Connect to Captive WiFi of Hilton not working!

Hello There,

I’ve been trying this now for months on my Beryl: Connect to Captive Portal - GL.iNet Docs

It does not work! And there are many articles trying to help, but these also do not work. I’m trying to connect to Hilton’s Captive WiFi/portal (in different countries). It never works, the official documentation linked above is just not working at all!

So how do I connect my Beryl to a Captive WiFi of Hilton? Beryl connects to the Hilton WiFi correctly, the Internet settings in Beryl even show this:

IP Address: 192.168…
Netmask: 255…
Gateway: 192.168…
DNS Server:
– 8.8.8…
– 8.8.4…

Of course, I have also disabled DNS Rebinding Attack Protection as required according to the above mentioned link.

Opening any browser (even in incognito mode) and calling any website (i.e. or any other) leads to a browser that hangs loading (loading actually never finishes). Same behavior from any mobile device such as iPhone and Android etc.

So what shall I do? Connecting via Cable is unfortunately not possible.
I believe this must be an issue that is well known… Can’t believe I’m the only one.
Did anyone solve this? What am I doing wrong?

Thanks in advance!

ps I have the latest firmware installed on my Beryl

As far as I know, this could be the issue. Instead of 3.211, try 3.203. Or a Beta.
At least with AVM Fritz!Box there is an issue. I’m not familiar what kind of hardware the Hilton is using. I think something a little more enterprise, than AVM.

It’s a fight between router manufacturers vs hotels. The hotels have very good captive portals and networking to devices to catch these travel routers and block them.
See if you can make a complaint to the hotel staff that your device won’t connect and see if they can help. (They will probably tell you too bad).

This is the sad truth in 2022, but it is what it is.

Even is going down a firmware helps, they (Hotels) will continue to find ways to block travel routers in the future. :-1:

1 Like

Hmm if you have tried all the things like mac cloning, hostname changing and this still doesn’t work, even with different firmwares.

It could be that they have set a TTL of 1, I just readed about this on some other forums like netgate, mentoid Here

That makes it very hard because the next hop would be your gateway and from what I believe this setting purely checks for one NAT,

I’m not really experienced with this, nor do I know if this could be bypassable easy, perhaps someone could eleborate this better :+1:

I found some more info there seem whole ttl lists aswell:
click here


You’re the MVP! Thanks for sharing. I barely stay at hotels, rather I take the routers when I’m visiting family and want all my devices to have access to my home servers.

1 Like

In gereral it should not be the problem.

Your router speaks NAT (network access translation). This means all internal devices will speak to the router and it will be one device to the next hop. If you decide your laptop/mobile/… got a TTL of one, it will hop to the GL.iNet and this will 1 hop to the Hilton network… The Hilton should not be able to configure your internal network.

This can be different in IPv6, but this is disabled by default.

Maybe the Hilton gives some special configuration, the GL.iNet is not copying, beside MAC. But this is a little hard to analyze from far away.

Wishlist for GL.iNet: direct downloadable capture on the device to anything tcpdump/Wireshark speaking :slight_smile:

1 Like

There are two situations:

  1. The router cannot connect to the hotel network at all. It just keep disconnecting.
    If this is the case, the only way is that you talk with the hotel and ask why they don’t allow you to connect routers.
  2. The router is connected but the portal page cannot pop up. Maybe you can try mac clone in this case.

DNS servers and I doubt that would allow Hilton is hijack DNS to point you to their captive portal like plenty of captive portals love to do.

Also did you try to connect with another device to the wifi and see the URL of the captive portal? Sometimes it’s easiest to just call that url after connecting to the wifi of the travelrouter.
Also what DNS servers does that other device receive?

TTL can be rewritten, so that wouldn’t help hotels:
iptables -t mangle -I POSTROUTING -o wwan -j TTL --ttl-set 65

Wow, the help from all of you is just amazing! Thank you so much!
I ended up using “MAC Clone”:

  1. Login to the captive WiFi if Hilton using my device
  2. Afterwards, on the same device connecting to my Beryl
  3. In the left side menu of the web admin panel go to MORE SETTINGS → MAC Clone
  4. In the drop down box labelled “Your Router WAN” choose the same value you can see above under “Your Current Client” (on the same page).

This clones the MAC address of my current device to the router, pretty cool.

Here is some explanation I received from the support:
It is used especially in hotel when the network checks your MAC address. For example, if you got your smartphone registered on the network, you can clone the MAC address of your smartphone to the router so that the router can also connect to the network.

When the connection to the captive WiFi has expired you have to login with your device to Hilton’S captive WiFi again - I can live with that.

Thank you everybody - you are amazing!

It’s not the destination that is being detected, it’s the http request itself. And everything else is blocked until you are whitelisted.

There are a several ways captive portals get a client to go to the portal:

One way is to make all HTTP traffic to a specific webserver, which then redirects you to the captive portal.
Another way would be ICMP redirection.
And yet another way is to hijack DNS to point the client to your captive portal.

All of them work different and each method deployed by the operator of the wifi-network may not work when settings on the client are not what that operator expected. Using another DNS-server may break some captive portals, while others might be fine. Each of the methods may have its drawbacks. For example if DNS records are resolved normally (but all HTTP traffic is rerouted), you may find someone doing some nice DNS-tunneling.

The GL Inet’s DNS resolver in the firmware probably also has DNS Rebind protection on by default (it should), which may also break some captive portals. (It may prevent local IPs in DNS results; That would break captive portals hosted on private IPs such as

I’m not saying any of those cause the issues in this specific case, but it may have caused the reason why this specific captive portal did NOT want to load.

So shared this in another post as well, but for anyone else having this problem of difficulty connecting at a Hilton with the Captive Portal not appearing, this is what fixed it for me:

Go to the VPN Dashboard → VPN Client → Global Options, and uncheck “Block Non-VPN Traffic”. I also had to set my WireGuard to disabled to get the captive portal to come up. You can turn WireGuard back on once you’re connected.

I haven’t heard about Hilton or Marriott problem for a long time.