[nycbug-talk] VPN vs IPsec
Fri Jul 15 17:35:13 EDT 2005
On Fri, 15 Jul 2005, pete wright wrote:
> On 7/15/05, michael <lists at genoverly.net> wrote:
>> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection. Two alternatives to WEP are OpenVPN and IPsec.
>> According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely." The paper goes on to support OpenVPN.
>> Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster.
>> I know there are a lot of variables to examine, but...
>> 1. Does anyone bother to secure wifi beyond WEP?
>> 2. Are OpenVPN and IPsec good alternatives?
>> 3. Of those which makes more sense for a wifi installation?
> On a similar topic, have you checked out nocatauth?
I recently looked at this as I'd heard about it but never got around to
trying it out.
First, there's two versions, one in perl, one that is compiled C. The
latter only supports IPTables. Next big problem I was was that the other
had a warning in the install that it will overwrite/nuke all your firewall
configs each time a client hits. So if you are not running it on a
dedicated box, it wipes all your other config. Bah.
I do think this project is a bit nicer than NoCat, as it includes a
backend to manage multiple nodes, installs on $50 AP's, and seems a little
more robust. Still waiting for a BSD port of the client (AP side)
>> % NYC*BUG talk mailing list
>> %Be sure to check out our Jobs and NYCBUG-announce lists
>> %We meet the first Wednesday of the month
> Pete Wright
> NYC's *BSD User Group
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
More information about the talk