How to obscure network device information for GL.iNet GL-MT1300?

agnelli · 2021-12-29T10:51:18.285Z

My internet traffic on my GL.iNet GL-MT1300 travel router appears to get throttled by hotel networks. I suspect administrators on the network determine the connected device is a travel router and then throttle the traffic.

If I connect to the hotel network without the travel router my network does not appear to be throttled.

Is there any way to obscure the fact that the connected device to the hotel network is a GL.iNet GL-MT1300 travel router?

Particularly the web-server accessible at http://192.168.8.1/ is a giveaway. Is there a way to disable the webserver? Should I also be concerned about changing the device name?

Thank you!

Yozhik · 2021-12-29T11:33:51.481Z

From what I understand all incoming WAN traffic is disabled by default in the firewall so they should not be able to see the web portal.

The only way I could imagine they could identify your device would be via:

The MAC address via OUI lookup
Discovery packets emitted by the router

For option 1 look into MAC spoofing, use the MAC of one of your connected devices (any it doesnt matter).

For option 2 would need to see if/what discovery protocols are being run (I have not looked myself) and either disable them or explicitly block them in the firewall.

Apologies if I am way off here, I just got mine yesterday but I’ve been working in networking for most of my life.

---- edit ----

The OUI lookup is a dead giveaway:

94:83:C4 GL Technologies (Hong Kong) Limited

I would put dollars to donuts that spoofing the MAC of one of your phones/devices will get around the problem.

agnelli · 2021-12-29T18:48:33.417Z

Thank you! A very thorough answer.

You’re right, I forgot the router’s web-server likely isn’t accessible to them.

Your point about the OUI lookup is something I had not considered. I will try changing that.

The throttled traffic was probably due to something more common. Maybe they simply throttled the device because it was connected for a few days straight. Or maybe because it had downloaded more data than the rest of the devices (though nothing excessive).

The router is presently no longer throttled, so it was a temporary issue. This was experienced at the Westin Bonaventure Hotel in Los Angeles.

I’ve had separate issues at hotels, without the travel router, where my traffic seems to be throttled or cut off due to connecting to a foreign VPN. I’m trying to understand these network issues better so I can mitigate against them in the future.

Thanks again!

Johnex · 2021-12-29T21:53:16.096Z

Another thing that is probably being monitored is the TTL of packets. The TTL of packets is different if the device is connected directly to the hotel router, or if it passes though a secondary device, such as a travel router. The hotel network can detect this, and throttle. This is what mobile carriers also do to prevent users from tethering their phone to a laptop. The fix is to change the TTL so that AFTER the packet reaches the hotel router, it is as if it was directly connected.

You can read this thread about it:

Change outgoing TTL Technical Support for Routers

Hi all, Cool little router. Having a couple issues though that I hope someone could help with. I have been messing with the firewall rules to change the outgoing TTL to 65, but I can’t seem to get it to work. Looking at the packages installed, everything is there for mangle and Postrouting… So I am a bit lost… I have tried: iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65 and iptables -t mangle -I POSTROUTING -o get_wanface -j TTL --ttl-set 65 but no luck. Edit: figured out the ssh i…

agnelli · 2021-12-29T22:33:01.645Z

Johnex:

Another thing that is probably being monitored is the TTL of packets. The TTL of packets is different if the device is connected directly to the hotel router, or if it passes though a secondary device, such as a travel router. The hotel network can detect this, and throttle. This is what mobile carriers also do to prevent users from tethering their phone to a laptop. The fix is to change the TTL so that AFTER the packet reaches the hotel router, it is as if it was directly connected.

Thank you! I will look into changing the TTYL.

Glancing at the admin interface for the GL.iNet GL-MT1300 router, I suspect it may be possible to make the necessary changes via the following route:

Enable LUCI in the admin panel by going to “More Settings” then “Advanced”, then install LUCI. You should then be able to connect to LUCI at http://192.168.8.1/#/luci
At the following location http://192.168.8.1/cgi-bin/luci/admin/network/firewall/custom , it’s probably possible to add a custom rule to the script there.

I am not sure how to check if the changes work, however. I will report back if I have success setting it up.

agnelli · 2021-12-29T22:41:37.567Z

Based on your comment in another thread Change outgoing TTL - #39 by Johnex , you seem knowledgeable about Deep Packet Inspection.

