I'm in the process of designing a wireless solution using WPA and
RADIUS (actually the MS implementation, IAS) and I've been told that I
should consider VPN as an additional safeguard.
Since WPA protects both the authentication handshake and the
subsequent data transfer, there is no PSK configured on the clients,
and to date (at least to my knowledge) WPA has not been cracked, I
feel that a requirement to have users tunnel through VPN is extraneous
and only adds administrative overhead both in the management of the
VPN concentrator device and the configuration and management of the
client software necessary on the enduser computers.
Am I reasonably on-track with my assessment, or are there WPA
vulnerabilities that I am failing to consider which may warrant the
additional security afforded by a VPN?
Any advice is appreciated!
- posted 17 years ago