[lug] laptop partioning, boot loaders

D. Stimits stimits at comcast.net
Tue Jun 13 18:02:23 MDT 2006 

...

>>So...what about hardware? Is the hardware involved at all in the 
>>security? Does 128 bit WEP stop anything? Or 152 bit WEP? Is there some 
>>wireless hardware/brand/model that I could consider ideal for the situation?
>>    
>>
>
>Whether or not your cable modem is open to the public depends on how you
>set it up.
>
>You could do this:
>Wireless <----\
>               --> Switch/Hub <- OpenVPN Router <-> Switch/Hub <-> LAN
>Cable Modem <-/
>
>And _that_ would make your cable modem available to the world.
>
>  
>
I definitely don't want the cable available to the world...

>It'd be more reasonable to do this:
>Wireless <----\
>               --> OpenVPN Router <-> Switch/Hub <-> LAN
>Cable Modem <-/
>
>  
>
This is what I'm looking for, except I wouldn't use the VPN for anything 
except the wireless portions.

>The OpenVPN Router in that case needs 3 interfaces, one of which can be
>a wireless card, preferably a good one with Linux support for being an
>Access Point.  Otherwise it could be another Ethernet card connected to
>a Linksys/D-Link/Whatever wireless bridge.
>
>  
>
I believe the wireless on the laptop should work on linux, at least it 
was advertised as such by other distributors of the dell stuff (although 
they may have perhaps had some sort of custom setup...the ubuntu live cd 
though seemed to recognize it all, I just had nothing to test against).



>In a setup like that you don't really need any wireless security.  You
>could even put up a web page saying "You're connected to D. Stimits'
>Wireless Network.  Private Access Only.  Sorry."
>
>If you got ambitious or just like to play around like I do, you could
>try setting up IPSec in addition to OpenVPN.  It's not too difficult,
>with a 2.6 Linux kernel and the racoon daemon.  Get it hooked up with
>certificates, and a OpenLDAP / ActiveDirectory setup, and try to
>convince Windows 2000/XP/2003 clients that they would really like to do
>secure networking with you.
>
>Okayyy, maybe thats' too ambitious.  I haven't made it work yet. :)
>
>Oh, back on the hardware side, there are some more reliable wireless
>encryption techniques.  The good ones need things like a RADIUS server
>and a PKI infrastructure.  WPA2 with EAP-TLS.
>
>  
>
Can I get a wireless access point with this ability so that it runs 
standalone? I'm "assuming" the laptop running linux will be able to 
handle this, it's the non-portable hardware I'm wondering about. 
Although I would find it interesting at some later date to experiment 
with the more advanced stuff, I don't have time at the moment. Do I need 
to get something separate from the wireless access point to splice in in 
order to get the WPA2/EAP-TLS? Or can I purchase something and get it up 
and running standalone fast? Are access points built with standalone 
radius servers? Any brands or websites that sell this sort of thing 
(even if they are not generally 'consumer' hardware)?

>If you got _really_ crazy you could end up doing OpenVPN over IPSec over
>WPA2.  Then you could use *that* to load a HTTPS web site.
>  
>
I wonder how latency would change...

More information about the LUG mailing list