Is Deep Packet Inspection a concern with hotel networks? That is, do network administrators have easy tools to identify if someone is using OpenVPN to shut them down? Do you have any advice on configuring an OpenVPN server running on say AWS or Google Cloud? What I’m really leading up to is should I use something like Obfsproxy?

I suppose my use case matters as well: I am not trying to VPN out of say mainland China with their severe firewall controls. I am a businessman who travels frequently, and I need a secure connection to a VPN through my travel router that I can reasonably expect to not be interrupted. Interruptions can be a huge problem during video calls.

I have my GL-MT1300 travel router connect to an OpenVPN server that I’ve setup on Google Cloud with a static IP. For a backup my travel router also has VPN configurations (client profiles) for a major VPN provider (NordVPN). I prefer using my own Google Cloud server, however, since the speed is more reliable.

Any configuration advice you might have to avoid DPI, and how to get the travel router to reliably connect to my own OpenVPN server on Google Cloud would be greatly appreciated.

wcs2228 · 2021-12-30T03:24:38.814Z

Many travelers around the world are on business and require VPN to securely access their corporate networks. Hence, hotels tend not to block VPN. Even on a 2-week vacation in different China cities, I only stayed in 1 hotel (in Shanghai) that blocked VPN, which I bypassed by choosing a different VPN server IP.

Once you are connected through VPN (you may have to clone your MAC onto the router), they should not be able to perform deep packet inspection on your data, nor OUI and TTL within the tunnel, nor multiple connected devices.

alzhao · 2021-12-30T03:36:56.401Z

wcs2228:

Hence, hotels tend not to block VPN. Even on a 2-week vacation in different China cities, I only stayed in 1 hotel (in Shanghai) that blocked VPN, which I bypassed by choosing a different VPN server IP.

You are very lucky. Maybe just good hotels.

wcs2228 · 2021-12-30T03:41:29.951Z

5-star hotels in China are relatively “cheap” compared to North American hotels.

agnelli · 2021-12-30T03:46:01.988Z

wcs2228:

Many travelers around the world are on business and require VPN to securely access their corporate networks. Hence, hotels tend not to block VPN.

I’ve had problems with VPN connectivity in hotels in North America twice recently, and I will be traveling more in the future. The cost of having to deal with connection problems during business hours is great. Therefore, I find it reasonable to research and implement what protections I can.

I will try adding TTL configuration to the router and Obfsproxy to my OpenVPN server. I will share my findings.

Any other advice to ensure robust network connectivity with a GL.iNet GL-MT1300 travel router in a hotel to a VPN server would be greatly appreciated.

Yozhik · 2021-12-30T09:26:02.418Z

Deep packet inspection is not something most hotels would get into. That being said, most hotels outsource their internet to a third party ISP and DPI is definitely something ISP’s would get into. Really there are only two points where DPI could become an issue:

ISP’s
Authorities

A good vpn is the first step. If you are particularly concerned about privacy (for example, a journalist working in hazardous foreign territory) you can utilize services such as TOR. For the most part though unless you are into something pretty crazy just a regular VPN connection is plenty enough to keep out any curious peeping eyes.

Johnex · 2021-12-30T17:30:57.300Z

Yeah i don’t think the hotels are doing DPI, but as hotels move to more modern hardware, it’s not impossible.

I would just say they are checking the MAC address + TTL of devices. This is super easy to do and can be baked into any Cisco router the hotel might use.

An easy test is to have multiple protocols, such as Wireguard, OpenVPN, SSH (you can read up on “poor mans vpn”). If all those 3 are blocked, then there is some MAC or TTL blocking going on. If only some are being blocked, then they are most likely just blocking specific ports. If you change the port to say 80 or 443 and traffic is STILL blocked, then i would say some packet inspection is being used.

With the GL routers you can have all those protocols going at the same time, so it’s good to have as a backup either way.

wcs2228 · 2021-12-30T20:40:33.221Z

Smartphone typically starts TTL at 64, so wireless carriers can detect tethering when they see packets with TTL NOT equal 64 from other devices after hopping through the smartphone.

Windows 10 starts TTL at 128, so will become TTL of 127 after hopping through the smartphone. Mac OS X starts TTL at 64, so will become TTL of 63 after hopping through the smartphone.

