Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Operating Systems BSD

Securing Wireless Networks with IPSEC and FreeBSD 34

GoldenScrewdriver writes: "A colleague of mine has written an excellent article on how to secure your wireless network using an IPSEC VPN tunnel, NAT, and a FreeBSD firewall. With the inherent weaknesses of WEP, I thought this article might be interesting to those who prefer some privacy on their wireless link." If this might fit your situation, you might also find this earlier article interesting as well.
This discussion has been archived. No new comments can be posted.

Securing Wireless Networks with IPSEC and FreeBSD

Comments Filter:
  • by sclatter ( 65697 ) on Thursday April 25, 2002 @05:03PM (#3412201) Homepage

    At work I've been running an IPsec VPN on FreeBSD for quite a while now. It's a great thing-- sort of tricky to set up but runs like top once it's up. I never was able to figure out how to work NAT into the picture, though. On Linux NAT and firewalling and FreeS/WAN are very well integrated, but on FreeBSD we use KAME which has a very IPv6 sensibility. No need for NAT in IPv6, so it just doesn't seem to play nice.

    This article explains the trick to it-- run NAT on the internal interface! Should have thought of that! :-)

    BTW, if anyone is curious KAME to FreeS/WAN VPNs work just fine. Ours was set up that way for quite some time.
  • by Rick the Red ( 307103 ) <Rick.The.Red@ g m a il.com> on Thursday April 25, 2002 @05:24PM (#3412361) Journal

    Sheesh! This is getting out of hand. GoldenScrewdriver writes
    "A colleague of mine has written an excellent article on how to secure your wireless network using an IPSEC VPN tunnel, NAT, and a FreeBSD firewall. With the inherent weaknesses of WEP, I thought this article might be interesting to those who prefer some privacy on their wireless link."
    OK, I admit, I missed the last word there, "link", and concentrated on the previous phrase "wireless network", which also appears in the subject ("Securing Wireless Networks with IPSEC and FreeBSD"). But, true to Slashdot form lately, this is not about securing wireless networks, it's about securing a wireless link between your firewall and your ISP. Yeah, right -- that applies to what, five people? V.s. hundreds running actual wireless LANs on the other side of the firewall?

    GIVE US A FUCKING BREAK. PLEASE make the subjects reflect what the story's really about, so we won't waste our time!

    "If this might fit your situation, you might also find this earlier article interesting as well."
    No, I didn't. That earlier article had nothing about encrypting wireless LANs, other than the helpful suggestion that you might want to consider it, and concludes with "Configuring IPsec is beyond the scope of this article." No shit.

  • I have my FreeBSD server setup for a leaf node tunnel as specifed in NetBSD's examples [netbsd.org]. I can get my freebsd laptop to work with the tunnel but am unable to configure the same laptop in windows to work with the tunnel.

    The article goes about the tunnel process in a different manner, but it still does not say anything about interoperability with win2k. Could the authors (or someone else) comment on how to get an IPSec replacement for WEP that works with both FreeBSD and Win2k.

    I'm aware of this [daemonnews.org] article, but it uses transport mode and is inadequate as a WEP replacement.

    Thanks in advance.

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...