This is awesome. I had always had a travel/pocket wi-fi router since a long-long time. Started from the likes of D-Link, TP-Link, etc and now my next target is to check out one from GL•iNet[1]. They are flashable with OpenWRT. Their Beryl AX[2] looks spicy.
I find the benefit of a router with you when traveling are;
- More secure (you can set it up the way you want).
- Your device(s) do not need to be configured to work and sync.
- Better wi-fi coverage.
PS. I have no relationship with GL•iNet. They just seem to be the most ideal from all the reviews I have stumbled on so far.
Using a mesh of Glinet routers (GL-AXT1800) and Wireguard across residential points of presence. Nothing but good things to say about them, use one to bridge between a Starlink gen2 dishy and clients when mobile (fail closed VPN). iOS app is good, optional cloud mgmt portal also good. My only regret is I wish they offered a 1U half depth rack mount SKU.
Don't get the Mango (GL-MT300N-V2), it is cute but woefully underpowered for anything but the most light throughput.
Its important to note their firmware and especially their cloud infrastructure should absolutely not be trusted. Their hardware is probably fine, so just flash OpenWRT.
I got the GL.iNet GL-MT3000 (Beryl AX) a while ago and it's exactly what I needed.
I used to carry around a Huawei 4G router, but it required its own wall wart and couldn't bridge to another wifi. So if the 4G coverage was crap, we had to use public hotel wifis, meaning I had to configure 6-10 devices to use the crappy portaled network.
With the Beryl AX I get:
- Wifi-bridging. The Beryl has its own network, our devices connect to it and I can wrangle it to any public network
- Ad-blocking, global DNS via nextdns, Mullvad VPN, Tailscale, all built in and work with just one click.
- Internet failover if I have multiple active connections (wifi + 4g for example
- Standard USB power input
What I lost was the 4G connectivity, BUT it has an USB port and I use an old Android phone with a data plan on it. Used the developer menu to make it always default to tethering when an USB cable is connected and it's pretty much fire and forget.
(It's also on sale for around 100€ for Black Friday, well worth it)
I've used their GL-AR300M model for a few years quite happily.
Very flexible, i.e. wifi interface and two wired interfaces, and can mix and match roles however you like (e.g. wired uplink & downlink, wifi up/wired down, wired up/wifi down etc), combined with the ability to terminate a VPN on the device.
(Possibly my most silly use was to provide a network connection via a phone wifi hotspot to a wired network appliance).
And size-wise it's about half the size of a cigarette packet. (Yeah - that feels like quite an odd size comparison...)
Do they use a different fork/package for AdGuard home?
I'm asking this because the smaller models from them are limited to 32MB flash and 128/256MB RAM, which is way too less for typical AdGuard Home usage.
Personally I'm using some older Linksys WRT 1900AC/3200ACM models for my malware homelab and for the 1900AC the AdGuard daemon is constantly OOM once a few blocklists are selected.
Does anybody maybe know whether there's a fork that uses less memory and skips all the statistics and stuff that you won't need?
This isn't an issue with needing a fork that uses less memory. You're loading hundreds of thousands, if not millions of urls into memory so they can be compared to every single dns request happening. Text, even compressed, requires a certain amount of bytes to store, and there is no way to use less memory beyond that point, it's literally, physically impossible. Are there memory gains in adguard? Probably. But I doubt enough to magically make your 128MB of memory defy physics and hold more than 128MB of bytes. Doesn't matter what those bytes are, or how efficiently you made them, that physical rock can only ever handle 128MB of those bytes
Well, you could implement an LPM trie that focusses on FQDN labels; for example. Which would greatly reduce the memory usage compared to what AdGuard Home does currently with their per-rulelist-slices.
If you represent LPM tries as JSON and order them by alphabet, you'll get even benefits of gzip on HDD to save lots of space. Just a suggestion and how I would implement it with an eBPF module, not meant as a critic.
Like I said, even with compression, gzip in your example, you can only load up so much data into the physical ram modules. Reduce the list to domains and cut out dupes, minimize the schema, kick least recently used entries, do whatever you can to drop memory usage, but it's a n+1 problem if memory usage is linked to an unknown sized set of block lists. A buffered pager that streams from disk to shifts through the list as it iterates and checks is going to need to take place if you can't hold it all in memory. Though, even with limited memory, if you're reading off fast storage, like nvme, the small amount of memeory shouldn't really matter much, as even reading the files from disk should be plenty fast enough for your average internet connection imo
Agree, the GL Beryl works fantastic for my needs. Plus OpenVPN and WireGuard to where I need. A great travel router, used it as my main router while away from home staying in hotels for the better part of a year.
