[nycbug-talk] VPN vs IPsec

George R. george
Fri Jul 15 13:38:09 EDT 2005


michael wrote:
> After the last NYCBUG talk "Angelos Keromytis: OpenBSD IPsec stack" I
> have been reading up on securing a wifi connection.  Two alternatives
> to WEP are OpenVPN and IPsec.
> 
> According to a SANS white paper
> (http://www.sans.org/rr/whitepapers/vpns/1459.php) "IPsec VPNs are
> either too expensive or too difficult to use securely."  The paper
> goes on to support OpenVPN.
> 

while there are some great documents in the SANS reading room, don't use 
it as the ultimate truth. . .

> Angelos gave an informative talk and even put up graphs that showed
> IPsec pushes more/faster.
> 

But with a more complex setup. . . as a drawback, say, versus an SSH tunnel.

> I know there are a lot of variables to examine, but... 1. Does anyone
> bother to secure wifi beyond WEP?

Personally, no, since no WPA support in FBSD until 6.0.  The point of 
securing a home network, IMHO, is just to keep out the errant fools. 
That's *if* you decide you don't want your network open, ie, Ike.

Nor have I opted anything like IPSec. .  although Dan did:

http://www.freebsddiary.org/ipsec-wireless.php

No significant production wlans to speak of. . .

  2. Are OpenVPN and IPsec good
> alternatives? 3. Of those which makes more sense for a wifi
> installation?

I really think this depends on preference.

Going VPN or IPSec is great for you if you don't have welcomed visitors 
on your network.  It's enough of a hassle giving a WEP key to buddies as 
it is.

Of course, it's nice going a step higher if you really don't want anyone 
sniffing your traffic.  . .

g





More information about the talk mailing list