Suggestions for a Travel Router with a Private & Secure Network

I’ll be traveling around South East Asia with a couple of friends for an entire year. Therefore, I believe it would be best for us to use a travel router when connected to the hotel wifi (or ethernet), an internet shop, a local coffee shop, etc. We’ll be mostly browsing, watching movies & shows, using cloud storage, plus the occasional download.

 
GOALS
For me, the router/repeater features are more important than the media features. The goal is to create our own private, secure network that only our devices can be part of, while still having good internet access.

• Always have the same SSID and password no matter where we go or how we connect.
Internet1 Hotel Wifi (SSID1&Pass1) >> Travel Router (MySSID&MyPass) >> Our devices
Internet2 Coffee Wifi (SSID2&Pass2) >> Travel Router (MySSID&MyPass) >> Our devices
Internet3 Ethernet >> Travel Router (MySSID&MyPass) >> Our devices

• • • Less wifi passwords being stored on our devices
• • • Less hassle having to setup Chromecast every time we are in a new place
      • Keeping internet performance high would be a bonus, specially in 3rd world countries all over Southeast Asia.
• • • Hopefully, the router/repeater would help boost the signal and connection strength.
      • The ability to hide our SSID would be a bonus.
      • The ability to share media from the router would be a bonus, but not important.
      • The ability to use VPN would be a bonus (and I definitely need/want to learn more about VPN)

 
RESEARCH
I’ve read some of the posts by RangerZ and others and it seems like the new GL-AR300M fits the bill. However, can I set it up where I can have our network have a hidden personalized SSID and password?

Here are the top device choices based on what I’ve researched so far:
• GLI GL-AR300M - hardware, firmware and GUI makes this one of the best travel routers in it’s class
• Kingston MLWG3 - good choice, however, the router side is minimal, the media side is feature-rich
• HooToo TM-02 - GUI is basic and unsure if my desired setup is plausible)
• HooToo TM-06 - upgraded core, but my concerns are the same as with the TM-02
• InvizBox Go - new company, new device, VPN, although it has no ethernet port so no router?
• TP-LINK TL-WR810N - upgraded core, soon to have open firmware, has potential
• Any other device that fits the bill, insert here… (Coredy, RavPower, Comfast, etc)

 
QUESTIONS
• So which device would be best for my goals?
• Would you recommend using VPN when travelling South East Asia?
• If you do recommend the GL-AR300M:

• • • Should I get it with with two 2dbi external antennas or would the internal antennas be fine?
• • • Will the lockout issue still be an issue (no pun intended )? What approach would you recommend?

 
Thank you in advance for your time and suggestions…

You will be using WISP-mode. The GL-AR300M is capable in doing that, however it is not able to simultaneously host your own wireless network(s) on the same radio while it is connecting to that network. This may make setting it up a tiny bit harder, when you’re not able to use the lan ethernet port.

The currently unavailable AC module will supply the GL-AR300M with a second radio, which will solve the above mentioned issue. A USB wifi dongle can also help out in this case, because also that can supply it with another radio to connect to another wifi-network.

During performance tests I did see it was able to serve over 40 Mbps while in WISP-mode, which is plenty for pretty much everything. Using a VPN will decrease this, but I have not set up my GL-AR300M in such a configuration. I cannot share any results about that.

Hiding your network essid is possible, however I do not really know why that is so important. Anyone with the gear to hack your access point will be able to detect hidden essids.

@Groentjuh, while there definitely are issues with one radio, you should be able to use the single radio to run both the STAtion and AP sides at the same time, as well as share the AP side with multiple clients. I am doing this as I write with my AR150, though I am still on v 2.13. (I do not wish to go through the effort to rebuild OpenVpn and my other mods.) I expect that the AR300M would operate the same.