Regarding GL Beryl (and possibly other routers of theirs), it is worth mentioning that you get significantly higher throughput with WireGuard. Thus, if you have the option of hooking up via OpenVPN or WireGuard, do opt for the latter.
On the topic of GL.iNet. I have had a good experience with their customer support as we tried to work out some issues likely related to hardware. They were patient and allowed me to swap between routers until we got it to work. Oddly the final solution was to put an unmanaged switch so that we had two switches separated by about 30 metres of Cat 6A Ethernet cable, rather than plugging it straight into the router. According to the specification, this should not be an issue from what I can tell. Still, given how helpful and patient their support were, the whole experience still leaves me as a happy customer - despite the obvious hack.
Make sure you have a good AC adapter and cable. Mine it's the GL-MT300N (v2) and I keep on missing the signal (although it's not rebooting). Not the proper voltage or amps might be the reason.
I am using a gl-inet router as a main router for my apartment. I picked it up on sale and it has been wonderful. Much better than the Linksys I got on sale 4+ years ago.
It has replaced the modem/router that my ISP gave me. I still use this modem/router with the Gl-inet which is set up in bridge mode.
It's stable. No WiFi flake outs. The only time I have had to reset it is when I have updated the firmware.
Eventually I plan to switch to a pfsense based router and use the Gl-inet as a wifi access point when at home and a router when I am abroad. This way all my WiFi devices will work seamlessly.
1. Wired Ethernet Cable (RJ45). Almost all hotels have it. If you cannot find one, ask for it or ask right at the reception to give you a room with it. If on extended stays (Airbnb, Service Apartments), I plug one into the primary router to have my Wi-Fi. It is rare not to get one way or another to set this up. Carry one of those thin but lengthy RJ45s (such as the ones from Monoprice or Ubiquiti) with your router. They will fit well in your tech pouch.
2. Connect to the Wi-Fi, but run your own DHCP in the router to distribute your IPs to your devices.
Not the person you are replying to. It's not unusual to find a working RJ45 in a hotel room, and as a bonus they often don't have a captive portal.
Otherwise you can usually set up a router to bridge one WiFi network to another. Sometimes the captive portal screen just works on your computer that you're connecting to your own router. Other times you can sign in while connected to the hotel WiFi, and then clone your machine's MAC address so the network thinks the router has already signed in.
My favorite hack is bridging a congested hotel 2.4GHz network to my own personal 5.8GHz network, which benefits everyone if you are a family about to light up 5-10 more devices.
The WiFi-to-WiFi bridge isn't always very efficient, especially if the router has to multiplex the two connections using a single antenna, but speed isn't always the top concern.
> My favorite hack is bridging a congested hotel 2.4GHz network to my own personal 5.8GHz network, which benefits everyone if you are a family about to light up 5-10 more devices.
I do the same thing. It's failed only once: the /24 address space in my "internal" network was the same as the /24 used by the hotel's network and I didn't think to chrck. I brought down the hotel's router.
This is a misconfiguration. Your private address space should not leak at all towards the hotel router side. If it brought down the hotel router it sounds like you had some kind of loop between the “private LAN” and the “WAN”.
Depending on if the NAT configuration in the router is fully correct, it should even fully work if both are the same.
Several years back I was staying at a hotel than made me re-authenticate through their portal (enter my name, room number, etc) every time I unlocked my phone. I happened to have an AirPort Express with me. I plugged that in, authenticated once, connected to my new WiFi network instead of the hotel WiFi, and was good for the rest of my trip. Using cellular internet wasn’t a great option at the time/location, so I was really happy I had the little pocket router with me.
I was hoping to this would be an lte-wifi router. Unfortunately it isn't.
I wish we had open source modern lte hardware, but it's not just that we haven't got any open source stuff. There is barely any commercial stuff either. Qualcomm seems the only company I'm able to find that makes lte cat 20 hardware, let alone cat 24. I wonder why. Wouldn't open source hardware projects like limesdr have the resources necessary to deliver it? (there is an fpga on board).
Likewise with WiFi 6 and 7. But here were talking about high frequencies so I can understand a lack of open hardware.
> Qualcomm seems the only company I'm able to find that makes lte cat 20 hardware, let alone cat 24. I wonder why.
Because Qualcomm is the main supplier of modems for nearly all devices in US, and nearly all flagship devices and LTE-routers globally.
It's nearly impossible to compete with Qualcomm on pure modem-chipset pricing, because:
1) The sheer volume of chipsets they produce
2) The fact that their modem firmware of those few-dollar component is largely validated (and paid for) by Smartphone device manufacturers and carriers when they launch their 800+ USD Premium Smartphones with the same modem.
3) Qualcomm's iron grip of patents and manufacturer contracting practice
Few have tried over the years, including juggernauts like Huawei, Samsung, LG. All failed.
> The only ones who did succeed are Mediatek with their bottom-of-the-barrel stuff... wonder how that is possible.
I'm not aware of Mediatek competing with LTE modems for routers, not even low-tier. I'm aware they are trying again now with 5G, but also here I'm not seeing big tractions for commercial products...
Could you name an example device or chipset of a Mediatek-based LTE-router?
- According to the website, RUT951-LTE is based on a MIPS 24kc CPU from Mediatek, which is their major router platform, and does not include an LTE-Modem. It's likely MT7628K [1]
- The second example MT8735D is a tablet SoC (not just a modem but also a CPU, GPU, Audio DSP, Camera ISP etc in one package)
To be able to connect to LTE networks you, in most regions, need your hardware AND firmware to be approved by your local radio communications authority (e.g. FCC).
Open source baseband firmware and hardware projects exist but, even if a LTE baseband firmware and hardware were to be developed, you wouldn't be able to use it outside of a Faraday cage unless you spend lots of money getting it certified.
There are some opensource LTE UE stacks, for example srsRAN has one. Legalities aside, it can in theory connect to a public network using an USB sim card reader (or a software sim emulator if you know the required keys). For a stationary node you should get more or less the same performance as good LTE dongle, but dynamic applications will perform very bad.
Unlike WiFi, LTE allows quite high latencies, so the host computer can do all computations, no real need for FPGA code.
For WiFi you have OpenWiFi: https://github.com/open-sdr/openwifi It currently has 11ac support and WiFi6E is in development. Operation on 2.4GHz can be a bit confusing due to lack of 11b support but on 5 or 6GHz it 'just works' (though note lack of DFS support).
Even Apple isn't satisfied with its own work on modems if rumors are to be believed. I'm sure Apple will gladly spend billions of dollars in research and own the modem rather than pay Qualcomm year after year.
Just some napkin math, Apple had 232M iPhone sales in 2022. If Apple paid USD 8 (low end estimate) per iPhone sold, that would be USD 1.8B just for 2022.
If I were Apple, I'd gladly spend USD 2B a year if that meant I would not have to pay Qualcomm USD 1.8B
My guess is this work is actually difficult
especially given all the patents/royalty traps you'd have to avoid
and not something people have not simply gotten around to doing.
I’m not discounting the difficulty at all, but at Apple’s scale they need a lot more reliability than what I’d require for my own hacky little modem. From what I’ve read, a big part of Apple’s issues are size and heat, which would be less of an issue as a stand-alone device, as miniaturization is less important.
We don't need that; if our data is encrypted the modem hardware sees only noise passing through. Yes, it can know who we are speaking with or which address we're connecting to, but that information would be already known by the carriers anyway and shared with whoever has the power to tell them to. All we need is Free and Open Source Software and Hardware outside of the modem, so that our data can't be intercepted before it is being encrypted or after it is being decrypted - think about a malicious app intercepting where you tap the screen so that it can read all your passwords even before they're fed into some app or a browser code. Now think what would happen if this malicious code was built into the screen driver itself, or the storage driver for data that comes encrypted but is being decrypted to be read and stored by the user. We badly need open source everywhere, but asking for it in radio hardware is a lost cause; carriers will never open up their devices, and for a very good reason.
Well, there is this issue around the baseband modem having access to the hardware, at least in phones. If i remember correctly, they can install software that way? However, if we are using a USB modem, i wonder if we are already more secure as it has to use the usb protocols to communicate at hw level?
There was a project back in 2013 called PORTAL. "Personal Onion Router to Assure Liberty". It used a GL.iNet travel router. At that time, there were no model numbers. I bought one ($18 on the 'Zon), and upgraded the flash to 64GB.
The company noticed that 1) folks were upgrading storage, and 2) hackers were adding pins so they could connect to the serial port. They then modified their production to include both of those hacks. They called it the "6416".
I've gone on to buy many of the GL.iNet devices. I take a Brume with me on travel. Their built-in software (OpenWRT with a custom WebGUI) is so handy that, despite knowing they have anti-features built in, I just use it as-is. I normally use it's 802.11ac radio to connect to the hotel, and copper Ethernet to my machine. But with dual antennas, you can also connect wirelessly without going half-duplex.
