Security in Software Base Station?

in Genius Bar edited January 2014
Hi. I'm new in the wireless world, although I've done a reasonable amount of wired networking stuff. So, I hope you guys (and gals) can help me out.

I've currently got my G4 tower with Airport (NOT Extreme) set up as a software base station sharing my Ethernet connection. I've got 128 bit WEP working, but I'm unsatisfied with the security level that WEP provides. NAT is also working fine.

I've read that you can hide your SSID and do MAC address filtering, but I can't seem to find any resource on doing the same on a SOFTWARE base station. Can anyone direct me?

Better still, I'd like to set up a VPN server on my G4 tower, to absolutely secure the wireless network, but this would be a bonus, rather than an aim.

My target audience is a mix of Macs and PCs, all of which I have control of. I just don't want any wandering wireless users to access (and crack WEP) my little network.

Any help is greatly appreciated. Thanks.


  • Reply 1 of 3
    wmfwmf Posts: 1,164member
    If you want Mission Impossible security, get a real base station.

    OS X Server has a VPN server.
  • Reply 2 of 3
    Thanks for your comments. I'm saving money to upgrade my bike, so I'm trying to make do with what I already have. I'm reasonably comfortable with the command line, compiling and so on, are there any open source solutions perhaps?

    And I should add that I'm using 10.3.2 with Airport update 3.2
  • Reply 3 of 3
    Anyone? Is it possible to hide SSID and do MAC address filtering in SOFTWARE base station?

    On a related issue, I managed to get OpenVPN working, by creating a virtual tun device. However, what this means is that I actually have two connections between the BS and MS, one real and the other virtual. The idea is to use the virtual link only, but all my traffic seems to be going via the real link (in both directions)!

    I'm going to have to play with ipfw now to block all packets on the real link (in both BS and MS) except for UDP 5000, which OpenVPN uses. I'll also have to figure out how to force the use of the virtual link as the real link will be completely firewalled (with that one exception). Would it be necessary then to firewall the virtual device, as it is already encrypted?

    Next and last thing to do would be to set up NAT on the virtual device. This would be the same regardless of whether we are using a virtual device or a real device, right?

    I've done the firewalling and NAT with Redhat Linux using iptables. Now I have to figure out how to do it using ipfw. Furthermore, I have to figure out how to do the same thing on both Macs and PCs as I mentioned earlier that my target audience is a mixture... Any help would be appreciated.
Sign In or Register to comment.