Using WPA in WRT54G and Airport

My production wireless home network already upgraded to WPA. Since 802.11b technology in my Airport card is getting old and will soon be replaced by 11g devices this year, I am not believe that Apple will release update of 11b Airport card to WPA, but they do! Last week, Apple released Airport Software 3.3 update for both Airport (802.11b) and Airport Extreme (802.11g) that enabled WPA supports.

My wireless router is Linksys WRT54g, which is a hot product for hackers. I used WEP, SSID hiding and MAC filtering to secure wireless network. The hardware version is 1.x and the firmware version was still 1.30.7. There is a new 2.00.8 firmwire, but is for new hardware version 2.0. However, this hacked firmware site mentioned that it is required to reset it to factory defaults. So I give it a try. Together with Airport Software update, I decided to upgrade both router firmware and client software. The firmware upgrade process is smooth, without any error. After the upgrade, everything worked fine, wireless and wired network were connected and reachable to each other, but the broadband PPPoE connection was lost and broken. I then followed the manual instruction to reset the router by pressing the reset button over 5 seconds. After a couple of seconds, it automatically reboots. This time the broadband connection were established successfully. But the downside is all configurations were lost and it was reset to factory defaults. I needed to configure the router again.

Playing around with the new firmware, version 2.0 have a new look in the GUI, the navigation is restructure and reorganized. In wireless security options, it has two kinds of WPA support: WPA Pre-shared key and WPA Radius. For home network, I chose WPA Pre-shared key. If I have time to setup RADIUS server with freeradius, I will test out WPA Radius later. On client side, I configured wireless connection from the Airport icon in the menu bar. After upgrading the Airport Software, there are two new WPA options, WPA Personal and WPA Enterprise. Obviously, WPA Personal corresponds to pre-shared key authentication while WPA Enterprise is for Radius authentication. As I am using Pre-shared key, so I chose WPA Personal. I typed the same shared key to make my Airport card to authenticate the Linksys Router. Luckily, they interoperate seemlessly. Great work Apple and Linksys!

There has been some reports that WPA is even less secure and is more likely to suffer from DoS Attack and PSK Dictionary Attack. I still hestiate to use WPA at all. As now, my first preference for securing wireless connections now is VPN. PPTP is now very common and is well support by Windows, Mac OS X and even Linux and FreeBSD. I believe PPTP VPN is viable solution. I have already setup PPTP VPN sevice on my Linux server (punknix) and it runs very well. Both Windows and Panther client can connects sucessfully. Since the setup procedure is quite complicated on Debian/Linux, I will disclose more details in my upcoming article.

As of 29 Jan 2004, Linksys released new 2.02.2 firmware which claimed to support all versions of hardware. I will give it a try this week!