A second radio will solve the ‘unavailable LAN when the WAN is no longer valid’ issue, however a 5g module requires 5g clients (I would not use this on the STAtion side as one never knows what historic hardware is in use on the WISP side). A 2.4 G USB is more likely to be compatible with the router from a driver perspective.

@jasamour, as you have also posted here, I will suggest the MIFI as it has a battery and an micro-sd card in addition to the USB. This would let you do other things with the USB (Radio, web cam). The micro-sd card hides inside, so it’s more streamlined for travel. It will not be as fast (I assume) as the AR300M, but you can also get an internal 3g/4g card which will give you additional connection options (Make sure to match your carriers channels to the cards capabilities). I am personally becoming a be nervous with public wifi, as it is so easy for someone to spoof a WISP.

Thank you both for your input.

RangerZ
I posted the reply in the other forum. However, I gotta say I am becoming more set with the AR300M.

In regards to the “lockout” issue, i think I found the article that shows us how to implement the Reset Repeater WISP button fix (Although atm it doesn’t work for WDS and Relayd bridge). Can you confirm that this correct fix and that it will work with the new AR300M?

Finally, it also seems like the GLi developers are working on making their own script based on the script that tries to connect a list of saved ssid/key one by one until it get access to the Internet. The button solution works just fine… although this solution is something to look forward to.

@ jasamour,

I recently got the AR300M. I’ve not had a chance to use it in a hotel environment but I’ve taken it to work and played with it from there (connecting to my asuswrt-merlin based router at home which is running OpenVPN). It’s worked very well. Using the clone mac address feature has allowed me to get through our mac based network securities (before everyone jumps on me, yes, our IT manager was aware of the testing and OK with it!) and a TUN connection to OpenVPN worked flawlessly. I’d LOVE to get TAP working.

I had the ssid issue but the button script worked great. I’m excited for the 5Ghz addon to give it two radios. For the price, I’m not sure you can beat this!

@ LostDog. I have not tried this, but see these posts for rules that may let you access the LAN with TUN.

https://forum.openwrt.org/viewtopic.php?pid=323607#p323607

https://forum.openwrt.org/viewtopic.php?id=64983

https://forum.openwrt.org/viewtopic.php?pid=242447#p242447

TAP does work if manually configured in LuCi (as opposed to the GLi GUI). I do have some issues with network discovery, but I created a few shortcuts to the network shares based on IP to get around it. This is the only TAP page that I know of: OpenVPN client with TAP (Layer 2) device [Old OpenWrt Wiki]

about TAP, yes the router can support. My understanding is that your router will be in the same subnet as your other devices so that you can access those other devices directly. But the router will create its own network for the client devices so these devices will not be able in the same network as other vpn client. So can anybody tell me what you are doing with TAP in mini routers?

For simple radio lock out issues, we have the solution now. We are putting it in the firmware and will publish it soon. the new firmware will be able to connect to an available network in 10 seconds or disable station if it cannot find any useful networks. So your AP will always be fine. It just need a little time to test and get out the bugs.

@RangerZ, so you will be able to update to the newest firmware rather than 2.13.

@ LostDog - Thanks for your input about your experience with the AR300M.

@alzhao - That is good news! Thanks.

A couple of quick questions and pardon my ignorance…

1. If I purchase a stock AR300M, but later decide to put external antennas on it, would I also need to change a setting in the software as well?
2. If I have the RP SMA Female to IPX Connector Pigtail Cables set-up, but have both antennas unscrewed, would that work just as good as the internal antennas?

@alzhao,

I’d like to use TAP so I can access network shares through my VPN. When I’m on the road I’d like to be able to access work LAN shares while not in the office. In addition, I run OpenVPN at home and would like to have access to my home server occasionally.

@jasamour, you’d better not change the antenna. You will need to modify the PCB a little bit which is not encourage.

@LostDog, TAP has a problem with firewall and routing, which is the feature of a mini router. Let me investigate further to see if this is possible.

Please try firmware v2.21, which solves repeater connection issue.