[ previous ] [ next ] [ threads ]
 From:  "Magne Andreassen" <magne dot andreassen at bluezone dot no>
 To:  "'Mitch (WebCob)'" <mitch at webcob dot com>, "'John Voigt'" <1geek at jvoigt dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Cc:  <fred at daytonawan dot com>
 Subject:  RE: [m0n0wall] FW: MAC filtering on wireless interfaces
 Date:  Sun, 7 Dec 2003 16:36:42 +0100
Mitch (WebCob) wrote:
> Hey Magne - I agree with you in pricipal - but there are 
> different realities - one like Fred seems to be talking about 
> - WAP hotspots... would put an unrealistic burden on the 
> users to connect if we expect them to configure IPSEC or PPTP 
> on their windows boxes so they can surf in my coffee shop.

True, specially for public and ad-hoc WLAN where traffic 
passing your firewall is redirected to Internet and only a 
few services like http, https, dns and so on are passed.

But the setup of VPN on a windoze box connecting to m0n0wall 
PPTP, is really a no-brainer if a quick how-to is given, but
clearly most suitable for home LAN or Company LAN.

The fact that the exact same procedure for connecting 
from WAN side of m0n0wall as for the WLAN(or any optional 
interfaces), could be another good argument for using it at home...
or at work for that sake...

> There is always a balance of security and usability - if the 
> "cost" of security sacrifices to much usability, then it's 
> pointless - the system won't be used at all...

As for the security vs. usability, I agree with you.
For a hotspot like you have, IPSEC or PPTP would not
be applicable.