How to better secure my wireless transmissions on my home WLAN? VPN?

I have ntl cable broadband connected to a Linksys WRT54G (v2, Linksys f/w 4.20.7).

Connected wirelessly to this is a home-built desktop PC running XP Home SP2 using a 54g PCI unbranded card.

Also connected wirelessly is a laptop PC (Medion 42792), also running XP Home SP2 using an internal 54g Broadcom based card. (Most of the time, this laptop is CAT5 cabled to the router, but the wife likes to roam the house with it, so it does go wireless.)

Neither machine is left on server-like.

My WLAN is WPA-PSK (TKIP), but I want to increase the security of my wireless transmissions, using VPN I am guessing. I have looked at OpenVPN (too complicated) and iOpus IPIG (not sure it does what I want).

If possible, I would also like both machines to be accessible from another PC behind a similar setup in another location, via the internet.

Any pointers would be very much appreciated.

Reply to
__spc__
Loading thread data ...

Thanks for this Duane - the links were useful, and I read them in conjunction with the WRT54G user manual which helped greatly.

So, for port forwarding, do I need a static IP address from my ISP - so that I know which address to use when accessing the service externally?

Reply to
__spc__

Pah, so ntl tell me I need to upgrade to their business tariff if I want a static IP address. Hmmm, not sure how much that'll cost, but I bet it's a lot more than the rate I'm on now...

Reply to
__spc__

"__spc__" wrote in news:1129533584.138528.85590 @f14g2000cwb.googlegroups.com:

Any financial stuff or things of that nature, I would use wire. It's as simple as that.

It's called port forwarding. You should keep the machine out of the DMZ.

formatting link
The other possibility would be port triggering -- look it up but I doubt that it's going to work for you in Remote Desktop Sharing situation over the Internet with two machines on the LAN if that's what you're after.

Port forwarding only works with one IP/machine behind the router and you should use a static IP on the router for the machine.

Port Triggering is for a game situation where you have more than one machine using the same port(s) behind the router to play the game over the Internet with multiple players as an example.

You can also use IPsec that's on the Win 2k and above O/S(s) if you're looking for a VPN between the machines on the LAN or WAN -- use Google.

Duane :)

Reply to
Duane Arnold
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

WPA is in general quite secure, on a par with VPN. PSK (shared key) can be a weakness, but only if (a) too short a passphrase is used and/or (b) the passphrase falls into the wrong hands. If you want to maximize your security, set a maximum length passphrase (at least more than 20 characters) of pseudo-random characters, and change it regularly -- I change my passwords whenever daylight savings kicks in or out, just as I do my smoke detector batteries.

Good way to generate secure passwords: Password Safe* Originally created by noted cryptographer Bruce Schneier of Counterpane Labs, it's open source and free, and has been subjected to extensive peer review.

  • NOT
Reply to
John Navas

"__spc__" wrote in news:1129560420.782959.166180 @z14g2000cwz.googlegroups.com:

The static IP is for whatever IP/machine on your LAN the traffic for the inbound port the application on the machine needs open to be forwared to that IP. Set the NIC on the computer through the Windows O/S to use one of the router's static IP(s) and not an IP that can be issued through the DHCP of the router. If the DHCP IP(s) that can be issued are 5 as an example, then the DHCP IP(s) the router can issue are from 192.168.1.100 through 192.168.1.105. 192.168.1.106 and out are static IP(s) on the router. The D in DHCP means Dynamic.

So the NIC on the card would be set to *Use the following* IP(s)

IP = 192.168.1.106 Subnet = 255.255.255.0 Gateway = 192.168.1.1 or is know as the router's Device IP.

Use the following DNS IP(s) --- which are the ISP(s) IP(s)

DNS1 = XXX.XXX.XXX.XXX DNS2 = XXX.XXX.XXX.XXX

You'll find the ISP's DNS IP(S) on one of the router's Admin Screens, which you'll also see the ISP's IP that has been issued at the time to the router. The DNS IP(s) are static IP(s) that you'll enter for DNS1 and DNS2.

If you port forwarded to a machine that uses a DHCP IP, the IP could change for the machine to something else. But using a static IP like

192.168.1.106 in the above example, the IP for the machine on the LAN that is being port forwarded to will not change its IP and port forwarding will always point to 192.168.1.106. because it's static.

That's what is meant by using a static IP on the router is make the computer's NIC wire or wireless use one of the router's static IP(s) so that the computer keeps the same IP and it never changes.

Duane :)

Reply to
Duane Arnold

You don't need to although it's a little more effort.

The WRT54G has the option of supporting a few dynamic DNS providers such as dyndns.org. Go there, register a hostname and configure that in the WRT54G

David.

Reply to
David Taylor

"__spc__" wrote in news:1129576378.982307.162480 @g14g2000cwa.googlegroups.com:

externally?

What's a static IP from the ISP have to do with anything? I don't know about this NTL. The BB connection I used when doing port forwarding never changed even using a DHCP IP from the ISP. But my router was up 24/7 365 connected to the Internet and the IP never changed when I was using port forwarding on the router.

Duane :)

Reply to
Duane Arnold

Thanks David - I will have a look at the DDNS options.

Duane - ntl is the biggest provider of cable broadband in Great Britain; their tech support last night confirmed that they have short lease times on IP addresses.

I don't want to chance the IP address changing if I'm to provide the address to others to access the ports on one of my machines (even though my router & modem are on 24/7).

Reply to
__spc__

Same with NTL as long as the connection stays up. Mine has changed only when the router has been down and replaced by an alternate router or say a PC for a short while but that's to be expected.

Even when the router has been turned off and on again, the same IP address has been maintained.

Don't know which tarrif the OP is on but if it's the 3Mbps one then by the end of the year that's supposed to go to 10Mbps at no extra charge. :D

David.

Reply to
David Taylor

Sadly, I'm on the 1MB connection...

I don't want to set up a public server, I just want my family to be able to access JPEGs etc. on my WLAN 'server' so I guess the semi-permanent IP allocation from ntl will suffice; I can always advise of a change.

I could always go for something like:

formatting link
Thanks for everyone's help on this.

Reply to
__spc__

I know where you're coming from but you could also host the pics on a hosting site so that family members could also select them and choose to have them printed and sent to their home.

Which is the same as dyndns.org except that the WRT54 already support dyndns but not no-ip.com. dyndns.org will work for you. ;)

David.

Reply to
David Taylor

iOpus' iPig is a good and free VPN solution for this purpose, I am using it myself.

This is the information they provide on their website:

"How does iPig security compare to WEP or WPA encryption?

WEP encryption is already broken and thus not secure. WEP will stop a casual user, but freely available programs like AirSnort enable any Cracker to break into your WLAN with little trouble. Making matters even worse, the cracking techniques most frequently used will work equally well no matter what WEP key length you're using. WPA encryption itself is secure, but stops at the hotspot. Thus while it protects your data while it is "in the air", it offers no protection at all if the hotspot itself is corrupted. In contrast, if the data is encrypted with iPig, the data is still encrypted while it passes through the hotspot. Thus, even an "evil twin" attack can not compromise your security. "

Reply to
peter20052005

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.