Using GLinet Opal on MSC Cruise

The clone MAC is not required.

GL Router directly repeats to the portal wifi, and login the portal on phone/pad, and then other clients which connected the GL router can be available to access.

What your GL Router model is?

I'm using a MT3000 Beryl with latest op24 firmware. Then default settings, but make sure, that you use a fixed MAC, because this is how the network identifies you.

Hey everyone,
I am on a cruise at the moment and can't get it to work. Any help is very welcome.

Setup : gl-mt3000
Firmware: version 4.7.0
Firmware type : release3

-Subscribed to internet with phone via portal.
-Mac address on phone is not randomized.
-Confirmed working on phone.
-deactivated wifi on phone and connected to router.
-activated repeater mode / cloned mac address / lock BSSID deactivated / manually set static ip activated and copied the one from phone as it appears I always have the same ip on phone. Gateway, DNS 1 and DNS 2 copies from phone.

Currently not working.

Do I need to change the firmware from my router as some managed to get to internet portal. Am I doing something wrong?

Thanks a lot

1 Like

Did you get it To work? I am on a cruise right now with a beryl ax model and can't get it to work. Any help or feedback would be greatly appreciated. Thank you!

No - unfortunately my flight was cancelled and I didn't end up taking the cruise.

Ohh gosh. Sorry to hear. I hope you managed to get the cruise refunded. Still trying to get it to work.

For those needing to get this working, like others, I tried connecting with hotspot mode via GL.iNet Admin Panel. That didn't work.

Solution

TL;DR make sure you have a VPN service on your BERYL before you leave port and use that with another paired device's cloned MAC Address.

What I did next was turn off Private Wi-Fi address on my iPhone for the Hotspot to get my iPhone's default MAC address paired with the ship. I used the iPhone to visit the MSC portal and hit "start" to turn on the internet. My iPhone was now working fine with internet at this point.

So, I went back into my iPhone for the MSC hotspot settings, noted the MAC so I could enter into the Beryl, and now switched back to rotating. I did this so my iPhone would work with the MSC app and local intranet they have setup.

Now I took the iPhone's default MAC and put into the Beryl in CLONE mode for the hotspot. Everything connected and my Beryl thought it was connected with internet, no errors, but any connected device couldn't connect to any websites.

I was able to ping the Gateway and DNS IP from my Beryl clients, which told me we were connected, but something was stopping us. Maybe DPI?

Anyway, after reading some other posts, I decided to try enabling TOR and viola, I had very very slow internet on all the Beryl clients. Luckily I already had a VPN service setup on the Beryl and turned off TOR and used that instead. While latency was noticeably worse by needing to use a VPN on the Beryl with hotspot, it works fine. Kids are using the iPad to stream, my wife is using Instagram and we're now happy everything works.

1 Like

So I got caught out by this while I was on an MSC boat in the last month, and I poked at it a while only to discover the issues documented above. I tried multiple ways to authenticate my GL.inet to the captive portal, stop random MAC addresses, cloned the MAC, all to no avail. I then authenticated the phone and could not tether Wifi, but I could use both Bluetooth and USB tethering, but still neither worked. I eventually went back to my old-school networking days and started playing with using my phone as a proxy ... IT WORKS, but is a bit messy! I am not sure if you have apps on iPhone that would work, but Android does.

To make it work you need a Proxy server on the phone connected to the ship, in my case I used Every Proxy from the Play Store. It can provide multiple proxy options, but you will want to use a Socks Proxy. I used my gl.inet from here, but I expect it would work with USB/BT tethering as well, but I did not try.

I then plugged my MSC connected phone into the USB port of the gl.inet, turned on USB tethering, and Every Proxy will then see the IP address it uses to connect to the router. Once this is done, turn on Socks Proxy and record the IP addresses and port numbers to connect to in the next step.

From there I used another app from Play Store, Super Proxy, which acts as a Socks Proxy Client, install that on each of the devices you want to add Internet to. Then connect those devices using Wifi to the gl.inet, configure Super Proxy with the IP address and port from above, and click Start. All going well, the VPN icon should appear at the top of the screen and you should be away.

The connection will eventually timeout, and any time you disconnect from the gl.inet you will need to restart USB tethering and reenable Every Proxy. Also, if the MSC connected phone reboots, it seems to change its IP address and subnet, so you will need to reconfigure all the other clients with the new proxy address in Super Proxy.

You should be able to do this at home and test it before you go, using the gl.inet and routing through your phone carrier. You will NOT be able to run a VPN in this case, as the Socks Proxy is a VPN. As mentioned, you can probably make this work for one device with USB/BT tethering instead of using the gl.inet. I also expect this should work with any travel router that allows for USB Tethering.

1 Like

Infosec guy here, weighing in on what some of y'all might be seeing. It 100% sounds like they are Deep Packet Inspecting (DPI) for TTL on traffic, so it makes sense why mangling is necessary. If you're continuing your still seeing issues then I am guessing it's the the DPI fingerprinting your TCP packets. TCP has options that are unique to device types. Using a VPN on your router should ensure you're maintaining uniform TCP options, regardless of which device the traffic is coming from, as your router will encapsulate the traffic with it's own, uniform, TCP options. The Catch 22 is the DPI may also be blocking some VPN traffic. Using a SOCKS proxy on a phone, as the last commenter mentioned, will also ensure your TCP options remain uniform from your subscribed device. Theoretically you could load a SOCKS proxy on your router and it would accomplish the same.