wireless and VPN

I'm trying to answer a question for a friend at work regarding wireless
network cards and VPN.

He has voiced concern about limitations he has heard about the connection
between the two. I have a wireless network but have not implemented a VPN
client. I've not read any information that indicated any issues that
existed. In fact, I recently watched a segment on tech TV offering tips on
securing your wireless network and VPN was mentioned as a extra layer that
was recommended to make the network more secure. There were no cons
mentioned in this segment.

Does anyone have any information or links that you may provide that could
help me in my research? I'm presently searching google as I type this, but
have not found any specific answers to my question.

Thanks in advance.

Bubba

I'm still researching this myself, but I haven't put in much effort yet. If
you're trying to use VPN to a remote internet site - say work - that
terminates a VPN, then all you need is wifi router that supports VPN
passthrough of the standard protocols (PPTP, L2TP, IPSec). My D-Link
supports pass-through on two of these protocols, so all I'd have to do would
be enable it and run the client on Windows.

If you want a VPN in your home/SOHO network, then you either need a router
that has a VPN access server builtin - and I don't think you'll find this on
affordable home equipment - or else you need to run the server software on a
host behind your wifi router. That means installing/configuring the server,
and having another host available to run it on.


"BubbaPrime" <(E-Mail Removed)> wrote in message
news:Qwkkb.110550$(E-Mail Removed). net...
> I'm trying to answer a question for a friend at work regarding wireless
> network cards and VPN.
>
> He has voiced concern about limitations he has heard about the connection
> between the two. I have a wireless network but have not implemented a VPN
> client. I've not read any information that indicated any issues that
> existed. In fact, I recently watched a segment on tech TV offering tips on
> securing your wireless network and VPN was mentioned as a extra layer that
> was recommended to make the network more secure. There were no cons
> mentioned in this segment.
>
> Does anyone have any information or links that you may provide that could
> help me in my research? I'm presently searching google as I type this, but
> have not found any specific answers to my question.
>
> Thanks in advance.
>
> Bubba
>
>

BubbaPrime wrote:
> I'm trying to answer a question for a friend at work regarding wireless
> network cards and VPN.
>
> He has voiced concern about limitations he has heard about the connection
> between the two. I have a wireless network but have not implemented a VPN
> client. I've not read any information that indicated any issues that
> existed. In fact, I recently watched a segment on tech TV offering tips on
> securing your wireless network and VPN was mentioned as a extra layer that
> was recommended to make the network more secure. There were no cons
> mentioned in this segment.
>
> Does anyone have any information or links that you may provide that could
> help me in my research? I'm presently searching google as I type this, but
> have not found any specific answers to my question.
>
> Thanks in advance.
>
> Bubba
>
>
The standard security provided by wireless products (WEP) is not very
secure. The algorithm has flaws. There are programs available which can
break it in a short time.

The newer standard (which is not very available now) is WPA. The flaws
in WEP have been closed in the WPA systems.

Neither of these is as secure as Ipsec tunneling (PPTP and L2TP
tunneling are not nearly as secure as IPsec.

Linksys makes some affordable routers with built in IPsec tunneling.
WiFi routers with built in WIFI tunneling are rare and rather costly
(minimum of 500 to 600 dollars).

If you are concerned about security, go with WPA for wireless if you can.

If you want to go the tunneling route, forget about WEP and WPA, since a
good tunnel makes either irrelevant.

If you don't mind people accessing your WiFi, but don't want them to
access your computer lan, a possible solution would be to use two
routers, one with IPsec tunnelling.

The first router could serve your WiFi network and be as open as you
wished (or you could turn off various ports if you wanted).

The second router would serve your LAN. You could then tunnel into your
Lan from the WiFi network.

"Jerry Park" <(E-Mail Removed)> wrote in message
news:R6mkb.20015$(E-Mail Removed).. .
> BubbaPrime wrote:
> > I'm trying to answer a question for a friend at work regarding wireless
> > network cards and VPN.
> >

<snip ...>

>
> If you don't mind people accessing your WiFi, but don't want them to
> access your computer lan, a possible solution would be to use two
> routers, one with IPsec tunnelling.
>
> The first router could serve your WiFi network and be as open as you
> wished (or you could turn off various ports if you wanted).
>
> The second router would serve your LAN. You could then tunnel into your
> Lan from the WiFi network.
>
>

I think your second router would have implement a VPN access server, not
just support tunneling. Or else it would be connected to a routing host
running a VPN access server.

