Securing Residential Wireless LAN networks with VPN overlay
Software and equipment usedHardware
Software
Basic networkThe basic network consisted of
ImplementationAfter
installing the required software on the server and the laptop, I
followed the detailed instructions given at
http://openvpn.net/howto.html.
After establishing the VPN traffic from the client can be routed either
solely thorugh the tunnel or through both the WLAN interface and the
tunnel. I opted to route all the traffic from the laptop through the
VPN
connection and modified the server configuration file accordingly.
The installation includes init scripts which I copied to the
/etc/init.d directory after modifying them appropriately (paths to
certificate files etc.) and using Yast runlevel editor enabled them
in runlevel 5. The
only problem I faced was in getting the server to NAT the traffic from
the tunnel, somehow the SuSE firewall was interfering with the NAT
operation. I had to disable the SuSE firewall to get the NAT working. The configuration has been working flawlessly and I automatically get a tunnel between the laptop and the server on boot. Network with VPNIn
the network with VPN overlay implemented the path for traffic from
the laptop would be over the logical VPN connection (represented by
the broken line) to the server and from the server over the Ethernet
to the router. The logical connection is essentially another layer of
encryption applied before the packets are handed over to the WLAN
interface (which has it own WPA security). Hence, in a WLAN network
with VPN overlay there are 2 layers of security. The outer layer is
provided by the WLAN security protocol and the inner layer is
provided by the VPN.
The packets undergo network address translation twice, once at the VPN server and the second time at the router. The extra encapsulations and decapsulations coupled with the extra processing could impact the throughput of the network. However, I have not experienced any noticeable change in the throughput. There are primarily two benefits of having even a basic VPN overlay over an already secured WLAN
ConclusionThe use of VPN overlay over WLAN networks might look like an overkill especially for residential use. However, the rampant possibility of personal information and identity being stolen and the disastrous consequences that follow, should make the extra security provided by the overlay well worth the effort. |
|
This topic does not have any threads posted yet!
You cannot post until you login.