this post was submitted on 02 Nov 2024
24 points (96.2% liked)

Privacy

32165 readers
166 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

So I'm on the market for a 4G or 5G mobile hotspot with a build-in VPN client I can carry around in my backpack and connect my cellphone to. I've looked far and wide, and really the only manufacturer that seems to make what I want is GL.iNet.

The two battery-powered models they offer that interest me are the Mudi v2 and the Puli: they only do 4G and I wish they did 5G too, but I can live with that. Other than that, they really tick all the boxes for me.

From what I could read, the GL.iNet company also seems very open and very responsive. That's a plus too.

But I have one giant problem that prevents me from whipping out the credit card: GL.iNet is a Chinese company, and those products are sensitive applications. I know I can flash OpenWRT separately on those devices to ensure they're not doing stuff behind my back, but I don't really want to do that because I'd lose the GL.iNet plugins and custom UI. Not to mention, I have no free time for that. I'm looking for a ready-made solution if possible with this one.

Anybody knows if GL.iNet can be trusted?

Also, has anybody ordered from Europe using their EU store? They say they ship direct from Europe but they give no details.

And finally, what do you think of those two mobile VPN routers if you own one. Do they work well? I read somewhere that they can be buggy with certain VPN providers. Do they work in Europe? I assume they do since they sell EU plugs but maybe there are caveats.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos.. share your VPN over hotspot, these are the only two ROMs that I'm aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don't have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.

Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc


I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you're paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn't matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It's just more portable. And you have a backup phone when you're traveling

[–] [email protected] 4 points 3 weeks ago (1 children)

get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that

That's what I thought too. So I tried it on my CalyxOS phone and... it doesn't work: the hotspot doesn't route through the VPN. And from what I read, it's by design.

I have an old Nokia 4.2 running LineageOS. I might try that one.

end-to-end VPN

Incidentally, do you know if the GL.iNet devices can act as a VPN server too?

[–] [email protected] 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I use a calyxos device to share VPN, as of a few months ago.

Hotspot & Tethering

  • Allow clients to use VPNs

https://calyxos.org/features/list/#network

Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I'd be curious to learn about it

If openwrt can do it, gli-net can do it

[–] [email protected] 2 points 3 weeks ago

I use a calyxos device to share VPN, as of a few months ago.

Hotspot & Tethering

  • Allow clients to use VPNs

Oh wow I totally missed that. It works great! Genius!

Thank you for that. Suddenly it makes repurposing one of my old cellphones a very simple and viable proposition.

(and I'm posting this from my laptop connected to the hotspot connected to the Calyx VPN 🙂)

[–] [email protected] 3 points 3 weeks ago (1 children)

LineageOS implementation of this is poorly done and will leak data outside of your VPN tunnel.

https://github.com/mullvad/mullvadvpn-app/issues/4016#issuecomment-2422616515

[–] [email protected] 0 points 3 weeks ago (1 children)

True, but don't let perfect be the enemy of good.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it's coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That's a pretty good trade-off

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

No offence but that's terrible logic.

There is no point in using a vpn if you don't care if your data leaks outside the tunnel.

It would be much better to just use a free VPN, like proton, on all devices instead and then just use the regular hotspot functionality.

[–] [email protected] 0 points 3 weeks ago (1 children)

There is no point in using a vpn if you don't care if your data leaks outside the tunnel.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it's coming from the phone.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Either you didn't read the github comments or dont understand how vpns work.

If the VPN over hotspot function leaks data outside the tunnel, then your phones data is going to be revealed in the clear.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

And yet eve with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it's coming from the phone so it isn't throttled by the carrier as tethered data. The failure scenario being the data goes slower.

I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.

No need to insult me, I both read the GitHub and understand how VPNs work.

[–] [email protected] 1 points 3 weeks ago (1 children)

Sorry my bad, I should of responded in a more professional tone.

Yeah I totally agree there is a valid reason to have the function but its all moot if the function doesn't work correctly.

[–] [email protected] 1 points 3 weeks ago* (last edited 3 weeks ago)

Even if it only works sometimes, there is still a use case with a benefit. I.e. speed throttling on tethering