Slashdot Mirror

← Back to Stories (view on slashdot.org)

Securing Wireless Networks with IPSEC and FreeBSD

Posted by timothy on from the minding-inlets-and-outlets dept.

GoldenScrewdriver writes: "A colleague of mine has written an excellent article on how to secure your wireless network using an IPSEC VPN tunnel, NAT, and a FreeBSD firewall. With the inherent weaknesses of WEP, I thought this article might be interesting to those who prefer some privacy on their wireless link." If this might fit your situation, you might also find this earlier article interesting as well.

2 of 34 comments (clear)

  1. Just the info I've been looking for! by sclatter · · Score: 3, Interesting


    At work I've been running an IPsec VPN on FreeBSD for quite a while now. It's a great thing-- sort of tricky to set up but runs like top once it's up. I never was able to figure out how to work NAT into the picture, though. On Linux NAT and firewalling and FreeS/WAN are very well integrated, but on FreeBSD we use KAME which has a very IPv6 sensibility. No need for NAT in IPv6, so it just doesn't seem to play nice.

    This article explains the trick to it-- run NAT on the internal interface! Should have thought of that! :-)

    BTW, if anyone is curious KAME to FreeS/WAN VPNs work just fine. Ours was set up that way for quite some time.

  2. My experiences with Windows XP Professional by Anonymous Coward · · Score: 0, Interesting

    I am a Computer Information Systems Professional at a major Fortune 500 corporation. Very recently the head of our IT department decided that we were going to switch every one of our networks over to Windows XP Professional. We had previously been running OpenBSD on all our quad processor Xeons. Some of them had had uptimes approaching a year! My personal favourite, Gerbil, had been running without a reboot for three years.

    One day one of those Microsoft shills that you often read about on the Register came by for a visit. I grew very suspicious about what was going on when my boss and the Microsoft representative walked by my desk, and entered the server room. I could hear muffled voices through the closed door. The Microsoft representative was asking what we were running on our servers! My worst fears had come true. I sat at my desk for the rest of the day, silently awaiting the bad news. The news did not come until the next day. It was worse than I had feared. We were to be a Microsoft only shop from that day on! I could not believe it. The Microsoft representative had told my boss that the operating and support costs would actually go down. And my boss had fully bought into it, hook, line, and sinker.

    Tough times hit our company in the last month, and we were forced to lay off a few of the less experienced IS/IT workers. One of them took this rather hard. As a last minute attempt at corporate sabotage, he decided to change all of the Computer Administrator passwords on a few of the XP Professional boxes sitting around in the server room. This caused absolute havoc, as Dell had failed to send along administrator passwords for the new boxes. Our company could not make use of these computers for three days. It took Dell that long to get us the administrator passwords. It is strictly because of Microsoft's poor implementation of a multi-user computing environment that our company lost three days of productivity.

    Needless to say, I had our quad Xeons back running OpenBSD by the end of the week. Gerbil is back on its way to another glorious 3 years of uptime.