On 8/15/07, Celejar <[EMAIL PROTECTED]> wrote: > On Mon, 13 Aug 2007 08:57:45 +1000 > "Adrian Levi" <[EMAIL PROTECTED]> wrote: > > > On 8/13/07, Celejar <[EMAIL PROTECTED]> wrote: > > > On Mon, 13 Aug 2007 08:18:19 +1000 > > > > <Snipped> > > > > > I don't quite follow you. Can you explain in more detail? > > > > > > Celejar > > > > Ok, Assuming your wireless router can use an open Linux distribution > > or your wireless router connects directly to a linux firewall, you can > > use the following tools to set up proper encryption and authentication > > between each allowed client and the router. > > > > I have never done this but know it's possible. > > > > http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet > > > > Using pppoe the client computer makes a connection to the wireless > > router, handshaking is done, The client is given an IP address for the > > pppoe connection. > > > > http://www.ssh.com/support/documentation/online/ssh/winhelp/32/Tunneling_Explained.html > > > > The ssh tunnel provides proper authentication and protection for the > > otherwise insecure and sniff able traffic that is broadcast > > wirelessly. This step also ensures that a non trusted client cannot > > transfer any data over your network. > > > > As I say earlier, I have not done this, I cannot explain any further. > > Good luck but this Is what I am looking to implement on my network. > > Adrian > > I'm no networking expert, but I'm afraid I don't understand how this > stops untrusted clients from accessing your network. He obviously > won't be able to read ssh encrypted traffic, but I think he'll still be > able to log on to the router. > > Celejar
Everyone needs to be able to access the router - trusted and un-trusted, At this point you don't know who are your legitimate users. This method Assumes that any wireless broadcast traffic is _hostile_. I think you may be trying to secure the wrong part of the link. What you are stopping is any traffic passing onto your wired network that does not originate through a ssh tunnel is discarded and the connection dropped. What you are doing is setting up a VPN from your trusted wired network over the hostile wireless network segment to your trusted wireless clients. http://nst.sourceforge.net/nst/docs/user/ch07s03.html http://mia.ece.uic.edu/~papers/volans/ssh-vpn.html What I wrote in the above email was backward, SSH is established first then pppoe or just plain ppp is tunnelled through that link to provide full network functionality. A basic outline of a transaction follows: 1: Client contacts firewall. 2: Firewall issues dhcp address. 3: ssh link established. 4: pppoe tunnel through ssh link established. 5: IP address from pppoe link allocated - this one is the default gateway. Adrian -- 24x7x365 != 24x7x52 Stupid or bad maths? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
