Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Apr 2013 16:53:39 -0400
From:      Michael Powell <nightrecon@hotmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Home WiFi Router with pfSense or m0n0wall?
Message-ID:  <kl9goj$6vq$1@ger.gmane.org>
References:  <CAHieY7S9b9F1jndpkR2Drw=GCoBxmEWRs6Ot8MRjjQFH=xmHQQ@mail.gmail.com> <kl0qu9$ovo$1@ger.gmane.org> <CAHieY7SSbO+wt68PeFLYDzAtqMnR0kJ3UakOjvLkSMzVA31LbA@mail.gmail.com> <kl3vao$hbt$1@ger.gmane.org> <CAHieY7QNqfvwyB4_ZM-df72qTnY06vi7sk1gcvpSAfcwAifC8A@mail.gmail.com> <kl441k$6sg$1@ger.gmane.org> <CAHieY7ROZtpcmapzgrDb=EANaZZJkLjmZjf-3WuV-SrULdUG0Q@mail.gmail.com> <kl47p4$f23$1@ger.gmane.org> <51763692.8010805@qeng-ho.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Arthur Chance wrote:

[snip]
>> What I was pondering is some form of L2TP tunnel, or some other form of
>> IPSEC tunnel to form some kind of VPN like communication between the
>> client and the wifi. Just never have begun to find the time to get
>> anywhere with the idea. But basically it would resemble a VPN that only
>> accepts connection from a tunnel endpoint client and not pass any traffic
>> from any other client lacking this VPN-like endpoint. I think such a
>> thing is very possible and have read some articles by people who have
>> done very similar sounding things. Indeed, this is what SSL-VPN providers
>> do via a subscription service so people surfing at open wifi coffee shops
>> tunnel through the local open wifi and setup an encrypted VPN tunnel.
> 
> A quick note: pfSense (I don't know about m0n0wall) has OpenVPN built in
> to it. Depending on whether all devices which are going to connect
> wirelessly can run the client end of OpenVPN, this might be a quick way
> to get greater security on the WiFi side.
> 

This is along the lines of what I was thinking. I am my own CA and can 
generate certs that no one else has the private keys to. The problem with 
buying certs from a provider is the gov't has access to the private keys on 
demand. This was mandated back during the Clinton administration for the
US. I do things like turn password auth off on my SSH and only auth via 
certs. Extending this to other 'connectivities' is a way to make it harder 
for those with no approved cert to get in.  

The pairing of firewall and OpenVPN together sounds interesting. Will 
definitely check it out. Thanks for the pointer!

-Mike





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?kl9goj$6vq$1>