[MLB-WIRELESS] PPTP via 802.11

Steven Haigh netwiz at crc.id.au
Sun Aug 15 10:49:18 EST 2004


Rowan Crowe said:
> I am looking for security solutions for my free internet project. If my
> understanding is correct, WEP only protects the network as a whole;
> there is no unique encryption or login for an individual node. If you know
> the password (as public access members would) then it's the same as
> viewing unencrypted traffic.

Correct.

> Windows 98+ seems to support PPTP (VPN) out of the box and FreeBSD has a
> suitable server available. Is anyone using PPTP? How secure is it compared
> to WEP? Are there any MTU issues due to the per-packet encapsulation?

I use PPTP (PoPToP) on my wlan at home. I deny all but DHCP and the PPtP
port (1736 iirc). You then get a 192.168.0.x address from the WLAN, and
then you login via PPtP to get world access. Certainly more secure than
WEP - and it removes the bottleneck associated with enabling WEP.

It gets a little harder if you want 128bit MPPE encryption, but you should
get it happening in an hour or two.

I haven't noticed anything unusual with packet sizes etc... YMMV.

> Using an "... over ..." solution also means that I can set things up to
> allow an unencrypted backdoor for people who stumble across the AP. For
> example, any direct IP access on port 80 brings up a web page with
> information on how to configure PPTP settings.

Yes, quite possible.

> L2TP looks like another possiblility.

the rp-pppoe package has a PPPoE server you could play with - although it
would be much harder to setup than PPtP.

> Any experiences or suggestions are appreciated...
>
> Cheers.

-- 
Signed,
Steven Haigh

I am root. If you see me laughing, you'd better have a backup.

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list