Export thread

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

Secure Network On-the-Go or Lending to Strangers

#1

C

CredulousDane

Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.


#2

Lob

Lob

guest network, client isolation turned on. In theory she could be in space but nobody could hear her scream....

edit: buy the toy if you want the toy, not if you like the girl :D


#3

C

CredulousDane

Yeah, it's not to get the girl ;)

But just thought of it as having a VPN on the guest network would be nice.

And I think I'll buy the toy and try it out :p


#4

P

PHolder

hear if you have any experience or suggestions with products like these

I have the https://www.gl-inet.com/products/gl-ar750s/ and a house guest right now who is using it to access my wired network. (It's plugged into a wired wall jack providing his own personal wireless network.)

It can also proxy (play "monkey in the middle") between two wireless networks, which is what you would probably want if you were using it along with hotel Wi-Fi. There is another thread where I recommended it over here: https://forums.grc.com/threads/cable-down-literally.800/


#5

MichaelRSorg

MichaelRSorg

Interesting question. I know that the Vilfo router can do what you want. That is, create an SSID and have it always use a VPN connection while other SSIDs, use a different VPN connection or none at all. But, its $400. Its from a VPN provider that has partnerships with over 20 other VPN companies.
https://www.vilfo.com/en

No doubt there are other routers that can do this too, but this is the only one I am aware of.

But, the better approach is to use any of the readily available routers that include a VPN client. Plug the VPN client router into your main router (wan port -> lan port) and give the guest an SSID created by the VPN client router. Asus has offered a VPN client for years now. Better still, segregate the LAN port in the main/outside router into its own isolated VLAN ... if possible.


#6

C

CredulousDane

So actually, if I don't want this person on my own network I should "play monkey in the middle" but with my own guest network? Could that work. What I mean is:

1. Create a guest network
2. Set up the VPN router to on that guest network
3. Give out the SSID/Password that the VPN router provides.

I'm thinking that is how it could work on a hotel.

Because if I plug the VPN router via kabel directly to my router, this 'VPN' network would also access MY network, right?

Thanks for the Vilfo link, will save that for another time - just bought an ASUS router I really like ;)


#7

P

PHolder

Well if you plug one router into the other, the most nested one is the most secure. In theory that would mean you would do something like this:

PHolder2021Sept19_TwoRouterSolution.png

Here you can see that the second firewall will in essence make your guest be on the Internet as far as your own router is concerned.


#8

C

CredulousDane

Ahh okay. I have a router from my provider but that is in bridge mode (I think it's called) - and then I have my own router.

I mean, the provider router sends everythin through so couldn't I use the VPN router directly on that instead of having 2 routers behind the router from my provider?


#9

P

PHolder

It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.


#10

C

CredulousDane

It depends on what the router in bridge mode is configured to do. You normally can't plug two routers into one modem, for example, because the ISP only authorizes you to have one IP address. If your ISP allows you additional IP addresses, or if the router in bridge mode can issue multiple IP addresses, then you could plug multiple routers into it.

Ahh yes, that makes sense. If and when I buy the VPN router I can try but if it won't work I do have my old ASUS router and so it's nice to have your sketch (and of course all your help in here) of how it can be setup :)


#11

C

CredulousDane

Just found this article and maybe it is something useful for this situation - haven't completely understood it yet - can't figure WHO the VPN provider is or if it is just whatever VPN information has been entered into the router settings.


EDIT: No, it's not useful for this situation - just a feature I didn't know about before ;)
But then again - if I put a VPN on my router the guest network should have that as well. And instant Guard can switch it on quickly.


#12

C

CredulousDane

Alright, more late night thoughts.

I'm trying to avoid having to use 2 routers (+ my providers which is just in bridge mode) and have been thinking about this setup:
VPN-Router.png

What I'm thinking of is:

Can the Stranger in any way get back to just being on the GUEST network without having login credentials for the VPN Router. I would think NO.

So with the thought of using a VPN Router on a hotel Wi-Fi I'm thinking that this should be both possible and secure.

Any thoughts are welcome :)


#13

A

AlanD

What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?


#14

P

PHolder

It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.


#15

C

CredulousDane

What is stopping Stranger logging in directly to GUEST? Is it password protected, and/or locked to only allow VPN router to connect?

