I know we can use 802.1x (RADIUS ) for Wireless user authentication with Access Points.
But can we use VPN for wireless encryption? If so , will we be using IPSEC ?
-
Solved VPN for Wireless
-
@razmik-artonian-0 said in VPN for Wireless:
But can we use VPN for wireless encryption? If so , will we be using IPSEC ?
There's a couple of ways to read this question, at least to me, let me explain...
- Can we use VPN for encryption with existing wireless encryption like WEP, WPA, WPA-2.?
- Can we use VPN for wireless encryption instead of existing wireless encryption.
In both instances, yes...the IPsec is probably what you'll use.
If I am connected to an existing protected wireless network, I can build up an IPsec VPN tunnel through that. How do I know, I'm doing it as I type. I'm using an OpenVPN client to do so on a network that has WPA-2.
If I am connected through an open access point such as an airport or hotel, which provides access but no encryption, I connect using an IPsec VPN and it works just as well.
Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
I know this might not be the smartest question but I am trying to understand the concept or the theory.
WPA uses TKIP for encryption protocol. WPA-2 uses CCMP for encryption protocol.
IPsec is used to encrypt IP traffic or data in transit.
How can WPA-2 use two encryption protocols simultaneously (CCMP and IPsec) ?
The same question could be asked about WPA in relation to TKIP and IPsec. -
@razmik-artonian-0 said in VPN for Wireless:
I know this might not be the smartest question but I am trying to understand the concept or the theory.
It's not a bad question and it's not about smart or not. You asked and we're here to try to point you in the right direction
WPA uses TKIP for encryption protocol. WPA-2 uses CCMP for encryption protocol.
IPsec is used to encrypt IP traffic or data in transit.
How can WPA-2 use two encryption protocols simultaneously (CCMP and IPsec) ?
The same question could be asked about WPA in relation to TKIP and IPsec.IPsec is not an encryption algorithm itself. It is a framework that defines how to provide (Hashing, Authentication, DH Group, Lifetime, Encryption) within a
end-to-end tunnel.
Wireless Encryption, regardless of protocol you're using is protecting the connection between you and the AP. There is no encryption on the other end if it not provided. It is only protection your connection to a certain point.
IPsec only sees the wireless connection and not the encryption. So it builds a tunnel first then encrypts data within the tunnel, regardless of an encrypted Wireless connection or un-encrypted wireless encryption.
Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV. -
Lets say we are given the following info:
A site-to-site VPN connection using IPsec Tunnel with both AH and ESP enabled to provide authentication and Encryption respectively.
Looking at the info provided to us can you tell which encryption algorithm is being used? I mean , since IPsec is not an encryption algorithm in itself. -
@razmik-artonian-0 said in VPN for Wireless:
Lets say we are given the following info:
A site-to-site VPN connection using IPsec Tunnel with both AH and ESP enabled to provide authentication and Encryption respectively.
Looking at the info provided to us can you tell which encryption algorithm is being used? I mean , since IPsec is not an encryption algorithm in itself.Not from provided info. It just tells you it implements AH and ESP, instead of just AH. This is the called
Tunnel Mode
the encryption is negotiated between the endpoints.Cordially,
Ronnie Wong
Edutainer Manager, ITProTV*if the post above has answered the question, please mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.