[nycbug-talk] VPN vs IPsec

Charles Sprickman spork
Fri Jul 15 17:35:13 EDT 2005 

On Fri, 15 Jul 2005, pete wright wrote:

> On 7/15/05, michael <lists at genoverly.net> wrote:
>> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I have been reading up on securing a wifi connection.  Two alternatives to WEP are OpenVPN and IPsec.
>>
>> According to a SANS white paper (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are either too expensive or too difficult to use securely."  The paper goes on to support OpenVPN.
>>
>> Angelos gave an informative talk and even put up graphs that showed IPsec pushes more/faster.
>>
>> I know there are a lot of variables to examine, but...
>> 1. Does anyone bother to secure wifi beyond WEP?
>> 2. Are OpenVPN and IPsec good alternatives?
>> 3. Of those which makes more sense for a wifi installation?
>>
>
> On a similar topic, have you checked out nocatauth?
> (http://nocat.net/)

I recently looked at this as I'd heard about it but never got around to 
trying it out.

First, there's two versions, one in perl, one that is compiled C.  The 
latter only supports IPTables.  Next big problem I was was that the other 
had a warning in the install that it will overwrite/nuke all your firewall 
configs each time a client hits.  So if you are not running it on a 
dedicated box, it wipes all your other config.  Bah.

I do think this project is a bit nicer than NoCat, as it includes a 
backend to manage multiple nodes, installs on $50 AP's, and seems a little 
more robust.  Still waiting for a BSD port of the client (AP side) 
software:

http://www.ilesansfil.org/tiki-index.php

Charles

>
> -p
>
>
>> Michael
>>
>>
>> --
>> _______________________________________________
>> % NYC*BUG talk mailing list
>> http://lists.nycbug.org/mailman/listinfo/talk
>> %Be sure to check out our Jobs and NYCBUG-announce lists
>> %We meet the first Wednesday of the month
>>
>
>
> -- 
> ~~o0OO0o~~
> Pete Wright
> www.nycbug.org
> NYC's *BSD User Group
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>

More information about the talk mailing list