Securing an 802.11a/b/g Network with a VPN using Linux 2.6

2005-07-16

Revision History
Revision 0.612005-07-16NJMH
Small tweaks to OpenVPN scripts.
Revision 0.62005-07-05NJMH
Large global revisions for OpenVPN version 2.0.
Revision 0.52004-10-06NJMH
Added Further References section, and link to tarball of prepackaged scripts for IPSec.
Revision 0.42004-10-02NJMH
Partially rewrote section on X.509 certificates.
Revision 0.32004-09-18NJMH
Undid changes made in version 0.25 to IPSec setkey scripts.
Revision 0.252004-09-15NJMH
Corrected IPSec scripts for DHCP handling and tweaked firewall scripts.
Revision 0.22004-09-11NJMH
Added A Note About "Security" to the Introduction.
Revision 0.12004-09-03NJMH
Initial draft.

Abstract

802.11 networks are insecure by default, but, with judicious use of open-source tools, a greater level of security can be added.


Table of Contents

1. Introduction
1.1. Scope and Assumptions
1.2. A Note About "Security"
2. Legal Stuff
2.1. Copyright and License
2.2. Disclaimer
2.3. Credits / Contributors
2.4. Feedback
3. The Problem
3.1. Public-Key Cryptography
3.2. Public-Key Infrastructure (PKI)
3.3. Virtual Private Networks
4. Network Configuration
4.1. The Router
4.2. The Wireless Access Point
4.3. The Server/Wireless Firewall
4.4. What We Are Securing
5. Managing X.509 Certificates
5.1. Generating Your Own CA
5.2. Generating Host Certificates
6. Setting Up The VPN Software: IPSec
6.1. Network Configuration for IPSec
6.2. Racoon
6.3. Setting Security Policies
6.4. Transmission Issues
6.5. Making It Work With DHCP
7. Setting Up The VPN Software: OpenVPN
7.1. Network Configuration for OpenVPN
7.2. Wired Endpoint
7.3. Wireless Endpoint
8. Firewalling the Wireless Side
8.1. IPSec Firewall Script
8.2. OpenVPN Firewall Script
9. Wireless DHCP
9.1. DHCP for IPSec
9.2. DHCP for OpenVPN
9.3. Additional Options
10. Running
10.1. Common Services
10.2. IPSec
10.3. OpenVPN
11. Further References