Wireless LANs are notoriously insecure. Even with WEP encryption enabled, it is trivial for people to crack your key and enter your network. I believe you should scrap WEP altogether and set up encrypted tunnels from your WLAN clients into your wired LAN.
I recently got two D-Link DWL-650+ !AirPlus? PCMCIA 802.11b cards and a DWL-900AP+ AccessPoint. Because D-Link aren't releasing Linux drivers for these cards until December 2002 I have been forced to use them under Windows.
I've currently only setup pptpd(8)? but a completed setup will require a firewall as well.
While attempting to set up pptpd(8)? I found out that the default VPN software in Windows (9x, Me, 2000, XP) requires Microsoft Point-to-Point Encryption (MPPE). The default Debian kernel and pppd(8) packages don't support this, and I had a hell of a time getting it to work. So I wouldn't forget how I did it, and to help anyone who wants to do this, I'm slowing writing this document. :)
Install your distribution's pptpd package. No patching or modifications are required.
The kernel MPPE patch is available for many kernel versions, but I used 2.4.19. You can download the patch from http://public.www.planetmirror.com/pub/mppe/linux-2.4.19-openssl-0.9.6b-mppe.patch.gz.
If you use Debian, you can use make-kpkg to do the rest for you. The following command will allow you to configure your kernel and then it will build the kernel and modules and place them into a .deb package for you.
If you don't use Debian, you're on your own. ;P
Once the kernel is built, install it and reboot your system.
You'll need to add a module alias to your /etc/modules.conf. If you use Debian, add this line to /etc/modutils/ppp and then run update-modules.
If you use a different distribution, just add the above line to your /etc/modules.conf.
You really should build a new Debian package of the patched ppp but I'm not sure how so I'll have to add that later. :)
Download the ppp-2.4.1 source tarball from ftp://cs.anu.edu.au/pub/software/ppp/ppp-2.4.1.tar.gz. Also grab the patches http://public.www.planetmirror.com/pub/mppe/ppp-2.4.1-MSCHAPv2-fix.patch.gz and http://public.www.planetmirror.com/pub/mppe/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz.
If you don't use stow(8)? (which you should) change BINDIR to /usr/local/sbin and MANDIR to /usr/local/man.
Finally, add a link to /usr/local/sbin/pppd so that pptpctrl will be able to find it. It took me about an hour to figure out that an error I was getting was caused by pptpctrl not finding pppd.
That will enable Microsofts CHAP and CHAPv2, as well as turn on 40-bit and 128-bit stateless encryption.
The users who are allowed to use the VPN connection can be specified in the file /etc/ppp/chap-secrets
This will allow user "Madcat" with password "MyPwd?" to gain access. The servername must be the same as in the options file (/etc/ppp/pptpd-options) under the name "name"
In the file /etc/pptpd.conf you can configure the IP range you would like for your tunnel The localip is the ipadress of your server and the remoteip range is the ip's that can be given
This way the tunnel ip of the server will be 10.0.1.1 and the first user who will login on IP 300.300.100.100 with the passwd as specified in /etc/pptpd.conf will gain 10.0.1.2, the second 10.0.1.3.. etc
If you did not got the encryption (mppe module) working do this: goto properties -> security -> advanced -> check CHAP and change data encryption to optional you get a warning that it might be unsafe, to fix it read the above :)
You also might need to disable LCP to get it working networking -> settings -> uncheck LCP
Now the fun part comes, creating the connection. hit connect and enter the user/pwd as specified in /etc/ppp/chap-secrets
I still need to add information about:
Until then you can find out this information at http://www.schumann.cx/wavelan/