VPN Solution to Secure Wifi | Voters | Nest Space

VPN Solution to Secure Wifi

complete

Jamie Kramer

Adding a VPN solution or something on security with wifi. I understand having a non-secure wifi and put the security responsibility on the end-user.

Created by Bryan V.

August 26, 2021

Chais Meyer

marked this post as

complete

Chais Meyer

Hey there, Jamie Kramer, Thanks for the feedback! 
In short, we have the most secure network in Kearney, Nebraska...pair that with the fastest internet in the city (thanks to USA communications) and we're the best office around! Please read below for a better understanding of why we're saying this:
*****
Here's a quick-ish explanation of how our Nest:Space network works...
At Nest:Space, we utilize a Cisco Meraki Network and we're using a 'captive portal' to authentic user access - Authentication uses the same username and password you established with our member's portal, to make things easy. 
So, if you ARE an active member of Nest:Space, you do get access to our network. If you are NOT an active member (active day pass holder or monthly/yearly member), then you'll be denied access.
After access has been granted, we're using NAT Mode (Clients receive IP addresses in an isolated 10.0.0.0/8 network so that clients cannot communicate with each other). So even if you wanted to, you couldn't access another device on the "Nest:Space Members" wireless network. 
If you were hoping to use a VPN to protect your traffic from other local users, there would be no need for this, because you already have the highest level of protection from others, being on a different subnet entirely.
If you were hoping to use a VPN to anonymize your traffic, you can absolutely do that, as long as your VPN service is up to date with the most current standards. Legacy VPN clients (i.e., those that do not support NAT Traversal) may not be able to establish IPSec tunnels over the wireless network. (One workaround is to upgrade the VPN client or configure the VPN client to establish an IPSec tunnel over TCP, e.g. SSL).
Some 'network devices' may give a 'weak security' warning when they're trying to connect to our network, that's because they're basing the strength of their security on standard authentication protocols (a wifi password). Since we're authenticating using a captive portal, it wouldn't make sense to require a password to get to the captive portal window, it would just annoy people. You can disregard that warning if you see it, as your computer/phone doesn't know we're doing mad security behind the scenes :)
I hope this answers your question,  please let us know if you have more!