Also, I wouldn't recommend turning off WEP just because you run a VPN.
unless you want to be an open hotspot - which makes your ISP account
available for use by malicious hackers, and might have legal repercussions
if your ISP doesn't agree to carry traffic not originating in your home.
Always better to make a reasonable effort to prevent misuse.

Thanks for the start. Good points made by you both. I appreciate the help.
Gives me somewhere to begin and some search material...

Should any others have information to share, I'm still monitoring the
post...and thanks again!

Bubba


> The standard security provided by wireless products (WEP) is not very
> secure. The algorithm has flaws. There are programs available which can
> break it in a short time.
>
> The newer standard (which is not very available now) is WPA. The flaws
> in WEP have been closed in the WPA systems.
>
> Neither of these is as secure as Ipsec tunneling (PPTP and L2TP
> tunneling are not nearly as secure as IPsec.
>
> Linksys makes some affordable routers with built in IPsec tunneling.
> WiFi routers with built in WIFI tunneling are rare and rather costly
> (minimum of 500 to 600 dollars).
>
> If you are concerned about security, go with WPA for wireless if you can.
>
> If you want to go the tunneling route, forget about WEP and WPA, since a
> good tunnel makes either irrelevant.
>
> If you don't mind people accessing your WiFi, but don't want them to
> access your computer lan, a possible solution would be to use two
> routers, one with IPsec tunnelling.
>
> The first router could serve your WiFi network and be as open as you
> wished (or you could turn off various ports if you wanted).
>
> The second router would serve your LAN. You could then tunnel into your
> Lan from the WiFi network.
>
>

"BubbaPrime" <(E-Mail Removed)> wrote in
news:Qwkkb.110550$(E-Mail Removed). net:

> I'm trying to answer a question for a friend at work regarding
> wireless network cards and VPN.
>
> He has voiced concern about limitations he has heard about the
> connection between the two. I have a wireless network but have not
> implemented a VPN client. I've not read any information that indicated
> any issues that existed. In fact, I recently watched a segment on tech
> TV offering tips on securing your wireless network and VPN was
> mentioned as a extra layer that was recommended to make the network
> more secure. There were no cons mentioned in this segment.
>
> Does anyone have any information or links that you may provide that
> could help me in my research? I'm presently searching google as I type
> this, but have not found any specific answers to my question.
>
> Thanks in advance.
>
> Bubba
>
>
>

VPN uses several security protocols such as IPsec. A VPN protocol
encrypts packets and the protocol rides in on a carrier protocol such as
TCP/IP. The VPN end point decrypts the packets. So there must be two
valid VPN end points. VPN helps to prevent eavesdropping of the packets
as they are sent over a LAN or WAN. Using VPN doesn't mean that a network
or a machine cannot be hacked.

http://compnetworking.about.com/cs/basicnetworking/

Duane

There are wireless router products that appeal to people with this fear
(WEP is not secure enough) by performing VPN on the WIRELESS side (at
least that's what I interpret from their product literature). I recall
Watchguard (and maybe SonicWall) offer such products. IIRC they run in
the $500-1000 range. These products are not to be confused with
wireless routers with VPN endpoints such as SMC7004WFW where the VPN
connection don't apply to the wireless side.

If you are looking for an inexpensive solution, I can think of two:

1. Get an old Windows XP/2000 box, add another NIC to it, and hook it up
between your wireless router and the LAN. Set up VPN on it. The box
acts as a gateway/firewall between your untrusted wireless/Internet side
and your LAN.

2. The above Windows box can be repalced with some cheap router with VPN
endpoint built-in. One such router is the SMC7004FW. In this setup,
you have a double-NAT environment so you'll have to port-forward VPN
traffic from the wireless router to the VPN router.

If you decide to do either of the above, make sure you have a VPN client
that allows you to set the VPN server as the default gateway. Otherwise
only traffic destined to your local LAN is protected by VPN (either
IPSec or PPTP) encryption; traffic to other destinations, such as your
mail server, will not be protected by VPN on the wireless side. I
should point out that PPTP in Windows by default correctly sets the VPN
server as the default gateway; whereas Widnows built-in IPSec policy
does not have the capability to router all traffic to the VPN server.
There are some IPSec clients that purportedly can do this (e.g. Sentinel
1.4) but I have no experience with them.

Having said all that, I think WPA will make all these hacks/workarounds
to WEP weakness unnecessary. At least until somone finds holes in WPA.