That DIY 6416? I use it as my home WAP, configured as a bridge to my central switch. It's been running 24/7 since 2015 or so.
GL.iNet also make an open-source hardware design. So if you're uber-paranoid, you can build your own.
At one time when the router was powered up, it would attempt to send your IP address and router serial number back to GL.iNet. Theoretically, that was to enable a Dynamic DNS service that they ran. It could be turned off, but if you had it connected to the Internet at the time, your info leaked. So I would ensure the first power-on had no WAN, so I could go in and turn off all that stuff. I consider that a dark pattern, and it makes me generally suspicious of the vendor.
Not that I'm not a big fan. These things are exactly what I need for travel. And my company sends me places with iffy Internet connectivity, so I have found it incredibly useful to have a tiny device which can set WAN to be wireless, wired, or cell-modem. I used to wipe it and reload with OpenWRT.
When you find a company who sees what users are doing (like populating the serial port), and that company changes their device to do that by default, you've got someone who actually cares about customers.
The problem, really, is China. Just like Russia, China has laws requiring full cooperation with the MSS by all electronics manufacturers. So I just assume breach, meaning my devices are either back-doored at the factory, or are sigint-ready just by pushing out a new system image. If they have your device ID and external IP address, they can probably target specific people who are high-value.
Just to be fair, the NSA has been caught fiddling with crypto to make it "sigint ready". Snowden showed photos of NSA re-boxing Cisco gear (where do you suppose they got that Cisco-branded anti-tamper tape?) Everyone spies; it's just a fact of life.
How does the travel router differ from an Android mobile hotspot, it can work over USB, Wi-Fi, and Ethernet if you have an adapter, you can configure a VPN on it and have hotspot clients use it, and it's always ready with a cellular or Wi-Fi connection
I've been using the GL.INET GL-AR300M16 router for a couple of years. They work incredibly well. I can go to any hotel or cafe, plug it in the back of any free USB port (existing routers, TVs, or power banks if necessary) and away I go. If there's ethernet I plug it in, or if it's wifi then I can just auth through the router. That's all. Immediately I have all of my devices functioning as if I am still at home with appropriate DNS settings and similar.
But 300Mbps max throughput (2.4GHz, a/b/g/n) on a single antenna (meaning it's actually something like 150mbps down maximum) is frustrating. The 16mb storage also leaves barely any space on the router.
All I want is something that can boot on a minimum draw of 5A/1V -- and appropriately throttles performance down in that environment -- but can take something up to like 5A/3V and appropriately increases performance.
I'm surprised to find there's not more demand for "back to back" travel wifi routers, e.g. so you can connect once to a hotel wifi and immediately all devices are connected via the router's own wifi. This is useful not just for working around device limits but also for simplicity of setup when you have kids.
I own one and tried it for a business trip.
It's a cool nerd-toy. It's not cheap and not always easy to setup for anyone who is not technically savvy.
I like it, but I wonder if I want to carry it when I go carry-on only in Europe. I guess most people will trade some privacy and inconvience for weight- and cost-savings.
If you have a non-artificially-limited android phone (i.e. rooted), you can just open a hotspot with everything going thru your wireguard vpn back to home.
If you have stock android or IOS, then the real owners of your device won't allow you do this, since they get location data from your network on all those devices.
I think it's also worth looking at mikrotik. I run a HAP ac2 for travel which is small, has dual Wi-Fi radios, and enough power for good speeds on IPsec VPN. It also supports wireguard.
They also have a tiny, less powerful unit (mAP) that may fit with some travel use cases.
Mikrotik's product names are sufficient to uniquely identify them and easily searchable. This differs from many hardware vendors, so your question was reasonable, despite already having what you asked for from the prior poster.
The article says that there was already an item that could fit the bill (one of the ThinkPenguin mini-routers) but was out of stock. Sounds like a supply chain problem to me.
>and this board doesn't look like any Raspberry Pi anyway, so it's not a knockoff.
If the Orange Pi is a Raspberry Pi knockoff, then the Raspberry Pi itself is a knockoff of the Foxboard LX832 which predated the first Raspberry Pi by at least six years.
I find the benefit of a router with you when traveling are;
- More secure (you can set it up the way you want).
- Your device(s) do not need to be configured to work and sync.
- Better wi-fi coverage.
PS. I have no relationship with GL•iNet. They just seem to be the most ideal from all the reviews I have stumbled on so far.
1. https://www.gl-inet.com/
2. https://www.gl-inet.com/products/gl-mt3000/