Gennet-OxyGEN RFA1400.Wv2 Router Manual PDF (Setup & Configuration Guide)

Page 196 / 237 Scroll up to view Page 191 - 195

OxyGEN

mini

Office

Administrator’s Guide

Gennet s.a.

196

Page 197 / 237

D

Microsoft Windows and WPA/WPA2 support

The OxyGEN miniOffice supports alternative ways of securing the wireless communication. Those are:

Wired Equivalent Privacy (

WEP

): a widely used, but deprecated wireless security method because

of the deficiencies found in its encryption algorithm.

Wi-Fi Protected Access (

WPA

): an encryption method that provides superior security compared

to WEP. It has been introduced as an intermediate measure to take the place of WEP until the

preparation of the full IEEE 802.11i standard and implements the majority of the latter.

Wi-Fi Protected Access 2 (

WPA2

):

the encryption method that implements the mandatory

elements of the IEEE 802.11i standard and replaced WPA.

As mentioned, WEP is a legacy security method which has proven to be vulnerable to external

attacks and for this reason has been replaced by WPA2, with WPA being an intermediate step during

the WEP-to-WPA2 transition. In order to be able to use the WPA2 security algorithm, however, one has to

make sure that it is supported by both the Operating System of his PC and the driver of the PC’s wireless

card. Unfortunately, there are cases of legacy equipment where there is only support for WEP or there is

support for the interim WPA and not for the final 802.11i (i.e. WPA2) standard.

In the case of Microsoft Windows, WPA and WPA2 support is offered either by default or through an

update according to the following:

Windows XP with Service Pack 3 (SP3) and newer (e.g. Windows Vista, Windows 7, Windows Server

2008): WPA and WPA2 are supported by default.

197

Page 198 / 237

OxyGEN

mini

Office

Administrator’s Guide

Windows XP SP2: WPA (but not WPA2) is supported by default. In order to add support for WPA2,

one has either to upgrade to SP3 or to install the Wireless Client Update for Windows XP with

Service Pack 2 from Microsoft (see

http://support.microsoft.com/kb/917021

).

Windows XP SP1: neither WPA nor WPA2 are supported by default. In order to add support for

both WPA and WPA2, one has to upgrade to newer SP versions.

Alternatively, WPA (but not

WPA2) support can be added by installing the Windows XP Support Patch for Wi-Fi Protected

Access from Microsoft (see

http://support.microsoft.com/kb/815485

).

Computers with Windows versions older than Windows XP SP1, do not offer WPA and/or WPA2 support

and must be upgraded to newer OS versions in order to do so.

Gennet s.a.

198

Page 199 / 237

E

Creating an SSL VPN

General Info

The list of features supported by the Gennet OxyGEN series of broadband access devices, include the

creation of a secure, SSL-based

Virtual Private Network (VPN)

connection.

A

VPN

connection is the creation of an encrypted tunnel between two endpoints (e.g. the PC of

a remote user and the OxyGEN miniOffice) for the secure and reliable exchange of data. This way,

remote users or sites have access to files and networking resources in a central location just as if they

were physically present.

An

SSL VPN

is a form of VPN that uses the

SSL (Secure Sockets Layer)

protocol for ensuring the

security of data transmitted over the Internet.

In contrast to the traditional

IPSec (Internet Protocol

Security)

VPN Tunnels, an SSL-VPN does not require the operating system to support the technology.

All VPN support is performed in user-space programs without need for specialized VPN drivers or other

operating-system level support.

How to Configure SSL-VPN

The OxyGEN SSL-VPN feature is based on the widely used opensource OpenVPN project (

http://openvpn.net/

).

199

Page 200 / 237

OxyGEN

mini

Office

Administrator’s Guide

The OxyGEN broadband devices support both

Server

and

Client

modes for the SSL-VPN Tunnel. This

means that we can use an OxyGEN miniOffice as server at the central site and different remote users

connect to it using their PCs (with software clients) or use another OxyGEN terminal from a remote site.

Configuration of the corresponding parameters is performed using the Web configuration tool, in

the

SSL VPN

sub-menu of the

Advanced

menu category (see page 128). The first task to be performed

once we enter this configuration page, is to enable the service using the appropriate

Status

radio button

and to choose whether the device will operate as a Server or as a Client in the SSL-VPN tunnel using the

Operation mode

drop-down menu (see Figure 11.4 in page 128).

Routed vs Bridged VPN Tunnel

An important selection for the operation of the VPN tunnel, is its type:

Routed

or

Bridged

.

In a Routed VPN tunnel, connection between the server and client is in the IP level. This practically

means that they both have their separate and independent LAN subnets, with non-overlapping ranges

of IP addresses and these subnets are interconnected through the SSL VPN tunnel. Forwarding of the

packets between the different subnets is performed based on the destination IP address.

In a Bridged VPN tunnel, on the other hand, connection between the server and the client is

performed in the Ethernet layer. This results in a simpler network topology, where the LAN subnets behind

the server and the client operate like a single IP network, with the same range of IP addresses. Just as if

they were connected by an Ethernet switch.

The choice between the above two types of tunnels, is not always very easy however. Routed tunnels

are the most common choice, since they are more straightforward to configure and troubleshoot. The

tricky part in configuring Routed tunnels is how to verify, in certain cases, that all hosts in the LANs behind

the server and the client have the proper routing information in order to forward packets through the

VPN tunnel. Additionally, when a Routed tunnel is used, only IP packets traverse it. This means that

applications and services which rely on non-IP protocols or on IP broadcasts (e.g. Windows "Network

Neighborhood"), fail to operate accross the tunnel.

Bridged tunnels, on the other hand, are more difficult to handle. Bridged connections are difficult

to troubleshoot and the corresponding functionality is even absent in some older versions of the PC

Operating Systems. They have the advantage that by bridging the two LANs behind the server and the

client the solve the problem of applications depending on IP broadcasts, however, this can also be the

source of serious network degradation: since the VPN tunnels operate over a, usually, low bandwidth

WAN link, the true capacity of the link can be substabtially reduced by unnecessary broadcast traffic

that should be limited to the high-bandwidth LAN.

Gennet s.a.

200

Rate

Popular Gennet-OxyGEN Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share