You've been on your travels, maybe booked a hotel or an Airbnb, you've checked in, settled down and it's time to get your phone/laptop/tablet or all of the above connected to the WiFi.
How much do you trust the Wifi connection?
I remember walking into quite nice hotels and seeing Windows XP being used as the booking system well after it was End of Life, I've seen Windows 7, and 8 in use in a hotel recently. Hotels and IT do not go hand in hand, most of them will run off the same unpatched internet-connected systems for years. If that's how they treat your data when you check in, do you think the low margins they operate will stretch to a great free wifi experience?
As for Airbnb I think this Huffington Post article sums it up
“The same worries and warnings you would give someone about using public Wi-Fi should really be the same when you’re going into an Airbnb, because someone can set up the very same infrastructure in the rental property,” Glassberg said.
It doesn’t take an ill-willed host for this to happen, either. Often, it’s past guests who have compromised the Wi-Fi. Unlike at your local coffee shop, a router in an Airbnb is often left out in a common space with no supervision, allowing anyone who stays there to tamper with it.
Hacking a Wi-Fi router can be as easy as using a paperclip to reset it and gain admin control. From there, scammers can review the router’s backup file for the credentials it’s stored, or reroute traffic to a personal computer where they can collect valuable data months or years later.
The article goes on
The Wi-Fi router isn’t the only way hackers can steal your data. There are a variety of devices often found in an Airbnb that can appear to be an added convenience but are really there to capture your information.
For instance, Glassberg said a host might leave a tablet or desktop available to guests so they can check email or catch up on Facebook. Maybe there’s a smart TV that allows you to log into your favorite streaming service. All of these devices can be used to harvest user credentials with a simple key logger.
It's well worth a read..
Knowing that free WiFi might not be secure the question is, what can you do to make use of the free Hotel or Airbnb Wifi in a secure manner?
The GL-AR750S Router
This tiny, USB-C powered device may be the answer to that question.
How does this work?
This little box sits between your internet connection and your device and offers an encrypted VPN Tunnel so no one can snoop on your data. That internet connection might be the hotel/Airbnb wifi, tethered to your phone's hotspot or a 4G USB Dongle plugged into it.
To set it up, you need to power it on and connect to the devices WiFi, the default username/password for me was on a sticker however could also be admin/admin
Connecting will put you on an IP network of 192.168.8.0/24 and opening
Will bring up the login page for the device.
Once logged in (and password set if this is the first time you've logged in) the top half of the interface will tell you what's happening.
If its setup then it will either be green, yellow or red on the left for the internet connectivity, in the middle for VPN connections and to the right for devices connected.
Connecting to an Internet Source
Within the homepage selecting scan next to the Repeater option will display a list of all available WiFi Hotspots which could be your phone set in hotspot mode or the Wifi of the location you are in.
Simply select the Wifi Network (SSID) you want to connect to and enter the Wifi password and the router will connect to that Wifi hot spot and point all of its internet traffic out of that network.
Securing the internet
While we could now just set up the router's Wifi and be done with it, the point of this was to add some security.
The following is based on me having my own WireGuard server at home, if you don't the router supports Azirevpn or Mullvad out of the box or any VPN provider which supplies a Wireguard JSON .conf file.
OpenVPN is also supported.
Click on VPN on the interface and set up a VPN Client
Give the connection a name, this is so you can identify it on the router and click Next
Paste your Wireguard config (usually a .conf file) into the configuration section and click Add
My configs were verbose enough to cause a problem with the formatting, if you have issues past the config, click on Add then you can edit/check it after.
Click on Connect and you should get a green light on the interface showing a VPN Connection. You'll have the option to bring the VPN Tunnel up each time you connect to an internet source automatically.
What have we done?
- Logged into the router
- Tethered to the Airbnb, Hotel, Mobile Phone hotspot
- Connected to a Wireguard server.
The next step is to set the router up as its own WiFi Hotspot for your devices to connect to.
Creating a hotspot
Selecting the Wireless option will provide a method of setting up 5G and 2.5G wireless hotspots.
Clicking on Modify provides the interface to change the wifi settings.
If you have some older devices which won't connect to the faster Wifi network you'll need to set up the 2.5 option as I did with a Gen1 Chromecast.
At this point, you've set up a wifi hotspot that tethers to the internet and has a VPN Tunnel for all its traffic over Wireguard.
The Bigger Picture
Service offered as part of the GL Interface and a useful one from an enterprise point of view is the GoodCloud Cloud Management service which is gree.
Once the GL device is connected to the GoodCloud server it's possible to track them both as assets and by location. If you're using the devices to connect homes to the cloud or offices to offices there is also a nice interface covering that.
Once set up you can see your whole estate on one global map.
As I carry my router with me, I know where it is, if I had a fleet of them around the globe this would be helpful.
Does this work in real life?
I've used this in several hotels and Airbnbs and have to say it does a great job. I have Wireguard setup at home, and the device will boot up, I hop onto the web interface tether it to whatever wifi is provided (it defaults to my mobiles hotspot) and within a minute or so I'm all set up with multiple devices connected to my home VPN over a secure encrypted link.
It's small enough to fit into my laptop bag, I can power it off the USB strip I have which connects to the laptop.
I've not had any degradation of speed when doing this.
How much use you'd get out of something like this does depend on how much work you do away from the home or the office and how many devices you connect. As most devices auto-connect it's nice to be able to have them auto-connect to your own hotspot and only have to worry about that and not the other devices.
There is also so so so much more this router can do, it supports direct PPPoE connections, port forwarding, has a pretty powerful firewall, there are underlying advanced options for tweaking traffic speeds, the router can be its own Wireguard/OpenVPN server as well and it has also been updated a few times since I've had it for security fixes.
I think a small multi sight business could very quickly setup a powerful site to site encrypted network using a few of these and Wireguard VPN
If I had a single critique and it's a minor one considering it would be the addition of a Sim socket to turn it into a powerful Mifi Devices. However, as I can tether with my phone it's more a First world problem than an issue. :-)