VPN over wireless

I have a pc that is behind a wireless router which in turn is
connected to a cable modem. I would like to secure the connection
between the pc and the router to prevent packet sniffing and would
like to use vpn to secure this connection.

The router does support vpn connections and I have generated an RSA
key. I'm just not sure of the steps that need to be implemented on
the pc and would appreciate some help or if someone could direct me to
a tutorial on this topic.

On Mon, 25 Feb 2008 08:05:01 -0800 (PST), 2015feb25@gmail.com wrote:

>I have a pc that is behind a wireless router which in turn is
>connected to a cable modem. I would like to secure the connection
>between the pc and the router to prevent packet sniffing and would
>like to use vpn to secure this connection.

Is the data so sensitive that WPA/WPA2 is insufficient in itself?

So why not just use WPA for the wireless link?

As for the VPN setup, that's not a wireless question, it's more of a general
networking question. That and it will vary quite a bit depending on what
brand/model router is being used.


<2015feb25@gmail.com> wrote in message
news:82c44ad4-5f54-44a0-b016-a10a9a779910@q78g2000hsh.googlegroups.com...
>I have a pc that is behind a wireless router which in turn is
> connected to a cable modem. I would like to secure the connection
> between the pc and the router to prevent packet sniffing and would
> like to use vpn to secure this connection.
>
> The router does support vpn connections and I have generated an RSA
> key. I'm just not sure of the steps that need to be implemented on
> the pc and would appreciate some help or if someone could direct me to
> a tutorial on this topic.

2015feb25@gmail.com hath wroth:

>I have a pc

Maker, model, operating system, wireless card, etc???

>that is behind a wireless router

Maker, model number, hardware version, firmware version????

>which in turn is
>connected to a cable modem.

Maker, model number, ISP name, speed of service????

>I would like to secure the connection
>between the pc and the router to prevent packet sniffing and would
>like to use vpn to secure this connection.

WPA2 isn't secure enough? Are you running an open wireless system for
the neighbors to use and a VPN is your way of repairing the inevitable
security holes?

>The router does support vpn connections

Does it terminate the VPN connection? Or does it merely support "VPN
passthru? What type of VPN (PPTP, IPSec, SSL, etc)? Are you using a
3rd part VPN client manager?

>and I have generated an RSA
>key.

The RSA key is for authentication, not authorization. That's a nice
feature to insure that nobody has spoofed or stolen your connection,
but is not necessary for the basic operation. All VPN clients can use
something local to provide authentication, such as the MAC address, IP
address, machine serial numbers, or X.509 certificate?

>I'm just not sure of the steps that need to be implemented on
>the pc and would appreciate some help or if someone could direct me to
>a tutorial on this topic.

Tutorial? First you supply:
1. Exactly what are you trying to accomplish?
2. What do you have to work with (hardware, software, etc)?

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

....
>
> The RSA key is for authentication, not authorization. That's a nice
> feature to insure that nobody has spoofed or stolen your connection,
> but is not necessary for the basic operation. All VPN clients can use
> something local to provide authentication, such as the MAC address, IP
> address, machine serial numbers, or X.509 certificate?
>

Do WEP/WPA/WPA2 encrypt each packet? - so that if you were to sniff the rf
as it were you would not be able to see data in the raw; over and above any
authenification etc. - without the key or a hack.
In that case, without using external (server & client VPN) software a wifi
link is probably more secure than then wired. [Now to just make it work
reliably ...]

Says the one on wired lan with the wifi currently switched off..

"William4" <w4@news.com> hath wroth:

>...
>>
>> The RSA key is for authentication, not authorization. That's a nice
>> feature to insure that nobody has spoofed or stolen your connection,
>> but is not necessary for the basic operation. All VPN clients can use
>> something local to provide authentication, such as the MAC address, IP
>> address, machine serial numbers, or X.509 certificate?
>>

>Do WEP/WPA/WPA2 encrypt each packet?

No. Only the payload data packets are encrypted. Management packets
are sent unencrypted. Therefore, MAC addresses are easily visible,
but IP addresses are encrypted.

> - so that if you were to sniff the rf
>as it were you would not be able to see data in the raw;

I prefer my data cooked, not raw. With a sniffer, all you see with a
sniffer are the encrypted data packets and the unencrypted management
packets.

>over and above any
>authenification etc. - without the key or a hack.

Ummm... it's called authentication.
The key exchange mechanism varies with the type of encryption. You
can find the details on how they work with Google. The problem with
WEP is primarily that the key exchange mechanism is seriously flawed.
That was fixed with WPA. WPA can be cracked with a trivial (less than
8 characters) key, using brute force (trial and error) so use a long
random key. WPA2 added additional security in the form of a different
authentication mechanism and a more complex encryption mechanism.

>In that case, without using external (server & client VPN) software a wifi
>link is probably more secure than then wired. [Now to just make it work
>reliably ...]

True. I've found it much easier to just plug into a wired ethernet
switch (if available), than to sniff and decrypt wireless packets. Why
bang on the locked front door, when you can go around back and crawl
through a wide open window?

With a VPN, only the packets going between the VPN client and VPN
server (or VPN termination) are encrypted and secure. If you
subscribe to an online VPN service, such as:
<http://wireless.wikia.com/wiki/Wi-Fi#VPN_Service_Providers>
it's only secure between the VPN endpoints. The traffic between the
VPN server and the rest of the internet are unencrypted.

>Says the one on wired lan with the wifi currently switched off..

It's rather difficult to sniff packets on equipment that's turned off.

Disclaimer: I are not a security expert.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

>
>>Says the one on wired lan with the wifi currently switched off..

- that was me.

>
> It's rather difficult to sniff packets on equipment that's turned off.
>
> Disclaimer: I are not a security expert.
>
But good stuff nonetheless, taa.