Both WPA2 and WPA3 have numerous vulnerabilities (known and likely unknown). Lets assume:
- The attacker somehow already has the WPA2(3) encryption key.
- You have an firewall distribution on which you can configure a VPN (server) for you laptop VPN (client) to secure local WiFi connections.
- If the VPN is configured properly, and the firewall is locked down, can the attacker gain access to the firewall?
- Could an OTP (for expample, Google Authenticator ) be used to further lock down the VPN?
Note: its possible to set up I’m just curious if it would be worth the effort.
Why do this?
I’m assuming not everyone sits at a desk with their laptop plugged into an ethernet port. Actually I bet most people don’t. This could enhance security for the majority of end users.
And it looks like it would be fun to experiment with. So lets keep this on topic. i.e. not about how bad WPA is.
Related:
https://whonix.org/wiki/Router_and_Local_Area_Network_Security#Wireless_Network_Router_Settings