Secure Network On-the-Go or Lending to Strangers

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

CredulousDane

Well-known member
Sep 26, 2020
62
6
Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.
 
guest network, client isolation turned on. In theory she could be in space but nobody could hear her scream....

edit: buy the toy if you want the toy, not if you like the girl :D
 
Last edited:
  • Like
Reactions: CredulousDane
Yeah, it's not to get the girl ;)

But just thought of it as having a VPN on the guest network would be nice.

And I think I'll buy the toy and try it out :p
 
hear if you have any experience or suggestions with products like these

I have the https://www.gl-inet.com/products/gl-ar750s/ and a house guest right now who is using it to access my wired network. (It's plugged into a wired wall jack providing his own personal wireless network.)

It can also proxy (play "monkey in the middle") between two wireless networks, which is what you would probably want if you were using it along with hotel Wi-Fi. There is another thread where I recommended it over here: https://forums.grc.com/threads/cable-down-literally.800/
 
Interesting question. I know that the Vilfo router can do what you want. That is, create an SSID and have it always use a VPN connection while other SSIDs, use a different VPN connection or none at all. But, its $400. Its from a VPN provider that has partnerships with over 20 other VPN companies.
https://www.vilfo.com/en

No doubt there are other routers that can do this too, but this is the only one I am aware of.

But, the better approach is to use any of the readily available routers that include a VPN client. Plug the VPN client router into your main router (wan port -> lan port) and give the guest an SSID created by the VPN client router. Asus has offered a VPN client for years now. Better still, segregate the LAN port in the main/outside router into its own isolated VLAN ... if possible.
 
  • Like
Reactions: CredulousDane
So actually, if I don't want this person on my own network I should "play monkey in the middle" but with my own guest network? Could that work. What I mean is:

1. Create a guest network
2. Set up the VPN router to on that guest network
3. Give out the SSID/Password that the VPN router provides.

I'm thinking that is how it could work on a hotel.

Because if I plug the VPN router via kabel directly to my router, this 'VPN' network would also access MY network, right?

Thanks for the Vilfo link, will save that for another time - just bought an ASUS router I really like ;)
 
Well if you plug one router into the other, the most nested one is the most secure. In theory that would mean you would do something like this:

PHolder2021Sept19_TwoRouterSolution.png

Here you can see that the second firewall will in essence make your guest be on the Internet as far as your own router is concerned.
 
  • Like
Reactions: CredulousDane
Ahh okay. I have a router from my provider but that is in bridge mode (I think it's called) - and then I have my own router.

I mean, the provider router sends everythin through so couldn't I use the VPN router directly on that instead of having 2 routers behind the router from my provider?
 
It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.
 
It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.

Ahh yes, that makes sense. If and when I buy the VPN router I can try but if it won't work I do have my old ASUS router and so it's nice to have your sketch (and of course all your help in here) of how it can be setup :)
 
Just found this article and maybe it is something useful for this situation - haven't completely understood it yet - can't figure WHO the VPN provider is or if it is just whatever VPN information has been entered into the router settings.


EDIT: No, it's not useful for this situation - just a feature I didn't know about before ;)
But then again - if I put a VPN on my router the guest network should have that as well. And instant Guard can switch it on quickly.
 
Last edited:
Alright, more late night thoughts.

I'm trying to avoid having to use 2 routers (+ my providers which is just in bridge mode) and have been thinking about this setup:
VPN-Router.png

What I'm thinking of is:

Can the Stranger in any way get back to just being on the GUEST network without having login credentials for the VPN Router. I would think NO.

So with the thought of using a VPN Router on a hotel Wi-Fi I'm thinking that this should be both possible and secure.

Any thoughts are welcome :)
 
What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?
 
It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.
 
What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?

GUEST has the following 'preferences':

Network Name (SSID): GUEST
Authentication Method: WPA2-Personal
Network Key: [a_long_secure_password]
Time Remaining: Unlimited access
Access Intranet: Disable

It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.

I thinking that the internet INPUT signal to the VPN Router can be wireless. That could be my GUEST network. The OUTPUT is with a new key and a new SSID (SECURE) and a VPN connection always on.

But... (just reading here: https://docs.gl-inet.com/en/3/setup/gl-ar750s/internet/) - are you saying that if the INPUT is from Wi-Fi then the VPN Router can only repeat and therefore NOT create a new SSID with a new network key?
 
Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.
 
Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.

That's not what I'm thinking about doing - just don't know how exactly to explain it then.

But let's leave it at that, I might buy one of the cheapest of those VPN Routers and play around with it.

:)
 
But thanks for your responses - I'm learning as I go along.

I can see the point of having 2 routers, both security wise and so that the VPN Router will be connected by ethernet cable.

So I guess my next question is: If this 2nd router (between my own and the ISP's) only needs to provide cabled connections then it could the cheapest I can find (that also provides firmware updates of course), right? It does need to be something expensive at all?
 
It does need to be something expensive at all?
Well the GL-Inet devices are fairly cost effective and versatile. If you didn't need WiFi (or if you had a WiFi AP that was in pass-through mode) you could use a low cost Ubiquity ERX. In wireless routers, most of the cost you're spending is for wireless management, MIMO and mesh technologies that yield more powerful wireless processing for better reach and more bandwidth.
 
  • Like
Reactions: CredulousDane
Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.
The first step of a confidence scam is to ask a small favor....