It does not work! And there are many articles trying to help, but these also do not work. I’m trying to connect to Hilton’s Captive WiFi/portal (in different countries). It never works, the official documentation linked above is just not working at all!
So how do I connect my Beryl to a Captive WiFi of Hilton? Beryl connects to the Hilton WiFi correctly, the Internet settings in Beryl even show this:
IP Address: 192.168…
Netmask: 255…
Gateway: 192.168…
DNS Server:
– 8.8.8…
– 8.8.4…
Of course, I have also disabled DNS Rebinding Attack Protection as required according to the above mentioned link.
Opening any browser (even in incognito mode) and calling any website (i.e. http://nossl.com or any other) leads to a browser that hangs loading (loading actually never finishes). Same behavior from any mobile device such as iPhone and Android etc.
So what shall I do? Connecting via Cable is unfortunately not possible.
I believe this must be an issue that is well known… Can’t believe I’m the only one.
Did anyone solve this? What am I doing wrong?
Thanks in advance!
ps I have the latest firmware installed on my Beryl
As far as I know, this could be the issue. Instead of 3.211, try 3.203. Or a Beta.
At least with AVM Fritz!Box there is an issue. I’m not familiar what kind of hardware the Hilton is using. I think something a little more enterprise, than AVM.
It’s a fight between router manufacturers vs hotels. The hotels have very good captive portals and networking to devices to catch these travel routers and block them.
See if you can make a complaint to the hotel staff that your device won’t connect and see if they can help. (They will probably tell you too bad).
This is the sad truth in 2022, but it is what it is.
Even is going down a firmware helps, they (Hotels) will continue to find ways to block travel routers in the future.
You’re the MVP! Thanks for sharing. I barely stay at hotels, rather I take the routers when I’m visiting family and want all my devices to have access to my home servers.
Your router speaks NAT (network access translation). This means all internal devices will speak to the router and it will be one device to the next hop. If you decide your laptop/mobile/… got a TTL of one, it will hop to the GL.iNet and this will 1 hop to the Hilton network… The Hilton should not be able to configure your internal network.
This can be different in IPv6, but this is disabled by default.
Maybe the Hilton gives some special configuration, the GL.iNet is not copying, beside MAC. But this is a little hard to analyze from far away.
Wishlist for GL.iNet: direct downloadable capture on the device to anything tcpdump/Wireshark speaking
The router cannot connect to the hotel network at all. It just keep disconnecting.
If this is the case, the only way is that you talk with the hotel and ask why they don’t allow you to connect routers.
The router is connected but the portal page cannot pop up. Maybe you can try mac clone in this case.
DNS servers 8.8.8.8 and 8.8.4.4? I doubt that would allow Hilton is hijack DNS to point you to their captive portal like plenty of captive portals love to do.
Also did you try to connect with another device to the wifi and see the URL of the captive portal? Sometimes it’s easiest to just call that url after connecting to the wifi of the travelrouter.
Also what DNS servers does that other device receive?
TTL can be rewritten, so that wouldn’t help hotels: iptables -t mangle -I POSTROUTING -o wwan -j TTL --ttl-set 65
Wow, the help from all of you is just amazing! Thank you so much!
I ended up using “MAC Clone”:
Login to the captive WiFi if Hilton using my device
Afterwards, on the same device connecting to my Beryl
In the left side menu of the web admin panel go to MORE SETTINGS → MAC Clone
In the drop down box labelled “Your Router WAN” choose the same value you can see above under “Your Current Client” (on the same page).
This clones the MAC address of my current device to the router, pretty cool.
Here is some explanation I received from the support: It is used especially in hotel when the network checks your MAC address. For example, if you got your smartphone registered on the network, you can clone the MAC address of your smartphone to the router so that the router can also connect to the network.
When the connection to the captive WiFi has expired you have to login with your device to Hilton’S captive WiFi again - I can live with that.
There are a several ways captive portals get a client to go to the portal:
One way is to make all HTTP traffic to a specific webserver, which then redirects you to the captive portal.
Another way would be ICMP redirection.
And yet another way is to hijack DNS to point the client to your captive portal.
All of them work different and each method deployed by the operator of the wifi-network may not work when settings on the client are not what that operator expected. Using another DNS-server may break some captive portals, while others might be fine. Each of the methods may have its drawbacks. For example if DNS records are resolved normally (but all HTTP traffic is rerouted), you may find someone doing some nice DNS-tunneling.
The GL Inet’s DNS resolver in the firmware probably also has DNS Rebind protection on by default (it should), which may also break some captive portals. (It may prevent local IPs in DNS results; That would break captive portals hosted on private IPs such as 10.0.0.0/8)
I’m not saying any of those cause the issues in this specific case, but it may have caused the reason why this specific captive portal did NOT want to load.
So shared this in another post as well, but for anyone else having this problem of difficulty connecting at a Hilton with the Captive Portal not appearing, this is what fixed it for me:
Go to the VPN Dashboard → VPN Client → Global Options, and uncheck “Block Non-VPN Traffic”. I also had to set my WireGuard to disabled to get the captive portal to come up. You can turn WireGuard back on once you’re connected.
