PPTP is not the tunneling "choice" for encrypted tunnels but it does a decent
job. 128 bit encryption via OpnSSL. How it works is the "tunnel" is encrypted
by the software on your system and started at the interface. It is then
decrypted at the endpoint interface on the other side.
That said, you are sending packets across open airwaves which makes it easier
to "sniff" and decrypt than on old school cat5. You didnt specify if you had
WEP or WPA enabled which would help somewhat.
Personally I would IPSec to the m0n0wall via wireless instead of WEP.
That was the Long winded answer to your question, short answer is most likely
yes. Is it the best you can do, probably not.
Pitbull Technologies <http://www.pittech.com/>
Protecting your Digital Assets
Quoting Louis <m0n0 dot ch at hourfollowshour dot org>:
> I am connecting wirelessly to my Soekris 4521 wireless OPT1 interface
> from my laptop (Fedora Core 2).
> OPT1 10.10.10.1
> PPTP 10.10.111.254
> I then connect using PPTP [http://pptpclient.sourceforge.net/], I
> configure it to point to my 'external' WAN IP address. Everything seems
> to work fine. I know I am going through the PPTP interface because I
> have full external connectivity. If I just connect to wirelessly
> without using the PPTP client I see only connections that I have allows
> for in the firewall rules for the OPT1 interface.
> I don't have another wireless client available at the moment to sniff
> traffic, but I want to be sure traffic is really encrypted over the PPTP
> tunnel, based on the above info, is it? Am I following the right
> procedure above or can/should I be doing something different or better?
> Wireless Client netstat -rn below:
> # netstat -rn
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> my.ext.ip.here 10.10.10.1 255.255.255.255 UGH 0 0 0 ath0
> 10.10.111.254 0.0.0.0 255.255.255.255 UH 0 0 0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
> 0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch