Setting up home Wi-Fi with VPN tunnel

I am currently connected to my office through a Linksys BEFSX41 VPN router. I do not have a home network. I am just using the router to maintain the VPN tunnel.

I receive my internet connection through a cable modem.

I would like to connect my Linksys WRT54GS wireless so as to set up a local WI-Fi for my iphone.

Should I plug my wireless into one of the ports on the VPN router?
Should I plug my wireless into the cable modem and my VPN into the wireless?
Should I give up?
Should I do something else entirely?

I tried adding the wireless as a branch of the VPN. When I couldn't connect, I unplugged the VPN from the cable modem and hooked up the wireless. I could then see and configure it. This however reassigned my MAC address and after setting my VPN up as it was, I can't get access to my office.

Before I have the IT guy at the office enter my new MAC address, (and putting up with his scorn and sarcasm) I want to make sure that I am through monkeying around with my setup.

Any suggestions?
Are there any security precautions (other than the usual - WPA2, new SSID and complex password, etc.) of exposing the VPN tunnel to my Wi-Fi?
LVL 26
David BruggeAsked:
Who is Participating?
Cable modems are just modems, little to no router activity I've found.

If you plug a wifi AP into that, you'll have internet over wifi OK, but it will be on the "outside" of the VPN, so indeed, you will not see your office, or other home PC's.  If you don't secure your wifi, others will have it to play with too....

If you plug the wifi AP into the VPN router, then it will be inside your LAN, and could be on the "inside" of the VPN (depending on how exactly the VPN/router is configured.)  In that case, you should see other PC's at home, and in the office.

If all you see are your other devices at Home, then it's on the inside of the router/firewall, but still outside the VPN.    

Whenever putting a wifi AP up, on a private network, make sure you use WPA2, WPA-PSK, or as MS call it "WPA Personal", else anyone wandering past with a wifi device could access your VPN to the office.

Use a non-dictionary word or phrase, including letters (upper and lower case) and numbers.  The only real vulnerability WPA has, is a dictonary (list of common words & phrases) attack on the AP login.

Hiding the SSID is pointless, as is restricting MAC addresses it can use.  The SSID will be seen as soon as some existing device uses it, and MAC addresses can be skimmed and spoofed.

Make sure you change the SSID to something different from it's default, and also change the devices admin login password.  Again, make it a good one.  AND WRITE THOSE DETAILS DOWN SOMEWHERE!  You will need them sometime in the future.

If you can't get WPA to work, WEP with a maximum length random letters, numbers, symbols etc, will keep most of the script kiddies with 'nix or 'droid based WEP crackers at bay, for a while.   But I still wouldnt used it for any company network.

One good source of random chracter key strings can be found at:-
Truly random in the extreme!  Ideal for this sort of thing.   Read the rest of that page for background info.

Also take a look/listen to:-
Scroll way down to episode 3   NAT routers.

As you scroll back up the list (300 episodes now!) any that list VPN, NAT or Wireless security are worth a listen to.   There are text transcripts too, in various formats that can be searched.

Remember, your company may have a security policy, regarding attaching devices to it's network.  For good reason.  There are several nasties out there, that propagate via LAN from device to device, and don't think iPhones are inocent either.   There is also an issue, regarding the iPhone potentialy acting as a gateway between the VPN and the outside (via it's celular radio) so there are a lot of things to think about to keep it all safe.

Take care, but have fun.

> Should I plug my wireless into one of the ports on the VPN router?

If the ports on the VPN router allow you to access your office via VPN, you better put connect one of the ports to your WRT54GS' Internet port in order to make your wireless clients stay on the VPN.

> Should I plug my wireless into the cable modem and my VPN into the wireless?

I guess after the cable modem is your VPN router? If yes, keep it and connect your wireless AP to the VPN router, as mentioned above.
David BruggeAuthor Commented:
> I guess after the cable modem is your VPN router? If yes, keep it and connect your wireless AP to the VPN router, as mentioned above.

When I do this, I can't find my wireless router from my pc.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

David BruggeAuthor Commented:
@ g8kbv,

Thanks for taking the time to fill me in on the details. The information on the system at the office is not high security, I just need to keep our pranksters and malicious mischief. There are only a few of us in a small company, so we don't have any "policy" other than "don't screw up."
I have followed all of the security settings that you have listed.

So I am still at this situation. I have the VPN router plugged into the cable modem and my PC plugged into the VPN. This is my normal setup and works fine. There are no other machines or devices in the house to network to.

I thought that I could then plug the wireless into one of the ports on the VPN and be in business, but while I can access the VPN router and its settings, I cannot see the wireless.

In a nut shell, what I hear you saying is that I can't attach the wireless unless I monkey around with the VPN router settings and potentially mess up my access to the office.
David BruggeAuthor Commented:

Thanks for the points.    I think you do need to talk with your guy who setup the VPN and Office LAN, so an IP address for the WiFi access point device (and posibly the iPhone) can be provided (by whatever means) that will not conflict with anything already in use.   Then hopefully, it should be "relatively" easy to make it all fly as you wish.

Best Regards.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.