There are others that aren’t Chinese but nothing anywhere near the price bracket you’ll get from GL.Inet. I wouldn’t trust them either, I’d just take the hit and lose the app. Since it’s OpenWRT I wouldn’t be surprised if there’s an alternative to the apps. Flashing standard OpenWRT to them is really easy, you just download it from the site and flash through the firmware upgrade option, no dramas. Many VPNs will have instructions on how to set up their service on OpenWRT.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
There are others that aren’t Chinese but nothing anywhere near the price bracket you’ll get from GL.Inet
Can you give me some pointers to non-Chinese equivalents of those GL.iNet routers? I'm quite ready to suck up the extra cost.
About to head off to work but I think Netgear make one, but it’s like 6-7x more expensive. And it’s probably made in China anyway.
The cheap models can not be flashed with openwrt since they use some proprietary drivers or something.
The complete Opal series is not supporte iirc.
Not all glinet routers can be flashed to vanilla openwrt as my friend found out
Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos.. share your VPN over hotspot, these are the only two ROMs that I'm aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don't have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.
Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc
I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you're paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn't matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It's just more portable. And you have a backup phone when you're traveling
get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that
That's what I thought too. So I tried it on my CalyxOS phone and... it doesn't work: the hotspot doesn't route through the VPN. And from what I read, it's by design.
I have an old Nokia 4.2 running LineageOS. I might try that one.
end-to-end VPN
Incidentally, do you know if the GL.iNet devices can act as a VPN server too?
I use a calyxos device to share VPN, as of a few months ago.
Hotspot & Tethering
- Allow clients to use VPNs
https://calyxos.org/features/list/#network
Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I'd be curious to learn about it
If openwrt can do it, gli-net can do it
I use a calyxos device to share VPN, as of a few months ago.
Hotspot & Tethering
- Allow clients to use VPNs
Oh wow I totally missed that. It works great! Genius!
Thank you for that. Suddenly it makes repurposing one of my old cellphones a very simple and viable proposition.
(and I'm posting this from my laptop connected to the hotspot connected to the Calyx VPN 🙂)
LineageOS implementation of this is poorly done and will leak data outside of your VPN tunnel.
https://github.com/mullvad/mullvadvpn-app/issues/4016#issuecomment-2422616515
True, but don't let perfect be the enemy of good.
Sharing VPN from a phone over a hotspot, means all of that traffic looks like it's coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That's a pretty good trade-off
No offence but that's terrible logic.
There is no point in using a vpn if you don't care if your data leaks outside the tunnel.
It would be much better to just use a free VPN, like proton, on all devices instead and then just use the regular hotspot functionality.
There is no point in using a vpn if you don't care if your data leaks outside the tunnel.
Sharing VPN from a phone over a hotspot, means all of that traffic looks like it's coming from the phone.
Either you didn't read the github comments or dont understand how vpns work.
If the VPN over hotspot function leaks data outside the tunnel, then your phones data is going to be revealed in the clear.
And yet eve with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it's coming from the phone so it isn't throttled by the carrier as tethered data. The failure scenario being the data goes slower.
I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.
No need to insult me, I both read the GitHub and understand how VPNs work.
Sorry my bad, I should of responded in a more professional tone.
Yeah I totally agree there is a valid reason to have the function but its all moot if the function doesn't work correctly.
Even if it only works sometimes, there is still a use case with a benefit. I.e. speed throttling on tethering
I'm looking to get one soon enough from the EU store. Depending on the product they will say if it is shipping from China directly. I guess we have to trust some of these companies at some point with all of our devices. I plan to use it with a commercial vpn
I have been using one of their top end routers for nearly a year. Have stock fw installed and chosen not to flash with openwrt. I’m privacy conscious but figured with the amount of customers and forum space dedicated to their products someone would have noticed any funny business by now. Router works great and have had no problems over several updates.
Anything that can run vanilla openwrt will do just fine.
But then you need a separate LTE/5G stick.
There are some that have builtin LTE modems
I don't know viable, available or pricey these are but I found the following in the table of hardware and there are still about as many of them left I didn't copy.
https://openwrt.org/toh/views/toh_extended_all
COMFAST CF-E7
Edge-corE OAP-100
GL.iNet GL-AP1300
MikroTik RBwAPGR-5HacD2HnD&R11e-LTE (wAP ac LTE)
MikroTik RBwAPR-2nD (wAP R)
Sony AI Home Gateway (NCP-HG100)
ZBT WE1026-5G
ZBT WE1026-H
Arcadyan / Astoria Easybox 904 LTE
BOLT Arion
BOLT BL100
Cell C RTL30VW
https://openwrt.org/toh/views/toh_extended_all
As an update I got a router beryl ax and I'm testing it out. My use case is use a vpn on the router and a vpn on the laptop.
It works if I use an Ethernet cable from the travel router to the existing router and connect to the travel router by WiFi.
It also works if I plug the travel router into the laptop via ethernet and have the travel router connect to the existing wifi.
In other cases such as hotspotting it worked fine with one vpn but when adding the vpn on the laptop it resulted in too much latency.
In all of my tests so far both vpns were openvpn based so I will test again with one of them as a wireguard vpn and see how that goes.
Overall I'm pleased with it.
There is an interview with the founder on one of the Privacy podcasts. You can form your opinion. My opinion - yes, they are trustworthy and you can do with them anything that you can with any Linux box, alternatively flash a clean OpenWRT for extra paranoia