GUEST has the following 'preferences':

Network Name (SSID): GUEST
Authentication Method: WPA2-Personal
Network Key: [a_long_secure_password]
Time Remaining: Unlimited access
Access Intranet: Disable

It's unclear to me what exactly you're proposing here. VPN Router is a router... and if it's a VPN router, every packet coming into it is likely to be processed and directed in the same way. I don't think you can actually achieve what you're thinking with off the shelf router firmware. You could potentially install something custom based on Tomato or OpenWRT.

I thinking that the internet INPUT signal to the VPN Router can be wireless. That could be my GUEST network. The OUTPUT is with a new key and a new SSID (SECURE) and a VPN connection always on.

But... (just reading here: https://docs.gl-inet.com/en/3/setup/gl-ar750s/internet/) - are you saying that if the INPUT is from Wi-Fi then the VPN Router can only repeat and therefore NOT create a new SSID with a new network key?


#16

P

PHolder

Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.


#17

C

CredulousDane

Well I don't think one of the GL-Inet devices is powerful enough to permanently replace your main router. It's not meant for that purpose... it's meant to be a temporary router for a temporary hotel stay in a small room. It might have strong enough signal for certain use cases, but it's not a MIMO or otherwise powerful device, like many of the $200 routers are. So, if you still have a main router and the GL-Inet router, you're back to two routers, which is what it seemed you were trying to avoid.

That's not what I'm thinking about doing - just don't know how exactly to explain it then.

But let's leave it at that, I might buy one of the cheapest of those VPN Routers and play around with it.

:)


#18

C

CredulousDane

But thanks for your responses - I'm learning as I go along.

I can see the point of having 2 routers, both security wise and so that the VPN Router will be connected by ethernet cable.

So I guess my next question is: If this 2nd router (between my own and the ISP's) only needs to provide cabled connections then it could the cheapest I can find (that also provides firmware updates of course), right? It does need to be something expensive at all?


#19

P

PHolder

It does need to be something expensive at all?
Well the GL-Inet devices are fairly cost effective and versatile. If you didn't need WiFi (or if you had a WiFi AP that was in pass-through mode) you could use a low cost Ubiquity ERX. In wireless routers, most of the cost you're spending is for wireless management, MIMO and mesh technologies that yield more powerful wireless processing for better reach and more bandwidth.


#20

Duckpaddle

Duckpaddle

Hi, a couple of days ago a girl living in the apartment downstairs (she doesn't live here normally but borrowed the apartment from the owner), contacted me to ask if she could use my internet as she somehow didn't have any herself (?). I'm a helper/pleaser and who can say no to a beautiful girl at the doorstep. I did say though, give me 10 minuttes and I'll be down with something.

So I created a guest network as I didn't want to share my own WiFi with her. But it also made me think 'what if' thoughts. What if she wasn't as innocent as she looked, well, I would (will?) be the one with hard knocking on my door. Anyway, it's done now, she left again. But it got me thinking about this small router I once read about and I guess I just want to hear if you have any experience or suggestions with products like these:

https://store.gl-inet.com/products/gl-ar300m-mini-smart-router?variant=39350896787550

I'm not thinking about giving free internet to everyone around me and I don't travel a lot - I just want to learn (and YES, I can learn to say NO) - but still. It's pretty cheap so could be fun to play around with.
The first step of a confidence scam is to ask a small favor....


#21

C

CredulousDane

Just setup my old router as an access point (first time) but it came about because all the apps I use with Chromecast keeps disconnecting (from being able to control the stream - although the audio/video continues) and that began when I bought a new router.

But it was easier than thought and I will buy a VPN router to use instead of my old router so I can use that as a secure access point for most of my devices.

Anyway, just interesting to actually do something about trying it out ;) - and now I'm waiting to see how my apps behave when casting audio/video :) (being connected to the old router)


#22

A

AlanD

I don't think that I understand what you are trying to do here.

The normal situation when a VPN is required/advisable is when you are connecting to a remote resource, e.g. working from home with access to the company server. VPN's are not normally used within the house to connect from an end device to the "internet gateway" ( I call it that as it may be a modem, a router, or any kind of combo device). The problem is that whilst a number of home gateways will act as a VPN client and route all internet traffic over a VPN to a remote site, I don't think they will act as a VPN server. Remember a VPN is effectively an encrypted point to point communication path, it is not a replacement for WPA2 security on a wifi link.


#23

C

CredulousDane

I don't think that I understand what you are trying to do here.

