Repeater Mode security with no VPN?

TangoUniform · March 30, 2023, 1:45am

Using the Beryl AX GL-MT3000 in repeater mode on hotel, coffee shop, and other open WiFI. Question is, without a VPN is this secure? …or is it the same as just connecting to the open WiFi ?

In repeater mode, I have a WPA3 secured wifi network on the wireless LAN side of the AX. Just wondering what I need to do to lock down the connection on the WAN side to hotel open wifi ?

Do you have to use a VPN to secure the connection from the AX router to the open WiFi ?

smiths · March 30, 2023, 11:16am

Your traffic is “sniffable” on an open wifi connection, someone with the right hardware and software (these day a slighlty pricier wifi card/usb and wireshark), would be able to decode your traffic.

Think about what you use the Internet for in a hotel room. For example HTTPS is secure, even over an open wifi, SIP/VOIP, certainly here in the UK tends to be open and readable (so someone can hear your telephone calls). HTTP is also readable.

If you are using unenrypted protocols, such as my examples above, and the risk of evesdropping is unacceptable to you, then the Travel Routers have you covered - assuming you have one at home or using an VPN service

Traditionally
On your home GL-INET, enable the OpenVPN or Wireguard VPN Server.
Export the client config/credentials. Use the file to enable the client on the travel router.

By default this will give access to the Internet via your home router, with the traffic encrypted over the open wifi network.

Its risk verses reward/effort.

Hope this helps.
Simon

TangoUniform · March 30, 2023, 2:04pm

Thanks Simon that is awesome info ! I’m going to set up VPN but in the meantime HTTPS traffic from the AX over open WiFi is “mostly” secure? (outside of a man in the middle or intermediate root cert type of stuff?)

Right now the certificat fingerprints match on HTTPS websites so that traffic should be encrypted and secure until I can get VPN going?

elorimer · March 30, 2023, 2:20pm

HTTPS traffic is secure, but the identity of the sites you are visiting are not.
If you are connecting to a home VPN server with the MT3000 as client, check to be sure your traffic is going over the tunnel. On mine, using “auto detect”, it doesn’t; using “global proxy” it does.

TangoUniform · March 30, 2023, 9:36pm

What’s the best way to tell if your traffic is in the VPN tunnel or not?

elorimer · March 30, 2023, 9:50pm

If you are using a windows machine, from the cmd window you can do tracert cnn.com or some other site. You’ll see the ips and hosts along the way, starting with your travel router, then the vpn endpoint, then out to the internet along the way. If you go out to the internet immediately, or see the isp host along the way, then you are not going through the tunnel.

TangoUniform · March 30, 2023, 10:07pm

Fantastic! Thanks everyone. We really appreciate the input. Makes travel routing a lot more enjoyable.