Esomo provides maximum protection of a wireless network from unauthorized access, wiretaps, and false access points implementation:

• The bidirectional EAP-TLS (Extensible Authentication Protocol - Transport Level Security) authentication is used. This ensures a mutual authentication of the client (user computer) and the Esomo server by digital certificates;
• All wireless traffic transferred through VPN connection between the user computer and the Esomo server with wireless access points will be encrypted.

 

To build a protected wireless network on the basis of Esomo, you will need the following:

• computer to install Esomo;
• wireless access point(s) that support(s) RADIUS-server authentication (802.1x / EAP) and WPA / WPA2 encryption methods;
• client computers that support EAP-TLS authentication method (for example with Windows / Linux / FreeBSD OS) and are equipped with wireless network adaptors.

When a user attempts to connect to a wireless network with Esomo, the Esomo RADIUS server establishes a TLS session with the user computer, during which a server digital certificate will be sent to the user. The user computer verifies the certificate, and then sends the user certificate, which then will be verified by Esomo in the user database. If both sides are mutually trusted, and the user is registered in the Esomo database, the authentication will be completed successfully. After that, a wireless connection between the user computer and the Esomo server will be established.

EAP-TLS' principle of operation is shown at the picture below:

 

Now the user computer is connected to the wireless network. All future actions of Esomo and the computer will be similar to ones in a wireline network. To access the internet and adjust Esomo through Esomo Admin, establish a VPN connection with the Esomo server. To do that, download the authorization page, and enter the login and the password for Internet access.