Travel Router

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

blaq

blaq

Member
Sep 29, 2020
12
3
Hi guys, I remember Steve mentioning ages ago off handedly that he set up a travel router for someone who was travelling, but it was many years ago anyway.

What would be the latest recommendation? I wanna connect to an untrusted network via wifi while staying behind my own NAT firewall. OpenVPN/Tailscale integration would be a bonus. Or should I just go with a pfSense and wireless adapter?
 
pfSense would provide you with the best and most configurable protection.

NAT wasn't designed with blocking packets in mind, though it does by the very nature of the beast.

I would think your Windows firewall should provide adequate blocking. When I take my FreeBSD laptops away from home I rely on the O/S packet filter -- FreeBSD has pf (basis for pfSense), ipfw (the original FreeBSD firewall) and ipfilter (which I've used for ~ 20 years and what pf was designed to replace -- long OpenBSD story behind this which I'm not about to repeat here unless you know the circumstances and personalities involved, and then it makes sense).

When I take my $JOB laptop (Windows 11) places, I and my employer rely on the Windows firewall. And as a firewall developer (I work on ipfilter), IMO It does a decent job. (We recently switched from the McAfee to the Defender f/w,)

Using a NAT router as a security device in the field is unnecessary, Unless of course you need a WiFi repeater.

The firewalls built into the kernel, if configured properly, are sufficient and in most cases better than a NAT router.
 
pfSense is overkill from a usability perspective for this use case I think. My recommendation is to get one of the reasonably priced routers in the gl.inet lineup https://store-us.gl-inet.com/collections/travel-routers They are also sold on Amazon, among other places. You can usually find a fair price on a hard case for one too, which is handy to have room to store an extra cable, etc. I have the Beryl AX (GL-MT3000) and recommend it wholeheartedly. They run a version of OpenWRT, and have a UI to help you do the obvious things (like proxy wireless to wireless, or wired to wireless, or wireless to wired, etc.)
 
cschuber said:
pfSense would provide you with the best and most configurable protection.

NAT wasn't designed with blocking packets in mind, though it does by the very nature of the beast.

I would think your Windows firewall should provide adequate blocking. When I take my FreeBSD laptops away from home I rely on the O/S packet filter -- FreeBSD has pf (basis for pfSense), ipfw (the original FreeBSD firewall) and ipfilter (which I've used for ~ 20 years and what pf was designed to replace -- long OpenBSD story behind this which I'm not about to repeat here unless you know the circumstances and personalities involved, and then it makes sense).

When I take my $JOB laptop (Windows 11) places, I and my employer rely on the Windows firewall. And as a firewall developer (I work on ipfilter), IMO It does a decent job. (We recently switched from the McAfee to the Defender f/w,)

Using a NAT router as a security device in the field is unnecessary, Unless of course you need a WiFi repeater.

The firewalls built into the kernel, if configured properly, are sufficient and in most cases better than a NAT router.
Click to expand...
The reason why I wanted something like a travel router was:
1) Software firewalls are always susceptible to software flaws, as covered multiple times in the podcast. The notion of packets being "dropped" simply because they can't be routed before reaching the computer seems more secure than the idea that the packet is parsed then dropped after it's already reached the computer.
2) Ease of use- I can mirror my home WiFi on the Travel Router and have all the devices auto-connect.

PHolder said:
pfSense is overkill from a usability perspective for this use case I think. My recommendation is to get one of the reasonably priced routers in the gl.inet lineup https://store-us.gl-inet.com/collections/travel-routers They are also sold on Amazon, among other places. You can usually find a fair price on a hard case for one too, which is handy to have room to store an extra cable, etc. I have the Beryl AX (GL-MT3000) and recommend it wholeheartedly. They run a version of OpenWRT, and have a UI to help you do the obvious things (like proxy wireless to wireless, or wired to wireless, or wireless to wired, etc.)
Click to expand...
Thanks, that looks like a great solution. Seems they offer both the Slate AX and Beryl AX where the Slate is abit more expensive with a few more features like a memory card and 1 more RJ45 port? Other than that can't seem to see much difference to justify the ~$100 difference.
 
blaq said:
The reason why I wanted something like a travel router was:
1) Software firewalls are always susceptible to software flaws, as covered multiple times in the podcast. The notion of packets being "dropped" simply because they can't be routed before reaching the computer seems more secure than the idea that the packet is parsed then dropped after it's already reached the computer.
Click to expand...

And what does the the work of packet filtering in a hardware firewall? Would it not be software?

Case in point: the VxWorks based routers Steve spoke about in a SecurityNow episode a couple of years go.

Would you say something like this would be more secure than the netfilter + Linux installed in it? (Remember, firmware is just software by a different name.)

At least with a software based firewall you will receive updates for a very long time. Whereas you'd be lucky to get one or maybe two updates from a hardware vendor before the deprecate and desupport their product forcing you to purchase a newer model.

blaq said:
2) Ease of use- I can mirror my home WiFi on the Travel Router and have all the devices auto-connect.
Click to expand...
With this you have a point. How many devices do you take when you travel BTW?
 
cschuber said:
With this you have a point. How many devices do you take when you travel BTW?
Click to expand...
Always more than you think. Usually 1-2 laptops, 1-2 phones, 1 tablet 1 Kindle, plus whatever the family brings (usually at least a phone and a tablet each).

Happy to report that I've been using the Beryl AX and it's been good. Not quite kitchen sink level like a ddwrt or pfSense but does everything I need and then some.
 
I just use the hot spot on my phone and the built-in firewall on my Mac, + LittleSnitch
I keep Bluetooth on the phone and the laptop turned OFF all the time as well.
(and the WiFi on the phone is always off unless I am actively using the hot spot for my laptop)

So, I basically never do ANY public WiFi, as it's way too easy to spoof/hack (remember the WiFi Pineapple? These still sell very well)
 
ZiggyStar said:
I just use the hot spot on my phone and the built-in firewall on my Mac, + LittleSnitch
I keep Bluetooth on the phone and the laptop turned OFF all the time as well.
(and the WiFi on the phone is always off unless I am actively using the hot spot for my laptop)

So, I basically never do ANY public WiFi, as it's way too easy to spoof/hack (remember the WiFi Pineapple? These still sell very well)
Click to expand...
Similar to what I do today. I use ExpressVPN on my devices. I will plug my phone into my MacBook to use as a hotspot.
 
Like other people on here i use a gl-inet travel router (Shadow 16M). Like you I aim for one-stop-setup for all my devices. The Shadow 16M sports a nice Openvpn client that accept the config file generated by my Turris router at home, instantly taking be 'back home' no matter where I am.
It also sports a Wireguard Client (more speed). And it's ridiculously small, making it the perfect choice for limited-luggage-travelling.
 
You must log in or register to reply here.

Similar threads

C
ISP requires route MAC and serial, pfSense replacement router HOWTO
Replies
1
Views
559
Networking
PHolder
P
A
  • Contains 4 staff post(s)
router recommendation?
Replies
23
Views
6K
Networking
himemsys
H
Adam-TheMan-Tyler
  • Contains 1 staff post(s)
Router WAN Management over HTTPS
Replies
1
Views
727
Networking
Steve
Steve
T
VPN and Multi-Router Set Up
Replies
6
Views
2K
Networking
JakeofArk
JakeofArk
jlariviere
Three Dumb Router question
Replies
30
Views
7K
Networking
Ralph
R
Top Bottom
Back