Thread: IPSEC wireless router ?
View Single Post
  #4 (permalink)  
Old 09-24-2005, 06:06 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: IPSEC wireless router ?
On Sat, 24 Sep 2005 15:33:55 +0200, DEMAINE Benoit-Pierre
<nntp_pipex@demaine.info> wrote:

>I am looking for something secure:
>hardware wireless router:
>
>- une ethernet port dedicated to provider (DHCP and PPPOE capable)
>- one LAN port which would be linked to some switch
>- wireless repeter
>
>BUT but BUT: I want the wireless interface NOT TO BE BRIGED to LAN ethernet,

Not possible. 802.11 wireless is bridging by definition. No routing,
IP addresses, or services (such as IPSec) involved. There's no other
way to connect between wireless and wired devices other than bridging.

Now, you could isolate the wired and wireless part with a router, VPN,
or filters, but that requires layer 3 services in addition to
bridging.

>but
>rather require any client to use IPSEC tunneling.

Overkill. You have WPA encryption for the wireless. On top of that,
you want to add VPN encryption. You don't really need both. WPA is
enough.

>Thats for home use; I am too lame to set linux box, because I dont feel liike
>setting up an IPSEC server, and had too much bad XP with IDE disks on home made
>router (usually crash after 2 or 3 years 24/24).

The bigger they are, the harder they crash. How about this
alternative? Use an access point, not a wireless router for the
wireless part of the puzzle. Use WPA encryption. Use a seperate
IPSec VPN router to terminate the tunnel. Netgear seems to have a
good selection:
| http://www.netgear.com/products/busi...ecurity_sb.php
There are lots of other wired VPN routers to chose from at around
$100US. If you want your VPN termination, it's in the box. This will
also allow you to be rather creative in locating the wireless access
point and allow easy upgrades to the latest 802.11 acronyms.

There are products that sorta do what you want:
| http://www.netgear.com/products/details/FWAG114.php
| http://www.sonicwall.com/products/tz170SP_wireless.html
I don't think you'll like the prices.

>I hope such a device should be available between 150 and 300 e
>
>Maybe there is some tutorials to convert this way some Linksys WRT ?
>or some Dlink with such native support ?

Yes. The WRT54G can handle alternative firmware with VPN termination
features. Sveasoft Alchemy includes PPTP VPN services which is handy
for Windoze clients as it comes with the operating system. IPSec is
available in various custom builds. I'm too lazy to find these. Bug
me if you need URL's.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote