using AC68 to connect to hotel wifi

[martinr]

Thanks so much for the research. I went ahead and installed dd-wrt and the repeater mode seems to be working, DHCP and NAT included. I tested by connecting it to my home wifi network, ethernet from laptop to LAN port. So, I'm happy.

I should have mailed my Linksys router to you and asked you to set up repeater mode for me. Seriously, well done, and thanks for the feedback. Glad to hear you got it sorted.

 

[L&LD]

The Internet is an open network. You're no more at risk running the VPN from an open hotspot than you are running it from home.

Agreed, the internet is an open network.

The difference is that I greatly prefer to connect directly to an ISP vs. whatever may be between it and my computer directly capturing my network traffic. Regardless of VPN running or not.

In this respect, I guess we disagree about how secure an open / public connection is vs. our own home (or office) networks.

As I tried to explain previously, shouting to the neighborhood in another language (i.e. VPN over an open network) so that one other person who understands your language also hears you is not as secure as passing that person a note directly (no VPN but over a secure (WPA2) network). At least from my current understanding of how networks work.

Using an open hotspot is the last thing I would do on this earth with any computing device I own. I'd rather be without an internet connection than connect to something as insecure as that, VPN or not.

 

[sfx2000]

I use VPN to paid VPN service 24/7 anyway, just for some measure of anonymity, bypassing georestrictions, bypassing ISP blocks, etc.

I just want to be able to keep doing that, especially on public networks like a hotel.

The other problem is that many times public wifi will allow only 1 device to use the internet per account at any given time. I figured with my router connected I could get around that problem. And then it would run VPN for us all too.

Since I have entware installed I did install elinks. With that I figure I can do the web page login from the router. Or the MAC trick will work too.

But, chances are there will be only wifi. Will the media bridge option work in this case?

Setting up the router as a bridge, and having it attach to the hotel WiFi is one approach... then cabling up to the router and turn on ICS on the laptop to build your own little private WiFi bubble for your other devices.

Most hotel networks - the captive portal will authenticate the first MAC address it sees, so again, allow the Bridge to attach, and login from the Laptop... it'll detect the bridge's MAC address and everything else should be fine if attaching to your ICS access point from phone/tablet/whatever...

Hotel networks can be really weird... One incident that happened to me a while back at a major chain - their WiFi was in pretty bad shape, under built, and the broadband connection was perhaps 512Kbit at best - turned on the WiFi hotspot on my iPhone5S - good LTE coverage, but after about a minute, I would get dropped - pretty unusual, eh? Fired up wireshark, and found that when I turned on the Hotspot mode, after about a minute, they would start flooding deauthentication packets at my phone (as AP), detecting it as a rouge AP... no choice but to use their AP, which was a non-starter as they also blocked VPN passthru - I can't install OpenVPN on the work laptop (we have a specific policy against it, and these laptops are very locked down in Windows System Management).. horrible experience, and at the end, did most of my work out of my smartphone on 4G...

They really, really wanted their 10 bucks day per device...

 

[RMerlin]

Agreed, the internet is an open network.

The difference is that I greatly prefer to connect directly to an ISP vs. whatever may be between it and my computer directly capturing my network traffic. Regardless of VPN running or not.

After the traffic reaches your ISP, it gets sent through routers over which neither you, nor your ISP have any control. That's just as open as being in a public hotspot.

In this respect, I guess we disagree about how secure an open / public connection is vs. our own home (or office) networks.

As I tried to explain previously, shouting to the neighborhood in another language (i.e. VPN over an open network) so that one other person who understands your language also hears you is not as secure as passing that person a note directly (no VPN but over a secure (WPA2) network). At least from my current understanding of how networks work.

Which would mean that you cannot ever do any online purchases if you follow your own logic - there is no difference between sending your credit card info over an SSL connection versus sending that info through an OpenVPN tunnel (they in fact both use the same TLS technology, with the VPN being even more secure in its exchange stage).

A strong crypto is nowhere near the level of "shouting in a different language" in terms of security. As I pointed out, we're talking something that would take YEARS of brute force attacks to crack through. When dealing with a properly implemented cipher, you are effectively shouting in a language that is guaranteed to only be understood by the other end, as he's the only one to have the corresponding key.