The normal situation when a VPN is required/advisable is when you are connecting to a remote resource, e.g. working from home with access to the company server. VPN's are not normally used within the house to connect from an end device to the "internet gateway" ( I call it that as it may be a modem, a router, or any kind of combo device). The problem is that whilst a number of home gateways will act as a VPN client and route all internet traffic over a VPN to a remote site, I don't think they will act as a VPN server. Remember a VPN is effectively an encrypted point to point communication path, it is not a replacement for WPA2 security on a wifi link.

Don't mind me - was not so much about VPN at this point just trying to figure out why apps casting via chromecast (on my old router) worked fine but with the new one they disconnect all the time. Just leave it. Wasn't a good solution to switch back to my old and slow router. Will find other ways to enjoy my entertainment if Chromecast keeps bugging me ;)


#24

P

PHolder

trying to figure out why apps casting via Chromecast (on my old router) worked fine but with the new one they disconnect all the time
Well Chromecast is barely peer to peer. The normal idea is that the controller (phone or Chrome on a desktop) is just sending commands (start this source, go to this play position, stop, etc) and the Chromecast gets the actual streaming data DIRECTLY from the source. In this scenario, if it's frequently stopping, it would probably indicate your connection is latent or the source is having trouble sending the data. If you host the source as well, then it would probably be whatever software you're using to be the host that would be causing the grief.


#25

R

Roger Rabbit

But whatever she does online can be traced back to your ISP account.


#26

D

dmot

But whatever she does online can be traced back to your ISP account.
This is what I was waiting to see. Having anyone on an isolated/guest network is one thing and many consumers routers have this feature, but that simply blocks those devices (on the guest/isolated network) from accessing your local/LAN devices, which is great, but anything done on the guest/isolated network will still be associated with your WAN IP address.

Sure, you can get very advanced and set up a VPN service and filter the traffic from the guest/isolated network to tunnel through the VPN service network, but now you have to pay for a VPN service, not sure why you would want to do this for a guest/isolated network.

However, in the scenario that is being discussed (giving internet access to a friend/neighbor/etc) and being concerned with them having access to your network, I think the best thing to do is create a guest network and make sure client isolation is enabled, if possible.

I use pfsense for router/firewall and have tried various brands for multi-AP environments (for traffic hand-off between APs), even if the wireless APs I'm using have an option for client isolation/guest network, I will still create a rule in the pfsense firewall to block LAN > Guest WLAN traffic and Guest WLAN > LAN traffic as a safety net. That way if the wireless setting of client isolation/guest network was changed by accident or firmware update, etc...I'm still protected from the pfsense setting.


#27

R

Roger Rabbit

This is what I was waiting to see. Having anyone on an isolated/guest network is one thing and many consumers routers have this feature, but that simply blocks those devices (on the guest/isolated network) from accessing your local/LAN devices, which is great, but anything done on the guest/isolated network will still be associated with your WAN IP address.

Sure, you can get very advanced and set up a VPN service and filter the traffic from the guest/isolated network to tunnel through the VPN service network, but now you have to pay for a VPN service, not sure why you would want to do this for a guest/isolated network.

However, in the scenario that is being discussed (giving internet access to a friend/neighbor/etc) and being concerned with them having access to your network, I think the best thing to do is create a guest network and make sure client isolation is enabled, if possible.

I use pfsense for router/firewall and have tried various brands for multi-AP environments (for traffic hand-off between APs), even if the wireless APs I'm using have an option for client isolation/guest network, I will still create a rule in the pfsense firewall to block LAN > Guest WLAN traffic and Guest WLAN > LAN traffic as a safety net. That way if the wireless setting of client isolation/guest network was changed by accident or firmware update, etc...I'm still protected from the pfsense setting.
All that is for your protection.
If someone on your guest WiFi creates an email account, then sends an email about illegal activity, perhaps assassinating a government leader. Your ISP will give them your information when they receive the warrant.

This is 10 years old, but IP is still IP.
https://www.registercitizen.com/new...ly-charged-with-child-porn-after-12077668.php


#28

D

dmot

All that is for your protection.
If someone on your guest WiFi creates an email account, then sends an email about illegal activity, perhaps assassinating a government leader. Your ISP will give them your information when they receive the warrant.

This is 10 years old, but IP is still IP.
https://www.registercitizen.com/new...ly-charged-with-child-porn-after-12077668.php

Yup, we are in agreement.