How to have a more secure LAN?



  • Hi, :)
    Is possible using pfsense to have a more secure LAN?

    For example, if you use power-line that you can't encrypt, or if you use power-line with bad encryption.. or just because you don't trust your wires.

    In ubuntu I see that there are some method for have a better LAN for example we are able to use 801.x security with MD5, TLS,  FAST, TUNNELLED TLS, PEAP

    Pfsense support some of this method?

    I'm using alix 2d13 so I'd like to not use vpn because use cpu a lot.

    I'd like to know which method protocol is better for me.

    Please do you have any suggestions?
    :D :D
    Thanks you a lot!!


  • LAYER 8 Global Moderator

    Are you concerned with auth and access to the network, or someone sniffing said network..  801.x is normally authentication to access using PNAC (port network access control) while there were some changes to the standard to allow for point to point encryption.

    Sounds like your worried is sniffing your powerline adapters??



  • Hi, sorry for delay.

    Yes. I'm worried about someone sniffing the  powerline adapters.
    So is possible to authenticate all clients?

    Thanks you.


  • Banned

    Not on pfSense. Get a managed switch.


  • LAYER 8 Global Moderator

    What switch do you have?  You can have some fun with http://www.packetfence.org/

    So you want to "encrypt" traffic going over the wire of your network..  Why would be my fist question - who do you think is going to be sniffing it?  You can encrypt/pair your powerline adapters - this is more really if you ask me for isolation of traffic in a building that has multiple apartments or something where you don't want your neighbor seeing your traffic.  And you share a common power system.

    But who is going to be into your building that would be able to tap into your ethernet?  Without plugging into a switch, by default all open ports on a switch really should be off, and normally you have physical control over who is in your location or would have access to where the switches are, etc.

    But sure you can use a NAC to control which machines can connect to your network.

    But using end to end encryption between every single device on a local network seems a bit over the top if you ask me.



  • Thanks for you help!! :)

    @johnpoz:

    So you want to "encrypt" traffic going over the wire of your network..  Why would be my fist question - who do you think is going to be sniffing it?  You can encrypt/pair your powerline adapters - this is more really if you ask me for isolation of traffic in a building that has multiple apartments or something where you don't want your neighbor seeing your traffic.  And you share a common power system.

    I can't encrypt powerline. They come from different vendors. Some require to use a software that is not available for my platform. Some other let you decide: you can ancrypt them via software or using a button that don't work.

    @johnpoz:

    But who is going to be into your building that would be able to tap into your ethernet?

    Nobody, I think. ;) Is just for fun :)

    Thanks you a lot for the help :)


  • LAYER 8 Global Moderator

    making an overly complex network with extra overhead in performance for no reason is not fun ;)

    Why would you be using powerline adapters from different makers?  That they work at all is amazing actually.  Get powerline from the same maker if you want to encrypt their traffic.

    you could look to something like tcpcrypt or ipsec


Log in to reply