Where *nix and security meet the general public
Building a cheap secure wireless (WLAN) infrastructure with OpenVPN and Linux (an advanced tutorial of OpenVPN)
You can get this also in pdf or plain text 
NOTE: This tutorial is several pages long. The PDF is now available.
Having “wireless LAN” access (WLAN) in your office is nowadays almost a given. The challenge comes though on how to secure your WLAN and how to deploy it correctly. You probably want the least overhead for administration and a very flexible, yet secure deployment. Since WLAN access points (AP’s) have a semi limited range depending on your building, you might want to deploy more then one AP per floor, or even one AP per meeting room. But creating different networks for each meeting room is pretty much out of the question.
Also the fact that WEP encryption is not much of a cracking challenge nowadays (things like kismet or kismac helps you do the dirty work) and adding every single MAC address to every AP you have is a BIT cumbersome. What you really want is a very secure yet very simple VPN solution. Using IPSec would be secure but you need a LOT of configuration and the administrative overhead is or can be quite huge. OpenVPN is free (as in beer and speech), uses SSL for encryption and only a single TCP (or UDP) port to communicate. Configuration and installation for it is also very simple. This combination makes it an excellent choice for this little project. So how do you do it? Simple, you have a central OpenVPN server on a separate network and link all the AP’s to it.
What? Again, how? - Yes i can see the confusion here but in the next few paragraphs we will go through all the steps necessary. If you have questions or comments of course feel free to mail me or leave a comment.
First you need to be clear what you want to do. In the case of this tutorial we take the most challenging setup and deploy one AP in each meeting room, this also gives us range to the normal offices. 3 meeting rooms per floor and 2 floors. so we need 6 AP’s deployed. We also want to give guests the chance to actually access the internet as an “added bonus”. One caveat: In this tutorial we will use PKI and Certificates. However we will create a Certificate Authority specifically for this how-to. For integration of this with your central CA check “the OpenSSL for everything project”.
Now that we got this cleared, let’s move on.
Popularity: 58% [?]
WOW, that is some long article. Must have taken ou ages to put this together, kudos thou. Very well done.
//Kr0ll
Thanks, it did. Anyone with recommendations for APs or switches?
I think, is better to edit the copied .vars and set the following which you will find near the end of this file:
export KEY_COUNTRY=”IN” # Two letters youe countary code
export KEY_PROVINCE=”UT” # Name of your State/Provice
export KEY_CITY=”Chandigarh” # Name of your city
export KEY_ORG=”Anu’s Linux@HOME” # Name of your organization
export KEY_OU=”Wireless Network” # Name of the Unit/Division
export KEY_EMAIL=”admin@cto.homelinux.net” # Admin’s e-mail
before you run . ./vars
nice one, thanks.
Yes that would be an easier way and saves you a lot of time.
//Flosse
[…] Secure wireless Filed under: Linux — 0ddn1x @ 2007-01-04 04:09:43 +0000 http://blog.2blocksaway.com/2006/12/11/building-a-cheap-secure-wireless-wlan-infrastructure-with-openvpn-and-linux-an-advanced-tutorial-of-openvpn/ […]
Wow. Nice work.
I am part of popular demand and would like a pdf version.
thanks!
PDF version of this article will be available within this weekend. Also the IPtables tutorial will be done then!
Thanks to everyone
Hello
Thanks for posting the pdfs…however, when I open them in Preview or Acrobat 5/6 Reader or Pro, I see the images, but no text.
This is for both this article and the IPtables. Is there compatibility issue that I am unaware?
sorry, my bad. It is now fixed on the articles that have PDF and TXT versions. This means all iptables parts, the openvpn and the porn blocking proxy. PDF and txt will from now on uploaded as the articles are written
cheers to you!
[…] [ link ] Converter em pdf. […]
hi nice site.
thanks… glad someone finds it useful