David Taylor wrote:
>>I am looking for something secure:
>>hardware wireless router:
>
>
> I know where you're going with that but why? You can use WPA on a
> WRT54G as long as your clients support it and given a strong password,
> that's going to suit pretty much all home users.

Even if I buy WPA APs, few clients have it yet

WPA is not down compatible with 802.11b ... IPSEC is with any wireless card and any
OS ... and will remain secure as long as SSL is not broken, when optimists people
think than WPA will be broken within 12 months.

I am not to buy for WPA which will soon be weak.

> IPSec has limitations too, how were you planning on authenticating?
> Which EAP type were you going to use? EAP-MD5 for example is easily
> dictionary crackable for example.

exchange of primary key can be done by email the day before my customer joins me, or
the first day using transparent proxy that allows access only to HTTPS webmails ...

or just hand in hand (aka oral confirmation that the signature of the key is really
mine).

IPSEC cant be weaker than WPA, simply because like WEP, WPA is limitted by hardware,
and broken proto means you can throught out your devices, when IPSEC can be upgraded
even on old machines, and keeps the network compliant with any other devices.

--
DEMAINE Benoit-Pierre (aka DoubleHP ) http://www.demaine.info/
\_o< If computing were an exact science, IT engineers would not have work >o_/