BubbaPrime wrote:
> I'm trying to answer a question for a friend at work regarding wireless
> network cards and VPN.
>
> He has voiced concern about limitations he has heard about the connection
> between the two. I have a wireless network but have not implemented a VPN
> client. I've not read any information that indicated any issues that
> existed. In fact, I recently watched a segment on tech TV offering tips on
> securing your wireless network and VPN was mentioned as a extra layer that
> was recommended to make the network more secure. There were no cons
> mentioned in this segment.
>
> Does anyone have any information or links that you may provide that could
> help me in my research? I'm presently searching google as I type this, but
> have not found any specific answers to my question.
>
> Thanks in advance.
>
> Bubba
>
>

All good info. Thanks to everyone. I forwarded the information you all have
shared and received this response from my friend:

"The only reason I asked about the VPN is that there is good chance that I
will be using it alot... I read that some cards can't handle the extra load
and "push" that it brings??"

I'm ignorant to this. I have not heard of any deficiencies in the wireless
cards that lead me to believe that this is a legitimate concern. I've been
searching the web for reviews of wireless NIC's and also some networking
help sites, but as of yet I have not seen this to be an issue.

Thoughts?

Thanks again.

Bubba


"BubbaPrime" <(E-Mail Removed)> wrote in message
news:Qwkkb.110550$(E-Mail Removed). net...
> I'm trying to answer a question for a friend at work regarding wireless
> network cards and VPN.
>
> He has voiced concern about limitations he has heard about the connection
> between the two. I have a wireless network but have not implemented a VPN
> client. I've not read any information that indicated any issues that
> existed. In fact, I recently watched a segment on tech TV offering tips on
> securing your wireless network and VPN was mentioned as a extra layer that
> was recommended to make the network more secure. There were no cons
> mentioned in this segment.
>
> Does anyone have any information or links that you may provide that could
> help me in my research? I'm presently searching google as I type this, but
> have not found any specific answers to my question.
>
> Thanks in advance.
>
> Bubba
>
>

BubbaPrime wrote:
> All good info. Thanks to everyone. I forwarded the information you all have
> shared and received this response from my friend:
>
> "The only reason I asked about the VPN is that there is good chance that I
> will be using it alot... I read that some cards can't handle the extra load
> and "push" that it brings??"
>
> I'm ignorant to this. I have not heard of any deficiencies in the wireless
> cards that lead me to believe that this is a legitimate concern. I've been
> searching the web for reviews of wireless NIC's and also some networking
> help sites, but as of yet I have not seen this to be an issue.
>
> Thoughts?
>
> Thanks again.
>
> Bubba
>
>
> "BubbaPrime" <(E-Mail Removed)> wrote in message
> news:Qwkkb.110550$(E-Mail Removed). net...
>
>>I'm trying to answer a question for a friend at work regarding wireless
>>network cards and VPN.
>>
>>He has voiced concern about limitations he has heard about the connection
>>between the two. I have a wireless network but have not implemented a VPN
>>client. I've not read any information that indicated any issues that
>>existed. In fact, I recently watched a segment on tech TV offering tips on
>>securing your wireless network and VPN was mentioned as a extra layer that
>>was recommended to make the network more secure. There were no cons
>>mentioned in this segment.
>>
>>Does anyone have any information or links that you may provide that could
>>help me in my research? I'm presently searching google as I type this, but
>>have not found any specific answers to my question.
>>
>>Thanks in advance.
>>
>>Bubba
>>
>>
>
>
>
Encryption of any type necessarily lowers throughput. However, for most
uses, you won't notice a significant difference.

In article <Qwkkb.110550$(E-Mail Removed)> ,
(E-Mail Removed) says...
> I'm trying to answer a question for a friend at work regarding wireless
> network cards and VPN.
>
> He has voiced concern about limitations he has heard about the connection
> between the two. I have a wireless network but have not implemented a VPN
> client. I've not read any information that indicated any issues that
> existed. In fact, I recently watched a segment on tech TV offering tips on
> securing your wireless network and VPN was mentioned as a extra layer that
> was recommended to make the network more secure. There were no cons
> mentioned in this segment.
>
> Does anyone have any information or links that you may provide that could
> help me in my research? I'm presently searching google as I type this, but
> have not found any specific answers to my question.

The only widely implemented security for securing 802.11 wireless links
is WEP (wireless encryption protocol). WEP is notoriously easy to crack.
A busy link can produce enough of a sample for simple tools to do so in
under one half hour. If you are genuinely worried about the level of
threat and/or the consequences of a compromise, you need something
better than WEP.

A VPN can provide all the security you are likely to need. The possible
configurations of such a VPN are too numerous to go into here, but it is
safe to say that there are one or two that will meet your needs.


--
********************************************
Flatline Wi-Fi -- Un-Wiring You To The World
http://www.flatline.com
********************************************