[ previous ] [ next ] [ threads ]
 From:  "Jason Collins" <jason at mammothcomputers dot com>
 To:  "James W Harrington" <jamesh at thefifthrace dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC Question
 Date:  Thu, 28 Sep 2006 06:33:34 -0500
I don't think it would be pointless at all, depending on the
circumstance.  Watchguard puts that feature into some of their firewalls
as an upgrade feature.  I think it is designed to work in conjunction
with WPA encryption or the like, not to replace it.  The point would be
that you provide an extra layer of authentication / encryption to
wireless clients before they are allowed into your trusted interface.
i.e. Ok, you are a rogue wireless client and hacked my wireless
encryption, but now, you'll need to hack my IPSEC policy too before you
get anything useful -- either from the trusted interface itself or from
our client traffic.  Just my two cents.

-----Original Message-----
From: James W Harrington [mailto:jamesh at thefifthrace dot com] 
Sent: Wednesday, September 27, 2006 7:41 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] IPSEC Question

I think you are right about it being pointless.  Having just drawn the
diagram to explain it someone else the only place the traffic would be
encrypted would be between the two interfaces.

Thanks for the feedback anyway


-----Original Message-----
From: Kimmo Jaskari [mailto:kimmo dot jaskari at gmail dot com]
Sent: 27 September 2006 13:31
Subject: Re: [m0n0wall] IPSEC Question

On 9/27/06, James W Harrington <jamesh at thefifthrace dot com> wrote:
> This may be a crazy idea but I am looking at whether or not is
possible to encrypt my wiress traffic using a IPSEC tunnel from the
Captive Portal Interface on my m0n0wall to the WAN Interface.  Currently
I have approx 100 users using captive portal which rules out using WEP
or WPA (I dont want to have to keep giving out the key.. hence my use of
captive portal.)
> But I was wondering if I can create what would effectivly be a site to
site VPN between the two interfaces??

From what I can read of your message (assuming I'm not misunderstanding
you), the encryption would be  from interface to interface in that case,
ie entirey internal to the firewall. I don't know if it can be done, but
I do know it would be pretty pointless - nobody is likely to be logged
in on the firewall and snooping what is going on inside it. :)

The traffic that needs encrypting is the traffic going over the airwaves
from the wireless access point to the wireless device that is
communicating with it.

-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something.
  - Robert Heinlein

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch