and does not involve TCP/UDP/ports.
The data sent within the PPP frame within the GRE packet can be encrypted.

On 17 Sep 2003 03:08:38 -0700, (E-Mail Removed) (kimchiramen)
wrote:

>Nothing wrong with taking a few precautions. I live in an apartment
>building, and who knows who is listening out there. And with so much
>personal data on the computers, a little work to feel safe is fine by
>me.
>
>Plus it has been a great jump start into learning about how networks
>work.
>
>Thanks for all the help on the WiFi VPN problem.
>
>I am looking forward to surfing the net from my laptop safe in the
>knowledge that all my IP packets are as safe as possible
>
>cheers,
>
>sprout

Just make sure you've adequate home insurance.

There's a trend here in the UK now, of Wardriving to find Wireless
Equipment, this is possibly attached to a LAN/PC/Wireless Access
Point/Notebook to BURGLE AND STEAL!

You CANNOT STOP THE RADIO WAVES, wardrivers will still find you have a
Wireless LAN, they may not be able to decrypt it, but they'll know
it's there!

and if you live in an apartment building, easier to break in and steal
when you out at work, if you leave the equipment on!

> There's a trend here in the UK now, of Wardriving to find Wireless
> Equipment, this is possibly attached to a LAN/PC/Wireless Access
> Point/Notebook to BURGLE AND STEAL!

Got a reference documenting that trend?!

On 17 Sep 2003 03:08:38 -0700, (E-Mail Removed) (kimchiramen)
wrote:

>I am looking forward to surfing the net from my laptop safe in the
>knowledge that all my IP packets are as safe as possible

hmm
I always keep the wireless section of my home network perfectly open
with no VPN or WEP.. reason is that I don't like this kind of stuff.

I prefer to use SSH v2 to dynamically tunnel connections: it is much
safer and sucks less. then if somebody joins is welcome and maybe I
can have a chat.. if somebody else is listening only, whatever he does
the SSHv2 system will warn me of any possible problem.
being this, I'm still able to see the wireless network AND to tunnel
sensitive data on a secure pipe.

On Wed, 17 Sep 2003 12:43:54 +0100, Andy Jones
<(E-Mail Removed)> wrote:
>
>and if you live in an apartment building, easier to break in and steal
>when you out at work, if you leave the equipment on!

err, how is this 'equipment on' thing connected to the chance of
breaking in?