For all purposes and intent, a strong cipher properly implemented (such as an OpenVPN using TLS and AES-128 or AES_256) is as secure as walking into the other person's room, and physically handing him the data. Unless we're talking something which, you mind that they might figure out what was being said 15 or 20 years from now.

 

[Chrysalis]

interesting I think I just found a role for my defunct rt-n16

 

[L&LD]

After the traffic reaches your ISP, it gets sent through routers over which neither you, nor your ISP have any control. That's just as open as being in a public hotspot.



Which would mean that you cannot ever do any online purchases if you follow your own logic - there is no difference between sending your credit card info over an SSL connection versus sending that info through an OpenVPN tunnel (they in fact both use the same TLS technology, with the VPN being even more secure in its exchange stage).

A strong crypto is nowhere near the level of "shouting in a different language" in terms of security. As I pointed out, we're talking something that would take YEARS of brute force attacks to crack through. When dealing with a properly implemented cipher, you are effectively shouting in a language that is guaranteed to only be understood by the other end, as he's the only one to have the corresponding key.

For all purposes and intent, a strong cipher properly implemented (such as an OpenVPN using TLS and AES-128 or AES_256) is as secure as walking into the other person's room, and physically handing him the data. Unless we're talking something which, you mind that they might figure out what was being said 15 or 20 years from now.

RMerlin, I do not buy things online. Yes, I do online banking (sparingly), but that is only because the BANK guarantees no harm to my small amount of funds.

I also do not believe for a minute that a cipher weak enough to allow fast enough internet speeds is secure against anyone and everyone (i.e. Gov't).

And, I also do not trust a VPN service any more than I would my ISP. Even less, to be truthful. Unless the VPN service is wholly owned by me, the pitfalls of the internet are amplified when using such a service, not minimized.

Just like the TOR users are the first to be an NSA target, VPN users 'seem' to be more valuable (to data miners) than non-VPN users and that makes them by default less secure in my view (because they've piqued the interest of others in their online dealings).

No, I'm not paranoid, I'm just being logical and practical.

The VPN providers have Great marketing, but little in the way of a great track record of keeping their users internet usage private. Especially as they don't control the servers and other hardware they base their business on.

A VPN connection is only as secure as the weakest link at the company(s) providing that service (i.e. anyone who can physically access the servers). And that does not inspire confidence in me to believe that I am safe and secure while online in the least. No matter how hard or how long it would take for our little consumer computers to break a 1024 or 2048 key cipher today is, because that is not the weak point as I see it.

 

[mirage22]

RMerlin, I do not buy things online. Yes, I do online banking (sparingly), but that is only because the BANK guarantees no harm to my small amount of funds.

I also do not believe for a minute that a cipher weak enough to allow fast enough internet speeds is secure against anyone and everyone (i.e. Gov't).

And, I also do not trust a VPN service any more than I would my ISP. Even less, to be truthful. Unless the VPN service is wholly owned by me, the pitfalls of the internet are amplified when using such a service, not minimized.

Just like the TOR users are the first to be an NSA target, VPN users 'seem' to be more valuable (to data miners) than non-VPN users and that makes them by default less secure in my view (because they've piqued the interest of others in their online dealings).

No, I'm not paranoid, I'm just being logical and practical.

The VPN providers have Great marketing, but little in the way of a great track record of keeping their users internet usage private. Especially as they don't control the servers and other hardware they base their business on.

A VPN connection is only as secure as the weakest link at the company(s) providing that service (i.e. anyone who can physically access the servers). And that does not inspire confidence in me to believe that I am safe and secure while online in the least. No matter how hard or how long it would take for our little consumer computers to break a 1024 or 2048 key cipher today is, because that is not the weak point as I see it.

Excellent, by this logic i would rather surf without VPN on an open network rather than use a VPN. Let the script kiddies have a ball of a time... they won't do me any harm. Its the government that I will be spared from!

More like i would rather sleep with my hotel door wide open at night, its an open hotel after all. Coz a locked door would mean someone will have the itch to try breaking into it and steal something, rather than the open door as people think he definitely has nothing on him...

Love the logic!

 

[mirage22]

RMerlin, I do not buy things online. Yes, I do online banking (sparingly), but that is only because the BANK guarantees no harm to my small amount of funds.

