I guess it’s officially spring cleaning time; after 6 years of open access, I finally turned on encryption for my home wireless network. For years, I had my wireless network on a different subnet then my wired network, and then used my Linux router/firewall to protect the two from each other. When I first set up the network, my access point was limited to 40-bit WEP. Since 40-bit WEP is effectively the same as an open network, I never bothered turning encryption on at all. I’ve swapped access points every few years since then, but I never had a pressing need for better security–everything that I use my laptop for uses either SSH or SSL, and the firewall between the two networks wasn’t really a problem for me.
Over the past year, though, a few new problems have cropped up. The biggest problem with a split network is that no Rendezvous/Bonjour-based services can cross between networks, and that’s become increasingly painful–I couldn’t print from my wireless network or access any shared iTunes songs. Also, my wife is now using my old PowerBook, and she didn’t really appreciate the technical reasons why sometimes things didn’t work right when the laptop wasn’t plugged into an Ethernet cable.
So, tonight I finally bit the bullet and redid things. I’m now using two access points on different channels, both sharing the same SSID and WAP pre-shared key. I can wander around the house transparently roaming between APs, so I finally have 100% coverage in my house. Both APs are Linksys WRT-54G series devices (one -54G, and one -54GL) running DD-WRT, which seems simple enough for what I need. I’m really just using the two boxes as simple access points; I don’t need (or want) them to route anything, but I do want working SSH and syslog.
I’m still recovering from The Big Drive, so I’ll have to finish the last bit of work (decommissioning the old wireless subnet and firewall and re-routing my office Ethernet cables) tomorrow. I’ll also have a few Typo roadmap updates ready soon.
Update: In order to work with my old PowerBook (handed down to my wife), I had to drop from WPA2 TKIP+AES to WPA2 TKIP. Apparently older Airport hardware can’t handle WPA2 AES. Other then that, everything seems to be working perfectly.