Replacing WEP with IPSEC

My stuff:
Other stuff:

WEP is insecure

Because 24 bits of a WEP key is an initialization vector, even a 128-bit WEP key is actually breakable with several hours of observation. Using a 256-bit key will probably enhance security, but at a trade-off of support amongst various wireless devices. Further, the WEP key is shared amongst all devices in a wireless LAN, so compromising one device's key storage compromises the entire WLAN.

WEP is slow

The hardware used in consumer-grade Access Points typically does not include a crypto processor. The general purpose embedded processor or the wireless interface's Wi-Fi ASIC carries the burden of crypto operations, often at the expense of other tasks, slowing the entire wireless network.

WEP does not include authentication

Although WEP can be used to prevent unauthorized hosts from communicating on a WLAN, the key must be distributed to all authorized hosts before they are able to connect. All hosts share the same key, so the traffic from any one host on the network is readable by any other authorized host. WEP does not distinguish one host from another.

The idea

I don't claim this to be original by any means. I'm just having trouble finding a single, good tutorial that covers all my questions, so I'm building it here.



By upgrading to a wireless access point that supports WPA2, I now have temporal keys and the ability to go for real authentication via RADIUS if I feel so inclined. For that reason, I'm no longer pursuing VPN as a replacement for WEP, however, I'm interested in using it to provide secure remote access to my home network beyond SSH tunneling.