Sure, my bank promises security too, but guess what? http://dealbook.nytimes.com/2014/10/03/hackers-attack-cracked-10-banks-in-major-assault/?_r=0

A google will tell what's the situation in many of the US banks. Let alone global banks!

 

[L&LD]

Excellent, by this logic i would rather surf without VPN on an open network rather than use a VPN. Let the script kiddies have a ball of a time... they won't do me any harm. Its the government that I will be spared from!

More like i would rather sleep with my hotel door wide open at night, its an open hotel after all. Coz a locked door would mean someone will have the itch to try breaking into it and steal something, rather than the open door as people think he definitely has nothing on him...

Love the logic!

Please read my post again; I do not connect to ANY open network. I do not use VPN as it's a false sense of security. I do not sleep at hotels if I have any choice at all (I can drive for hours...) and even if I did, the door is closed and locked as is everyone else's.

Your logic and jumping to your own absurd conclusions leave a lot to be desired.

 

[L&LD]

Sure, my bank promises security too, but guess what? http://dealbook.nytimes.com/2014/10/03/hackers-attack-cracked-10-banks-in-major-assault/?_r=0

A google will tell what's the situation in many of the US banks. Let alone global banks!

I did not state banks are immune to security threats. I stated that my bank guarantees my funds are safe.

That is all I care about.

 

[mirage22]

Please read my post again; I do not connect to ANY open network. I do not use VPN as it's a false sense of security. I do not sleep at hotels if I have any choice at all (I can drive for hours...) and even if I did, the door is closed and locked as is everyone else's.

Your logic and jumping to your own absurd conclusions leave a lot to be desired.

I wish I didn't have to travel for my work to different states, let alone countries. I wish I didn't have to reply to an email immediately! More like people would wish they were all millionaires!

A lock is also a false sense of security. It can be broken. But I would rather make it difficult than easy for someone to trawl in.

Nothing is secure on earth. But using certain means, I hope to make it a little difficult for some folks and just not worth the time and effort for other folks. That's better than just not locking the door or having a VPN.

 

[sfx2000]

Well - sharing my experience - I can't run an OpenVPN client on my corp laptop, but I can run L2TP/IPsec or PPTP...

So when dealing with hospitality networks, generally I'll get one of the two options up - worst case, if they block both, I'll use SSH to build a tunnel to an end-point that I know/trust/control... in many cases, even with VPN, I'll still set up SSH to build tunnels as needed...

Open WiFi is like being on an Ethernet hub - fire up Wireshark, and start collecting data - it's all in the clear... it's like writing postcards as opposed to putting mail in envelopes...

Do a filter on tindr, grindr, and craigslist in the early evening at a hotel site on public/open wifi - might be surprised how much traffic there is there - all in the clear...​

Really - with VPN, one needs to know both end-points - as a road warrior/remote working, I know the end-point - when setting up remote offices, I know both ends, when doing Business to Business - we know both ends and have contracts with big legal words and serious penalties if trust is broken...

I realize that many folks want VPN, not for those use-cases, but basically to break geo-locking of content over the internet - just be advised - setting up and using a VPN cuts both ways - it's a trust relationship, and by using a VPN on the router, one is bypassing all the firewall protections it offers, and establishing a trusted end-point inside your network...with full access to all nodes within..

That commercial VPN provider might be a front-end shell corporation for a 3/4 letter government agency, or worse yet, a commercial entity that is data mining your info - so make sure you trust them.

sfx

 

[RMerlin]

Well - sharing my experience - I can't run an OpenVPN client on my corp laptop, but I can run L2TP/IPsec or PPTP...

So when dealing with hospitality networks, generally I'll get one of the two options up - worst case, if they block both, I'll use SSH to build a tunnel to an end-point that I know/trust/control... in many cases, even with VPN, I'll still set up SSH to build tunnels as needed...

Personally, if what I wanted was privacy and security while I'm in a public location, I would connect to the OpenVPN server at my home to route my traffic through it. No need to pay for a tunnel provider, and I definitely trust the remote end in this case

I would only use a tunnel provider if I needed to break geolocation, or if I wanted to hide from local organization (MPAA, RIAA, and others copyright trolls), by using a provider that's completely hosted/operated in a different country.

If I wanted to hide from a government agency, I would definitely go with something where I control BOTH ends of the communication, because that's a whole different level of ballgame there.

It's always a matter of what level of security you actually need for your particular situation.