Security in Software Base Station?
Hi. I'm new in the wireless world, although I've done a reasonable amount of wired networking stuff. So, I hope you guys (and gals) can help me out.
I've currently got my G4 tower with Airport (NOT Extreme) set up as a software base station sharing my Ethernet connection. I've got 128 bit WEP working, but I'm unsatisfied with the security level that WEP provides. NAT is also working fine.
I've read that you can hide your SSID and do MAC address filtering, but I can't seem to find any resource on doing the same on a SOFTWARE base station. Can anyone direct me?
Better still, I'd like to set up a VPN server on my G4 tower, to absolutely secure the wireless network, but this would be a bonus, rather than an aim.
My target audience is a mix of Macs and PCs, all of which I have control of. I just don't want any wandering wireless users to access (and crack WEP) my little network.
Any help is greatly appreciated. Thanks.
I've currently got my G4 tower with Airport (NOT Extreme) set up as a software base station sharing my Ethernet connection. I've got 128 bit WEP working, but I'm unsatisfied with the security level that WEP provides. NAT is also working fine.
I've read that you can hide your SSID and do MAC address filtering, but I can't seem to find any resource on doing the same on a SOFTWARE base station. Can anyone direct me?
Better still, I'd like to set up a VPN server on my G4 tower, to absolutely secure the wireless network, but this would be a bonus, rather than an aim.
My target audience is a mix of Macs and PCs, all of which I have control of. I just don't want any wandering wireless users to access (and crack WEP) my little network.
Any help is greatly appreciated. Thanks.
Comments
OS X Server has a VPN server.
And I should add that I'm using 10.3.2 with Airport update 3.2
On a related issue, I managed to get OpenVPN working, by creating a virtual tun device. However, what this means is that I actually have two connections between the BS and MS, one real and the other virtual. The idea is to use the virtual link only, but all my traffic seems to be going via the real link (in both directions)!
I'm going to have to play with ipfw now to block all packets on the real link (in both BS and MS) except for UDP 5000, which OpenVPN uses. I'll also have to figure out how to force the use of the virtual link as the real link will be completely firewalled (with that one exception). Would it be necessary then to firewall the virtual device, as it is already encrypted?
Next and last thing to do would be to set up NAT on the virtual device. This would be the same regardless of whether we are using a virtual device or a real device, right?
I've done the firewalling and NAT with Redhat Linux using iptables. Now I have to figure out how to do it using ipfw. Furthermore, I have to figure out how to do the same thing on both Macs and PCs as I mentioned earlier that my target audience is a mixture... Any help would be appreciated.