Possible to secure WEP?
in [Wireless Internet]
|
From: Mark McIntyre on 9 Mar 2006 19:03 On Wed, 08 Mar 2006 23:20:06 GMT, in alt.internet.wireless , Jeff Liebermann <jeffl(a)comix.santa-cruz.ca.us> wrote: >On Wed, 08 Mar 2006 22:27:31 +0000, Mark McIntyre ><markmcintyre(a)spamcop.net> wrote: > >>Can someone explain this 'termination' business? > >When you connect through a VPN, the VPN server (termination) at the >other end of the tunnel has an IP address pool that delivers an >*ADDITIONAL* IP address to your workstation. This new IP address is >part of the remote network. Right, so we're basically talking about a router that can act as a VPN server for incoming connections. Fine, I understand now, I don't need that I think. Mark McIntyre -- ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
From: Derek Broughton on 9 Mar 2006 21:28 Jeff Liebermann wrote: > Derek Broughton <news(a)pointerstop.ca> hath wroth: > >>hmmm. I think "termination=server" might have been sufficient for Mark's >>question, but this is all good for me :-) > > It doesn't have to be a "server". It can be terminated in the router > at the other end. Yeah, it has to be a server. A server is just the program that terminates the connection. Yes, I know that's circular, but then so was "termination=server" > >>> Now, you connect to a remote VPN server (termination). It gives you >>> an additional IP address on its network as 192.168.25.53. Note that >>> this IP cannot be in the same class C IP block as your own LAN. >> >>*ding*,*ding*,*ding*! How come? That's not what the Talisman help said - >>it said "not in the DHCP range of your LAN". So my DHCP server is at >>192.168.22.1 and gives out addresses in 192.168.22.100-150. I made the >>PPTP server address 192.168.22.10 and _it's_ assigning addresses in >>192.168.22.20-30 range. I guess that's wrong. .... > 2. Note that there are two IP address "pools". One is for DHCP. The > other is for PPTP. They are different and cannot overlap. Users (and > brain dead admins) should be warned to not assign fixed IP's in either > range. This may have been what the Talisman docs were mumbling. Apparently they weren't mumbling, since that's exactly what it says. But I'm trying to access the PPTP server in my _own_ router. You're talking about using it to get from one LAN to another over the Internet; I want to use it as my gateway _to_ the Internet. So if there's a prohibition against it's addresses being in my own Class C block, that could be my problem. -- derek
From: Jeff Liebermann on 10 Mar 2006 03:07 Derek Broughton <news(a)pointerstop.ca> hath wroth: >But >I'm trying to access the PPTP server in my _own_ router. You're talking >about using it to get from one LAN to another over the Internet; I want to >use it as my gateway _to_ the Internet. So if there's a prohibition >against it's addresses being in my own Class C block, that could be my >problem. Well, you CAN use the same Class C IP block if you adhere to three limitation: 1. Absolutely no duplicated IP addresses on both LAN's, expecially the two gateway routers. If you home router is 192.168.1.1, then the remote router CANNOT be 192.168.1.1. However, it can be 192.168.1.2. That implies that the DHCP IP address blocks on each router must be different and not overlap. 2. If you use the remote routers as your gateway to the internet through the VPN, you will loose all contact with other machines on your local LAN. 3. If broadcasts are blocked by either router, you will not be able to use "Browse Network Neighborhood". If broadcasts are passed, then you run the risk of having the remote DHCP server assign local IP's. That implied that you should have different DHCP IP address blocks on each router. -- Jeff Liebermann jeffl(a)comix.santa-cruz.ca.us 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
From: Derek Broughton on 10 Mar 2006 08:56 Jeff Liebermann wrote: > Derek Broughton <news(a)pointerstop.ca> hath wroth: > >>But >>I'm trying to access the PPTP server in my _own_ router. You're talking >>about using it to get from one LAN to another over the Internet; I want to >>use it as my gateway _to_ the Internet. So if there's a prohibition >>against it's addresses being in my own Class C block, that could be my >>problem. > > Well, you CAN use the same Class C IP block if you adhere to three > limitation: > > 1. Absolutely no duplicated IP addresses on both LAN's, expecially > the two gateway routers. If you home router is 192.168.1.1, then the > remote router CANNOT be 192.168.1.1. However, it can be 192.168.1.2. > That implies that the DHCP IP address blocks on each router must be > different and not overlap. Great, thanks Jeff. > > 2. If you use the remote routers as your gateway to the internet > through the VPN, you will loose all contact with other machines on > your local LAN. Not a pressing issue. The WLAN is really just for sharing an Internet connection - I don't want the other homeowner browsing my machines, and rarely have an interest in my own pair talking to each other. In any case, I'll worry about that when I get the rest working. -- derek
From: Mark McIntyre on 12 Mar 2006 17:38
On Thu, 09 Mar 2006 09:33:40 -0800, in alt.internet.wireless , Jeff Liebermann <jeffl(a)comix.santa-cruz.ca.us> wrote: >Derek Broughton <news(a)pointerstop.ca> hath wroth: > >>hmmm. I think "termination=server" might have been sufficient for Mark's >>question, but this is all good for me :-) > >It doesn't have to be a "server". It can be terminated in the router >at the other end. Replying to an oldish post I know, but you're simply repeating what was said above. If its terminating, its a server. If that happens to be inside your router, then thats interesting but beside the point. Mark McIntyre -- ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups ----= East and West-Coast Server Farms - Total Privacy via Encryption =---- |