Secure Network On-the-Go or Lending to Strangers

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

CredulousDane

Active member
Sep 26, 2020
27
3
Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.
 

Lob

What could possibly go wrong?
Nov 7, 2020
98
20
guest network, client isolation turned on. In theory she could be in space but nobody could hear her scream....

edit: buy the toy if you want the toy, not if you like the girl :D
 
Last edited:
  • Like
Reactions: CredulousDane

CredulousDane

Active member
Sep 26, 2020
27
3
Yeah, it's not to get the girl ;)

But just thought of it as having a VPN on the guest network would be nice.

And I think I'll buy the toy and try it out :p
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
hear if you have any experience or suggestions with products like these

I have the https://www.gl-inet.com/products/gl-ar750s/ and a house guest right now who is using it to access my wired network. (It's plugged into a wired wall jack providing his own personal wireless network.)

It can also proxy (play "monkey in the middle") between two wireless networks, which is what you would probably want if you were using it along with hotel Wi-Fi. There is another thread where I recommended it over here: https://forums.grc.com/threads/cable-down-literally.800/
 

MichaelRSorg

Well-known member
Nov 1, 2020
88
13
RouterSecurity.org
Interesting question. I know that the Vilfo router can do what you want. That is, create an SSID and have it always use a VPN connection while other SSIDs, use a different VPN connection or none at all. But, its $400. Its from a VPN provider that has partnerships with over 20 other VPN companies.
https://www.vilfo.com/en

No doubt there are other routers that can do this too, but this is the only one I am aware of.

But, the better approach is to use any of the readily available routers that include a VPN client. Plug the VPN client router into your main router (wan port -> lan port) and give the guest an SSID created by the VPN client router. Asus has offered a VPN client for years now. Better still, segregate the LAN port in the main/outside router into its own isolated VLAN ... if possible.
 
  • Like
Reactions: CredulousDane

CredulousDane

Active member
Sep 26, 2020
27
3
So actually, if I don't want this person on my own network I should "play monkey in the middle" but with my own guest network? Could that work. What I mean is:

1. Create a guest network
2. Set up the VPN router to on that guest network
3. Give out the SSID/Password that the VPN router provides.

I'm thinking that is how it could work on a hotel.

Because if I plug the VPN router via kabel directly to my router, this 'VPN' network would also access MY network, right?

Thanks for the Vilfo link, will save that for another time - just bought an ASUS router I really like ;)
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
Well if you plug one router into the other, the most nested one is the most secure. In theory that would mean you would do something like this:

PHolder2021Sept19_TwoRouterSolution.png

Here you can see that the second firewall will in essence make your guest be on the Internet as far as your own router is concerned.
 
  • Like
Reactions: CredulousDane

CredulousDane

Active member
Sep 26, 2020
27
3
Ahh okay. I have a router from my provider but that is in bridge mode (I think it's called) - and then I have my own router.

I mean, the provider router sends everythin through so couldn't I use the VPN router directly on that instead of having 2 routers behind the router from my provider?
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.
 

CredulousDane

Active member
Sep 26, 2020
27
3
It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.

Ahh yes, that makes sense. If and when I buy the VPN router I can try but if it won't work I do have my old ASUS router and so it's nice to have your sketch (and of course all your help in here) of how it can be setup :)
 

CredulousDane

Active member
Sep 26, 2020
27
3
Just found this article and maybe it is something useful for this situation - haven't completely understood it yet - can't figure WHO the VPN provider is or if it is just whatever VPN information has been entered into the router settings.


EDIT: No, it's not useful for this situation - just a feature I didn't know about before ;)
But then again - if I put a VPN on my router the guest network should have that as well. And instant Guard can switch it on quickly.
 
Last edited:

CredulousDane

Active member
Sep 26, 2020
27
3
Alright, more late night thoughts.

I'm trying to avoid having to use 2 routers (+ my providers which is just in bridge mode) and have been thinking about this setup:
VPN-Router.png

What I'm thinking of is:

Can the Stranger in any way get back to just being on the GUEST network without having login credentials for the VPN Router. I would think NO.

So with the thought of using a VPN Router on a hotel Wi-Fi I'm thinking that this should be both possible and secure.

Any thoughts are welcome :)
 

AlanD

Well-known member
Sep 18, 2020
210
69
Rutland UK
What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.
 

CredulousDane

Active member
Sep 26, 2020
27
3
What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?

GUEST has the following 'preferences':

Network Name (SSID): GUEST
Authentication Method: WPA2-Personal
Network Key: [a_long_secure_password]
Time Remaining: Unlimited access
Access Intranet: Disable

It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.

I thinking that the internet INPUT signal to the VPN Router can be wireless. That could be my GUEST network. The OUTPUT is with a new key and a new SSID (SECURE) and a VPN connection always on.

But... (just reading here: https://docs.gl-inet.com/en/3/setup/gl-ar750s/internet/) - are you saying that if the INPUT is from Wi-Fi then the VPN Router can only repeat and therefore NOT create a new SSID with a new network key?
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.
 

CredulousDane

Active member
Sep 26, 2020
27
3
Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.

That's not what I'm thinking about doing - just don't know how exactly to explain it then.

But let's leave it at that, I might buy one of the cheapest of those VPN Routers and play around with it.

:)
 

CredulousDane

Active member
Sep 26, 2020
27
3
But thanks for your responses - I'm learning as I go along.

I can see the point of having 2 routers, both security wise and so that the VPN Router will be connected by ethernet cable.

So I guess my next question is: If this 2nd router (between my own and the ISP's) only needs to provide cabled connections then it could the cheapest I can find (that also provides firmware updates of course), right? It does need to be something expensive at all?
 

PHolder

Well-known member
Sep 16, 2020
764
2
359
Ontario, Canada
It does need to be something expensive at all?
Well the GL-Inet devices are fairly cost effective and versatile. If you didn't need WiFi (or if you had a WiFi AP that was in pass-through mode) you could use a low cost Ubiquity ERX. In wireless routers, most of the cost you're spending is for wireless management, MIMO and mesh technologies that yield more powerful wireless processing for better reach and more bandwidth.
 
  • Like
Reactions: CredulousDane

Duckpaddle

Member
Oct 1, 2020
21
8
Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.
The first step of a confidence scam is to ask a small favor....