# FreeBSD + wifi router + vpn



## l2f (Aug 5, 2011)

Hello,

I bought a tew-652brp (300N) but I am unable to connected to the wifi router when the security is set (spend too much time to resolve, already contact the trendnet support..., it remember me why I switched from Linux to FreeBSD (busybox on the tew-652brp)).  So I am wondering what kind of security/setup I can do:


```
actual lan topology
ISP ---- fbsd (7.4) firewall (ipfw+dhcpd+nat) ---- LAN
```


```
the solution
ISP ---- fbsd (7.4) firewall (ipfw+dhcpd+nat+mdp) ---- LAN
            |
           VPN
            |----- tew-652brp --(( ... ))-- clients machines
            (wifi only, no security, only one rj45 cable to the firewall, 3rd ethernet card)
```


Concerning the security I think about to run mdp (version 5) on the fbsd firewall to authorized the wifi users to gain access to my Internet connexion (with some ipfw rules too) (a sort of vpn).  I have some M$ machines (I know, nobody is perfect) that why I look to mdp (easy setup for the client's machine).

Does this solution seems to be secure ?  Any comments or suggestions are welcome

Thank you in advance for your help.

l2f


----------



## SirDice (Aug 5, 2011)

The simplest solution would be to use WPA2 and not using a VPN. What are the issues you're having with wireless?


----------



## l2f (Aug 5, 2011)

*FBSD + wifi router + vpn*

Dear SirDir,

The tew-552brp problem: no wifi connexion (authentication error) is possible when I turn on the security (wpa, wpa2, wpa-auto and wep).

If I had the choice, I will using the wpa2 feature build in the wifi router (tew-652brp).  But after spending 2 days to tried to make it works, with the help of the trendnet support, I gave up :x .  That why I was thinking to this solution: fbsd as vpn authority and the (censor) wifi router (tew-625brp) as a access point without any security and only one rj45 cable on the back of the wifi router to connect to my fbsd firewall. 

I know, the tew-652brp was around 24$ (so cheap, can be put into the garbage, but I hate to throw away my money).

Thank you

l2f


----------



## SirDice (Aug 5, 2011)

Tricky, but failing that I would indeed just keep the wireless open and use an encrypted VPN to allow access. Make sure the VPN is encrypted though, not all protocols used for VPN are.


----------



## l2f (Aug 5, 2011)

Dear SirDice,

That what I am thinking: open wifi and filter the incoming stream with mpd5 (encryption M$ MPPE) for the clients.

From the mpd web page http://mpd.sourceforge.net/:



> It supports most of popular PPP sub-protocols and extensions, such as:
> 
> --> * Multi-link PPP
> --> * PAP, CHAP, MS-CHAP and EAP authentication
> ...



So I am in business 

The last step will be to add some rules to my ipfw setup...

Thank you

l2f


----------

