[lug] laptop partioning, boot loaders

D. Stimits stimits at comcast.net
Tue Jun 13 18:12:51 MDT 2006


Sean Reifschneider wrote:

>On Tue, Jun 13, 2006 at 06:50:55AM -0600, D. Stimits wrote:
>  
>
>>it sounds like they will spoof MAC's. OpenVPN for home would be nice. 
>>Does this stop them from getting to my cable modem's bandwidth, or does 
>>this just stop them from getting to my systems that are connected to it? 
>>    
>>
>
>It depends on how you set it up.  You could set it up either way.  I have a
>separate guest network and guest AP that can only reach the public network,
>and a private AP that can reach the VPN server.  You could combine those
>functions into one.
>
>  
>
The machines currently connected are all set up and 
maintained/firewalled such that even though they are on a cable connect, 
they're significantly harder than average targets. What I'm mainly 
concerned with is that the cable modem itself could end up as someone 
else's free network. So instead of setting up all machines to go through 
a VPN, I'd like to set it up so only the wireless machines must go 
through a VPN (and there will be only 1 allowed). Is any of the hardware 
out there built with a standalone VPN server that linux can talk to? The 
radius server sounded interesting from Zan...is anything out there which 
can run such a service out of the box and integrated directly into the 
wireless access? Or am I going to end up buying a less-secure wireless 
which in turn talks to a standalone firewall/VPN hardware device?

>What I do is to set up the OpenVPN server so that it bridges the OpenVPN
>"tap" device with the local network, and so once I've established an
>OpenVPN connection to the house, I'm a peer on that network.  I can
>establish that bridging from anywhere, so I can easily access all machines
>on my home network, including printers and other devices.  It's nice that I
>can print stuff from the coffee shop and it just goes.
>
>  
>
This sounds like what I should start with. If I can't get this in a 
single device, what brands should I be looking at for separate devices?

>>So...what about hardware? Is the hardware involved at all in the 
>>security? Does 128 bit WEP stop anything? Or 152 bit WEP? Is there some 
>>    
>>
>
>It doesn't matter.  Our private network is WEP because our credit card
>merchant agreement requires it to be set, even though everything we do over
>wireless is encrypted iv a VPN and on top of that sensitive stuff is going
>over SSL or SSH...
>
>  
>
Even if it does just stop annoyances I  think I'd be interested then. 
Sounds like even the best WEP though is inadequate for anything long term.

>I'm starting to be of the opinion of just turning on WEP by default to keep
>out the annoyances.  When I was in Iceland, our sprint network was
>constantly being hit really hard, and I suspect it wasn't from any of the
>sprint folks.  I think someone had associated with one of the APs that had
>a virus.  We had many people just wander in or near the room we rented and
>start using our network.  For this one video conference we were doing, we
>just had to disconnect the wireless because of saturation.
>
>  
>
I'm perhaps paranoid, I tend to believe first that anyone hijacking my 
cable isn't going to just do simple and legal stuff like download email. 
My imagination runs rampant with things like becoming a spam relay with 
a suddenly very slow cable :P

D. Stimits, stimits AT comcast DOT net




More information about the LUG mailing list