[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] ipsec on WLAN

The sketch for my System is thi one:

Wired LAN 802.3<-->Gateway           Server<-->Cisco 1200AP<-->WirelessLAN
(Win2000 or XP)         (WinXp Pro or Linux)
(Win2k or XP)

I Understand that the Gateway Server could route the traffic from the WIFI
LAN to the WiredLAN and viceversa. The problem is that I want to protect the
traffic between Wireless Clients as well. If I used a tunnel between a WiFi
client and the gateway I could probably reach the Wired LAN but what if I
wanted to protect the traffic to another client? I'm Afraid that TCP would
use the WiFi connection to communicate to the other mobile clients, ignoring
the VPN tunnel to the gateway.
My idea was to use a a FreeSWAN Server with two LAN interfaces installed:
One facind the WiredLAN (e.g. 192.168.1.xxx) and the other connected
directly to the AP and the WLAN(e.g. 192.168.2.xxx).
A WIFI client (e.g. 192.168.2.2) connecting to a WIRED client (e.g.
192.168.1.25) would use the gateway through the VPN tunnel I estabilished.
But I don't think it would do the same connecting to another WIFI client
(the TX client would check the subnet mask and use the common ARP protocol
on the WiFi branch of the LAN), thus leaving the traffic unprotected.

The reason why I'm doing all this is for an University research trying to
demonstrate that the normal level2 protection with WEP or WPA is much better
in terms of total throughput and that's because everything is implemented in
HW instead of running in SW. Moreover IPSec has a very though overhead on IP
packets.

Do you have any good idea about all this??

TNX

----- Original Message -----
From: "Shelton, Raymond A." <SheltonR@health.missouri.edu>
To: <Atul.Sharma@nokia.com>; <yohba@tari.toshiba.com>;
<giacpis@aliceposta.it>
Cc: <lux@wplink.net>; <ipsec@ietf.org>
Sent: Wednesday, April 14, 2004 7:51 PM
Subject: RE: [Ipsec] ipsec on WLAN


> I once stumbled across something that may be a tangentially interesting
notion to consider:
> http://www.xtdnet.nl/paul/gallery/IETF57/dscf0004
> (which I always have to reload in my Browser of Choice in order to
actually view the image); a follow-up effort yielded interesting info @ the
following "I probably wrap" url:
>
>
http://www.research.att.com/areas/wireless/Mobile_Interdomain_Roaming/Mobili
ty_Management/internet_roaming.html
>
> In this forum I am, too, am a novice, but another option (sentiment being,
if I can do this, anyone can) IFF your o/s is XP would be to type "ipv6
install", I believe.
>
> Regards,
> Raymond A. Shelton
> ITS Network Services - University of Missouri Health Care
> DC017.00, QD263I, 2401 LeMone Industrial Boulevard
> Columbia, MO 65212
> Voice 573-884-0661 Fax 573-884-8192
> sheltonr ampersand Health. missouri.edu
> Fingerprint:  2795 9E15 9B67 85BD 19A5  F494 B3AB AF7A 93DF 064A
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec