Repeater Mode security with no VPN?

Using the Beryl AX GL-MT3000 in repeater mode on hotel, coffee shop, and other open WiFI. Question is, without a VPN is this secure? …or is it the same as just connecting to the open WiFi ?

In repeater mode, I have a WPA3 secured wifi network on the wireless LAN side of the AX. Just wondering what I need to do to lock down the connection on the WAN side to hotel open wifi ?

Do you have to use a VPN to secure the connection from the AX router to the open WiFi ?

Your traffic is “sniffable” on an open wifi connection, someone with the right hardware and software (these day a slighlty pricier wifi card/usb and wireshark), would be able to decode your traffic.

Think about what you use the Internet for in a hotel room. For example HTTPS is secure, even over an open wifi, SIP/VOIP, certainly here in the UK tends to be open and readable (so someone can hear your telephone calls). HTTP is also readable.

If you are using unenrypted protocols, such as my examples above, and the risk of evesdropping is unacceptable to you, then the Travel Routers have you covered - assuming you have one at home or using an VPN service :slight_smile:

On your home GL-INET, enable the OpenVPN or Wireguard VPN Server.
Export the client config/credentials. Use the file to enable the client on the travel router.

By default this will give access to the Internet via your home router, with the traffic encrypted over the open wifi network.

Its risk verses reward/effort.

Hope this helps.

Thanks Simon that is awesome info ! I’m going to set up VPN but in the meantime HTTPS traffic from the AX over open WiFi is “mostly” secure? (outside of a man in the middle or intermediate root cert type of stuff?)

Right now the certificat fingerprints match on HTTPS websites so that traffic should be encrypted and secure until I can get VPN going?

  1. HTTPS traffic is secure, but the identity of the sites you are visiting are not.
  2. If you are connecting to a home VPN server with the MT3000 as client, check to be sure your traffic is going over the tunnel. On mine, using “auto detect”, it doesn’t; using “global proxy” it does.

What’s the best way to tell if your traffic is in the VPN tunnel or not?

If you are using a windows machine, from the cmd window you can do tracert or some other site. You’ll see the ips and hosts along the way, starting with your travel router, then the vpn endpoint, then out to the internet along the way. If you go out to the internet immediately, or see the isp host along the way, then you are not going through the tunnel.

1 Like

Fantastic! Thanks everyone. We really appreciate the input. Makes travel routing a lot more enjoyable.