Securing WLAN with ipsec VPN :: Misc. info and tips

Misc. info and tips

IPCop add ons:

I also wanted some small add-ons, from http://ezupdate.dageek.co.uk/ipcop/addons/index.htm so I installed the "13x-Base.tar.gz" from http://ezupdate.dageek.co.uk/ipcop/addons/1.3.0/13x-Base.tar.gz (downloaded to the IPCop box, run "tar -xzvf 13x-Base.tar.gz" and run "./install.sh". In the web interface, click "System" and you have "Add-ons" next to "Updates".)

Misc. I:

I like the "pico" editor and i want a ftp-client on the IPCop machine:

Grabbed from another RedHat 7.2 machine:
(The IPCop kernel does not support vfat, so have to make a filesystem on it first):

# /sbin/mke2fs /dev/fd0
# mount /dev/fd0 /mnt/floppy
# cp -a /usr/bin/ncftp /mnt/floppy
# cp -a /usr/bin/pico /mnt/floppy
# umount /dev/fd0

Inserted the floppy into the IPCOp box and type:

# mkdir /mnt
# mkdir /mnt/floppy
# mount /dev/fd0 /mnt/floppy
# cp -a /mnt/floppy/ncftp /usr/bin
# cp -a /mnt/floppy/pico /usr/bin

Misc. II:

I have a gateway to the Internet on my original Network, ip: 192.168.0.200. This machine are default gateway for all the computers in the network. On this one I had to do two things:
- Edit the firewall, and set netmask to: 255.255.252.0
- Add a return route for the WLAN:
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.0.253 dev eth0

Misc. III:

In addition to the ipsec implementation, I also have the following settings for security reasons:

The WLAN are running 128-bit WEP encryption.
The Access Point ("AP") have MAC address restrictions.
All the clients have different shared secrets.
Neither the IPCop box or the "AP" does run any dhcp server.
When using shared secret with ipsec, fixed ip-addresses on the clients are a must. Otherwise all clients must have same shared secret, and ipsec config will be a bit less secure.

Misc. IV:

If your IPCop box is behind an internet web proxy, two files have to be edited to be able to check and download patched:

/home/httpd/cgi-bin/updates.cgi
/usr/local/bin/updatelists.pl

Find these two lines:

my $peer = 'www.ipcop.org';
my $peerport = 80;

And replace with:

my $peer = 'your.proxy.server';
my $peerport = yourproxyport;