Excuse my ignorance, but I thought VPN and wireless refer to two totally different things.
Wireless being a way to have hosts on a LAN without wires and in fairly close proximity.
VPN being a method of Extending a LAN to a remote location by tunneling through a public WAN such as the Internet.
I don't quite understand how the two could even be used in the same context!! (saying that, I haven't followed the link yet!).

It's a fairly common practice to try and increase the security of a wireless connection by running it through a VPN tunnel. Since VPN creates a virtual point-to-point connection over a public network, in theory, running a wifi connection through that tunnel should provide the same level of security as a "road warrior" or end user working from home using VPN to connect to their employer's LAN.

Try reading the article. It should make more sense after you do.

Excellent article.

I love George Ou - he has that rare gift in the technical blogging world - the ability to expound clearly on topics that are reasonably complex without dumbing down to the point where they become similar to industry coundbites.

This is one of his best pieces yet - cheers for the linkage!

Count me in with the VPN and SSL guys. If you want to secure your data over a public network then the transmission has to be secured end-to-end. Wireless "best practices" provide a false sense of security. In general, all enabling WEP/WPA does is prevent people from using your internet connection without permission. XP SP2/Vista's firewall and DEP creates the exact same surface area for attack as your SOHO AP/router.

EDIT: "In general" means the same doesn't necessarily apply in a corporate environment. And that's what's wrong with best practices IMO; they're a one size fits all approach. You don't put bars on all your windows like they do at Fort Knox, do you? Why not?