From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LUSjI-0006Dr-Tn for garchives@archives.gentoo.org; Tue, 03 Feb 2009 21:22:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 47121E076A; Tue, 3 Feb 2009 21:22:46 +0000 (UTC) Received: from yx-out-1718.google.com (yx-out-1718.google.com [74.125.44.156]) by pigeon.gentoo.org (Postfix) with ESMTP id 1F41CE076A for ; Tue, 3 Feb 2009 21:22:46 +0000 (UTC) Received: by yx-out-1718.google.com with SMTP id 4so838376yxp.46 for ; Tue, 03 Feb 2009 13:22:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to :content-type:content-transfer-encoding; bh=TSC1n9AZwSRT0Ef/Df0YKNZfpc734hOYb+Vzou+hdWk=; b=MmI8yn8EJH6Bf9mNdqXu8OiP23m6jIdAgu4e89IWTn4cgWJoQ1yCDPYagcJyahq11c zoI3mcTVk++kkljJKt3TWaKg7kGS8y4azAlELEN+x2RlOw2Pfyzi19Z21h5TaW7wEdUE wpH3hh3BN7xJ2DwHfGOqYxiQoru5Xinm+Kwn4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=fU9Jr4oFevVE6F6Bpun05mQOTBoCIoQ03EHqwGAju11b/yJ4JY26m3lEvZhjrYQisg oMVPFywgD/HPb5ICUXGrMmUmdmY5tF4DeGd5k+2KQCUoaTiQpI7L7vQWiy7q8Ttn8j1v es3cKvDGs9TKRm7UNvfwgPJnwv15MEYAKw5TQ= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Sender: paul.hartman@gmail.com Received: by 10.150.219.16 with SMTP id r16mr1095519ybg.156.1233696165460; Tue, 03 Feb 2009 13:22:45 -0800 (PST) In-Reply-To: <49bf44f10901300825w1729cdfes683e7c449c6a96e7@mail.gmail.com> References: <49bf44f10901290940p3ab050cep2e5bd985ee901fde@mail.gmail.com> <58965d8a0901290950v3183b14bra1ca458c3ee255d9@mail.gmail.com> <49bf44f10901291239r569fd20eo758f40533b80ecdd@mail.gmail.com> <58965d8a0901291258y58e8f8acw31eda17049a66155@mail.gmail.com> <49bf44f10901300825w1729cdfes683e7c449c6a96e7@mail.gmail.com> Date: Tue, 3 Feb 2009 15:22:45 -0600 X-Google-Sender-Auth: cc4492b454118180 Message-ID: <58965d8a0902031322p11e3cd05oef835f45c0738a95@mail.gmail.com> Subject: Re: [gentoo-user] Locking down a wireless network From: Paul Hartman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: b1999fa2-7cb3-4dd2-a284-3db328f7b9df X-Archives-Hash: 459e53bfe1201307ce4e3b4b88964a3e On Fri, Jan 30, 2009 at 10:25 AM, Grant wrote: >>>>> My Gentoo router's wireless network is encrypted via WPA and doesn't >>>>> DHCP. I'd like to take this a step further in case my WPA key gets >>>>> hacked. Can I issue only certain IPs to certain MAC addresses? >>>>> >>>>> Does WPA2 require hardware support? >>>> >>>> I don't think so. It should just be a driver/firmware update if you've >>>> got some device that supports WPA and not WPA2. The AES encryption of >>>> WPA2 requires a little more hardware power than WEP or WPA normally >>>> uses, but I don't think it needs any special chip or anything like >>>> that. >>>> >>>> You can also do VPN over your wifi connection, and require it for >>>> access to the rest of your network or the internet. At least then if >>>> someone hacks your wireless key, they still can't do anything without >>>> having your VPN certificate. >>> >>> Actually, VPN would rule out my wifi cell phone I bet. >> >> Maybe not -- I don't know what kind of phone you've got. I have a >> Nokia N95 which runs Symbian OS 9 and there are 3 VPN clients that I >> know of (and the first one is free): >> >> http://www.businesssoftware.nokia.com/mobile_vpn_downloads.php >> http://www.ncp-e.com/en/vpn-szenarien-produkte/vpn-produkte/secure-entry-client.html >> http://www.symvpn.com/Products/ProductInfo.aspx?ProductId=17 >> >> I believe Windows Mobile devices have VPN support built in, but I've >> never tried it. For iPhone or other phone OS i have no idea as I've >> never actually used them. >> >> Paul > > It looks like those 3 do work on an N82, but at least the 3rd one can > only connect to Windows VPN servers currently. VPN configuration on > any of them sounds like it can be a major hassle though. I haven't tried it, but the Telexy SymVPN has just released a new version which supposedly supports linux PPTP VPN now. http://www.telexy.com/Support/Publications.aspx?codeid=A75XR35VU2 There is a free trial.