Hello All,
I'm in the process of designing a wireless solution using WPA and RADIUS (actually the MS implementation, IAS) and I've been told that I should consider VPN as an additional safeguard.
Since WPA protects both the authentication handshake and the subsequent data transfer, there is no PSK configured on the clients, and to date (at least to my knowledge) WPA has not been cracked, I feel that a requirement to have users tunnel through VPN is extraneous and only adds administrative overhead both in the management of the VPN concentrator device and the configuration and management of the client software necessary on the enduser computers.
Am I reasonably on-track with my assessment, or are there WPA vulnerabilities that I am failing to consider which may warrant the additional security afforded by a VPN?
Any advice is appreciated!
-Dave