PSA to GL.iNet regarding Cruise ships

KalEl · May 13, 2024, 2:45pm

For GL.iNet… I’m sure you guys see the huge issue of Cruise Ships (esp. MSC) figuring out how to block Travel Routers.

At least over the last few months there are tons of post online regarding this major issue.

People have tried everything in terms of a networking solution and it doesn’t work.

I think the manufacturers have to figure this out.
Since one of the major use case for these products is the ability to use them at hotel and cruise ships to avoid this exact issue, it is in their best interest.

Please guys, I love the products… But if they don’t work… No reason to recommend or use anymore.

maholio · May 13, 2024, 2:56pm

Look at my post please

KalEl · May 13, 2024, 3:31pm

I appreciate it… Yeah I made sure I was using my Phone MAC… not private/randomization

admon · May 13, 2024, 4:03pm

To be honest, I highly doubt that they “find out” how to block devices like Travel routers. It’s nearly impossible (at least very difficult) to detect NATting devices.

One big issue is that testing this requires at least a holiday on a cruise ship.
I could imagine that they detect TTL changes and setting a correct TTL might solve the mystery already. But it’s hard to say from my side, sitting in front of a PC 1000km away from any cruise ship.

Nah, people tried only the stuff you can reach by pressing a button. Nothing of this was like everything in terms of networking

packetmonkey · May 13, 2024, 5:04pm

I will disagree with this one a little. User-agent in browsers often give away client information. For instance, if you clone an iPhone MAC address, and they see a UA string showing a Windows machine running Firefox, that could be an indicator of misuse. And all it takes is injecting an http tracker or even perhaps a cookie, that notifies them of the UA.

There are ways around that, but most folks are not going to do that. This is where using a VPN behind the router may help out so that the internet provider does not get a clear look at the UA passing through it.

admon · May 13, 2024, 5:16pm

If the operators do something like this, it’s best to forget about the WLAN. It’s almost like an integrated Trojan. The only thing missing is that you have to accept a CA certificate so that they can read all the traffic.

packetmonkey · May 13, 2024, 5:51pm

It isn’t all that nefarious, though. Most websites do this nowadays, they use pixel tracking or some other method to try to track you. Not saying it is desirable, but it is happening almost everywhere you browse. Cruise lines stand to lose a lot of money if folks are using travel routers, and to that end, I expect they will do whatever they can to try to prevent their use.

admon · May 13, 2024, 6:06pm

Poor cruise line companies. We should start a fundraising campaign

maholio · May 13, 2024, 6:42pm

After some testing (via virtual machine with DPI) this should help:

Change your User Agent to your actual user agent of your phone.

Use this website to check your user agent
Use this addon (with custom mode) to change User Agent

It is better hide your referer via this addon
Change TTL to 64.

Login via SSH and run nano /etc/config/firewall
Add this:

config rule
        option name 'Set TTL to 64'
        option src 'wan'
        option proto 'ip'
        option target 'ACCEPT'
        option ttl '64'

Important information:

Save copy of configuration before editing it
It is tested using DPI on virtual machine. I cannot guarantee that this will work in your case.

If not worked:

Try to use VPN directly on router
Try ProtonVPN on phone connected to router with “Stealth” mode or “WebTunnel” bridge in Tor
Your phone must be disconnected from main WiFi before connecting it to router

P.S: No, I can’t share DPI config. Personal reasons, sorry.

KalEl · May 13, 2024, 7:11pm

True… Agree with that point