Re: Using PPPoE to secure Wireless LANs?

Hi,

I use PPPoE as part of our solution to securing our Campus network's wireless and wired roaming LANs.

http://www.resnet.bris.ac.uk/nomadic

In our solution, PPPoE is simply used as an access/authorisation layer, using MS-CHAP-v2 as the authentication mechanism. As already pointed out, the advantage of this is that end-user devices do not have an address associated with the wired/wireless segment, only the PPP session - hence, end-users are safe(r?) from each other. The wireless/wired segment is not routable to other segments except via the PPPoE access concentrator.

We then implement encryption and layer-3 roaming by tunnelling PPTP through the PPPoE session. The PPTP session is terminated at the users "home" NAS, thereby providing him with an address from the same IP network regardless of his physical location.

The encryption is MPPE-128bit. AFAIK, MPPE can be reconsidered safe at 128-bits in stateful mode. However, the system is designed such that we could use any(?) VPN protocol in place of PPTP; we only use PPTP because it's available in all the Windows clients.

We use RADIUS for all AAA.

I have packaged the software that provides this service into Linux-based router (incidentally, using Roaring Penguin's excellent PPPOE implementation) that runs off a live CDROM. If anyone's interested in giving it a whirl, drop me a line. Please be aware that this is only a beta at the moment, and so a degree of familiarity with VLANs, RADIUS and IP is essential.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related ipsec.org Links pppoe Request more information about Pantek

cheers, josh.

On Mon, 2 Dec 2002, Rui Carmo wrote:

> Hello,