OSTechNix – 20 Sep 21

Identify Operating System Using TTL Value And Ping - OSTechNix

This brief guide explains how to identify the underlying operating system using TTL (time-to-live) value and Ping command.

Est. reading time: 6 minutes

My GL.iNet router starts TTL at 64, so it should appear the same as various other devices that are normally used by travelers in hotels. If VPN is running on the router itself, TTL should still start at 64 and they should not detect data from other connected devices going through the tunnel.

By all means, you can make changes to your router to see what works bet, but there could be other causes of your VPN connectivity problems in some hotels.

Johnex · 2021-12-30T21:29:40.091Z

Yeah he didn’t specify how he was connecting the VPN until a later post, so i just covered all the bases. TTL won’t be an issue if the VPN is on the router.

It is probably just a simple port block. They only allow ports 80 and 443 to only allow web traffic.
So i would try:

Change the OpenVPN/Wireguard port to 443. Test and see if that works.
If that didn’t work, change VPN protocol. Wireguard then OpenVPN and last SSH tunnelling.
If the above still does not work then start testing DPI prevention techniques.

wcs2228 · 2021-12-30T22:41:55.994Z

I agree that port blocking is likely the culprit. Instead of running OpenVPN on UDP 1194, you can switch to TCP 443.

Also, clone your computer’s MAC onto your router, in case they look up OUI. Some hotels have a captive portal logon page that records your computer’s MAC to allow Internet access.

agnelli · 2022-01-02T05:53:16.691Z

Johnex:

Yeah i don’t think the hotels are doing DPI, but as hotels move to more modern hardware, it’s not impossible.

I would just say they are checking the MAC address + TTL of devices. This is super easy to do and can be baked into any Cisco router the hotel might use.

There’s some other way these hotels are throttling the GL.iNet GL-MT1300 with a VPN configuration at the router level.

I am now at the Hilton hotel in Cancun ( Canopy by Hilton Cancun La Isla). Within 24 hours of connecting my travel router to their network, with a custom VPN connection at the router level to a Google Cloud OpenVPN server (which is only running on TCP 443), the connection is throttled. The ping is reduced to 2-4x normal speed, with bursts where the network is entirely unusable.

Beyond that, it’s difficult to pin down the issue accurately. To verify it’s not a general network issue, I provide the following as support. At the router level I have tried changing the VPN configuration from my private Google Cloud OpenVPN server to various NordVPN servers. This does not seem to help. I have also tried changing the MAC address of the router.

When I notice my connection is throttled, I can connect to the Hilton hotel network directly from my computer and the connection is fine. I can even connect to various NordVPN servers.

However, at the present moment, the router is not able to connect to the Hilton network whatsoever. Even when I try changing the MAC address. Maybe the captive portal popup isn’t appearing for some reason, where it was before.

I suspect these higher end hotels are running some analysis software by a third party. If anyone has any information on this, it would be greatly appreciated.

tve · 2022-01-29T05:22:05.441Z

However, at the present moment, the router is not able to connect to the Hilton network whatsoever.

Do I understand correctly that after a day you can no longer associate with the hotel Wifi? Or is it an ethernet connection? Even if you set the MAC address to the same as your computer? That doesn’t really make sense… Well, over Wifi some hotels limit the number of distinct MAC addresses they let connect per room, but that’s when you get to the captive portal.

alzhao · 2022-01-31T03:28:12.608Z

agnelli:

I suspect these higher end hotels are running some analysis software by a third party. If anyone has any information on this, it would be greatly appreciated.

You are correct. They are using CISCO equipment and tries to block router connections. If you can connect then it is a surprise already.

agnelli · 2022-08-19T18:02:50.523Z

To respond on a more positive note, I haven’t had much trouble lately. Perhaps I haven’t been traveling in quite as nice hotels lately.

Currently I’m in a Hyatt-brand hotel and I have no problem, other than having to reconnect every 24 hours or so. I think the network doesn’t like seeing a single VPN connection running continuously for 24 hours. I also haven’t had a problem at nice hotels in Las Vegas recently.

i7bar · 2022-08-19T20:44:25.423Z

Speaking about TTL - each router in the middle decrements TTL therefore if there are several routers / multiple NAT then TTL should be adjusted accordingly or be set on the router which is closest to WAN. One more thing - if I am not mistaken TTL is IP4 related feature and for IP6 one should set hop limit.