I think it may be possible to send tethered data through the tunnel on a rooted phone but don’t quote me on that.
Which phone is this? Asus phones don’t do this natively.
A phone running LineageOS 20 (Android 13)
Wow. Does Pixel 7 have this?
It should. I can’t be sure, tho.
Have what? The ability to flash LineageOS 20? Yes. But flashing ROM’s on phones is not recommended for the inexperienced. And, you will need to unlock the bootloader which you can’t do on Pixels purchased from Verizon.
I think this feature could be in the pixel stock os, lineage doesn’t diverge very much from aosp.
You can run an Android proxy server app to have http/https traffic go through VPN, such as PdaNet+ (pay) or Every Proxy (free and my preferred). Android smartphone/tablet, Windows PC, iPad and Mac all have native proxy clients. GL.iNet/OpenWRT routers do not have native proxy client, which is another reason that I do not bring a router when travelling anymore.
2 Likes
Stock Android on Pixel phones does not have that bottom option to route the tethered data through the VPN tunnel.
1 Like
My pixel 6a, Google Fi, does not.
1 Like
Checked on an old Nexus 7 with recent LineageOS. It has this VPN toggle. However, it can’t be at the same time connected to wifi and have hotspot enabled. In other words, sharing a wifi internet connection through wifi isn’t possible. I think it isn’t even possible through USB or Bluetooth as I can’t turn on hotspot without wifi turning off by it self. Unless there’s a hidden setting somewhere, I think this feature depends on a device.
That could depend on the hardware.
Also, Android hotspots aren’t that comfortable to use for a long time. They literally EAT battery and go either on 2.4 GHz or on very high numbered SRD 5GHz channels (which our friends at GL.inet are working to support, I hope – what’s the point of having a repeater if it won’t repeat Android hotspots in Europe)
Battery isn’t an issue when there’s easy access to electricity, like in a hotel. For people who don’t like to keep their battery at 100% all the time there are solutions like https://chargie.org. Also I’ve heard that some Android devices have built-in charging limiter. Too bad GL.inet battery-backed devices don’t have that feature.
It is an issue. Batteries have limited charge cycles. Using one a day, fine. More? That’s an issue.
Another reason why using 2.4GHz is a problem.
For as much as I’m enjoying reading all the creative ideas on how to not use the Beryl AX in hotels with captive portals, I’m keen to get to the bottom of why it’s so hard for this device to get the job done.
I’m wondering if the features that makes this device so awesome are the culprit for why it also doesn’t work with captive portals.
For instance I was reading a fresh discussion on the same on Reddit and someone has suggested the following:
You should skip the part about cloning your laptop’s MAC address.
Connect your laptop to the router.
In the browser, go to http://192.168.8.1 and disable “Block Non-VPN Traffic” in the VPN Dashboard.
If you also use AdGuardHome, you need to turn it off.
Now click on “Repeater” in the sidebar and click on the hotel SSID. Start with 2.4 GHz.
The captive portal should open and ask you to accept the terms.
If it works, try 5 GHz.
This implies :
a) Vpn is active and hence is obviously blocking access to the captive portal (possibly we also need to enable “Allow Access WAN”, which isn’t mentioned above)
b) adblock’s DNS settings also cause an issue resolving the captive portal IP address resolution (or something like this).
Can anyone in a hotel now validate those hypothesis?
1 Like
Search.
Understand that most captive portals use a form of DNS poisoning. You can’t go anywhere unless you trigger the captive portal and clear a path for subsequent excursions. MAC spoofing a single device that can clear a path is one promising way, but not the only way and not always successful.
The router can’t deal with a captive portal if VPN is trying to be active. It has to be off to start. Same for adblock. Both are preventing you from triggering the captive portal in the first place. You need a browser to send a dumb request over http on port 80, and the only reliable way is to go to neverssl.com.
2 Likes
Also disable any encrypted DNS you might have enabled.
I have been using exactly this method for over 2 years and have tried it at at least 50 hotels and places. Presently at an AC hotel in EU and here the method worked on the third try; confirmation on the portal showed errors the first 2 tries. However, last week at a Hilton group airport hotel in the US it wouldn’t work when I gave up after 30 minutes.
This method is very clumsy and frustrating; I need to reconfigure the router twice; first prepare it for the captive portal as follows:
Disable my dns settings
Disable adguard
Disable my VPN settings
Disable or change the wifi password (if you don’t do this you have no control over which device starts showing the portal which leads to errors as all my devices connect to the router once booted).
About 40% of the times no page shows and you need to try neverssl.com Google.com etc you’re just sitting there guessing.
Sometimes it just doesn’t work period. Sometimes the page shows after a long time, sometimes you need to connect the repeater 4-5 times before it works.
If successful you have to re-enable the multi wan setup/dns/vpn and the wifi for the other devices etc.
Edit: by the time I have reconfigured everything my devices have already sent data on the network without the VPN which potentially compromises security. I feel only secure way would be if the portal would somehow show inside a browser window of the Gl-inet device, as android devices do. That would take care of all problems mentioned above.
2 Likes
@alzhao this is an eye opener discussion. Pretty much confirming these devices are not fit for purpose.
To the point that one can argue that marketing them as “travel routers” can be considered false advertisement.
Surely your Devs can work on a creative solution! Some sort of guided wizard built for the captive flow, disabling everything temporarily and showing a built in browser (via docker?).
We’re all in support of your brand, please take another serious look at it
2 Likes