Comment by wateralien
13 hours ago
I never travel without my GL-AXT1800. Saved me so many times: https://www.gl-inet.com/products/gl-axt1800/ I’m actually on it right now.
13 hours ago
I never travel without my GL-AXT1800. Saved me so many times: https://www.gl-inet.com/products/gl-axt1800/ I’m actually on it right now.
Same! And the best thing is that you can install Tailscale, so you can connect to your tailnet, and exit all traffic through one of your nodes (e.g., your home/office network).
It's incredibly useful, with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
> with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
I am sorry, this confuses me. If I don't have a lclient, for example in my laptop, how does my laptop uses Tailscale then?
Also, I wish TailScale Personal was for 4 users. That is the tipical family number. Dad, Mom, two kids.
I’m seeing a lot of this same comment here, so I went to check out this tailscale thing, which clearly I must need.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
Basically it is managed Wireguard. Tailscale does say it, but it is buried under marketing speak.
2 replies →
Sign up for free using Google Sign In.
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
9 replies →
I don't think you need to pay $6 a month to try it out.
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
8 replies →
Basic version is it's a sort of developer focused zero trust network service.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
6 replies →
Extending the question:
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
3 replies →
A system by wich you can expose things on your private network (e.g. your home lan) so you can selectively and securely make them accesible from other places (e.g. over the Internet). You can do all this without tailscale by just configuring secure encrypted tunnels (wireshark, traefic, ...) yourself, but services like tailscale provide you with easy gui configuration for that.
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
It's a virtual network switch/router with DHCP, DNS, and lots more enterprisey features on top. You 'plug' devices into it using a VPN connection.
It's a cryptographic key exchange system that allows nodes to open Wireguard tunnels between each other. They have a nice product, but I don't like how it spies on your “private” network by default: https://tailscale.com/kb/1011/log-mesh-traffic
If you want to self-host, use NetBird instead.
You don't need to get too far down the page to see "VPN", which is what it is. But on top of that primitive, it's also a bunch of software and networking niceties.
they have an excellent set of short intro videos [0] on youtube, that's what I used to get an overview and get set up.
[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm
It just virtual private network.
It’s a point to point vpn that works between devices even without a direct network connection.
Their personal free plan is more than enough.
These are neat in that you can jump on and extend existing wifi infra, but it'd be nice if they also included 5G. I want a product that does both.
It's cool to have your own network in a hotel. But it'd be nice to be able to do that on the road, away from public wifi, internationally, whenever - which hotspots do. But at the same time, it'd be nice to be able to do the WiFi thing too to cut back on data usage. I frequently blow through my hotspot data.
I'd rather this be in one device instead of two. Beggars can't be choosers, though, I suppose?
I’m using a GLinet GL-XE3000 for that and it’s great. Initial setup of the 5G eSIM on a physical SIM took a little searching but it’s been rock solid and having consistent access on the road and hotels has been great for family travel. It has a built-in battery, but I’ve never really tested the duration (I suspect it’s 3-6 hours) as I put it on its AC adapter in the hotel and the n a cigarette lighter adapter in the car, so the battery gets used 15-45 minutes at a time to bridge between those two places.
I like it enough that I might buy a second, more compact unit for when space is more a premium, but I’ve been really happy with this one.
I really like my GLi microrouter.
https://www.gl-inet.com/products/gl-usb150/
I bought it for my vacations, so I wouldn't have to configure my kid's gadgets, but it is really useful as a wifi adaptor too.
I was thinking of using that in combination with Beelink ME Mini N150 with proxmox installed on it and host different net tools, git, etc that’s available on the go. I might be overthinking the setup
Is this any better than just doing Hotspot with wifi bridge? I just have my hotspot on my pixel for my devices to connect to. Pixel itself is connected to whatever "public wifi" is there.
Your hotspot just makes the untrusted hotel wifi available via your phone wifi. The networks between your computer and your target services can still inspect and alter your data. Tailscale, or more specifically the Wireshark underneat, sets up an encrypted tunnel so those "untrusted" intermediate networks can't do that.
s/Wireshark/wireguard
If my phone has a VPN to my home server, then it should all be encrypted.
1 reply →
Does that actually work? I don't think you can both have hotspot on and be connected to another network.
Most newer (or at least new + expensive) phones can share their wifi connection via hotspot. 2.4gh only though I think.
4 replies →
Yes, it has actually worked starting with the Pixel 3.
It's called Dual-Band Simultaneous or "STA+AP" (Station + Access Point) concurrency that can bridge an existing wifi connection to an access point to other devices via a hotspot.
Yes it works. Now you can also tether via USB. Both of them have worked flawlessly for me recently.
It seems to be only on certain devices feature(?): on my Pixel it worked, Samsung phone just says "sorry, can't do that".
Works fine, yup.
Huge plus one. Useful to bridge hotel wifi so all my devices connect automatically, also useful as an ad-hoc router that fits into my travel pack.
I'm not using it for travel, but I got a GL-BE3600 recently and it's surprisingly decent as a home router for my very specific needs.
I wired the desktop PCs in the house, so the only Wi-Fi users are mobiles, a smart TV, and a laptop. Everything else is already hanging off 2.5G wired switches. Pretty light duty, and I just wanted something that would provide robust routing and placeholder Wi-Fi. This does exactly that, and since it's OpenWRT based, it's probably marginally less terrible than whatever TP-Link was offering in the same price range.
It does run annoyingly hot, but I should just buy a little USB desk fan and point it at the router :P
I've had very impressive success running upstream OpenWRT on TP-Link hardware: I have Archer C7 access points running with literally years of uptime.
That being said, for any new application, I suggest using at least an 802.11ax AP, because cheap 2.4GHz devices that support 802.11ax are becoming common and using an 802.11ac router means that your 2.4GHz devices will be stuck with 802.11n, which is quite a bit less efficient. Even if you don't need any appreciable speed, it's preferable to use a more efficient protocol that uses less airtime.
I have the same router as the OP article - it ran at 72C until I did [this](https://phasefactor.dev/2024/01/15/glinet-fan.html#choosing-...). Currently running at 60C!
Heartily seconded! A friend recommended I get one and now I push all my other technical friends to buy one, too.
My wife and I traveled a bit this year and it was great having all our gadgets connecting to a single AP under our control. It’s easily paid for itself by avoiding ludicrous per-device daily charges.
I think most travel APs can generally do this, but the feature that makes GL.iNet products popular is: extensibility. I'm not sure why this is so hard to understand for manufacturers, but making products useful via extensibility is a sure fire way to open your target market directly up to prosumers. And those are the buyers that will find you.
I own two of their products, one of them I bought in 2019 and can still run what I need to on it.
My wife’s work WiFi is handled by a gl.inet 150 (https://www.gl-inet.com/products/gl-ar150/) which is tucked behind her desk since at least 2019. Vanilla openwrt on it, provides WiFi from an Ethernet slot in the wall.
Uptime is in years, it’s invisible and chugs along without visible power draw. All her devices connect to it, including her Cisco voip phone. It autossh to my ovh server with remote port forward for remote admin. Cost me 15€ in 2016.
5 replies →
Readers of HN will value flexibility and extensibility, but the other 99% of the folks there are fine with totally locked-down devices because it’s the only thing they know of. The lack of extensibility likely doesn’t affect sales/profit in any significant proportion.
Where do you travel that you need wifi?
I’ve been getting SIM cards for over a decade, now even eSIMs are cheap enough for casual use.
I can’t put a SIM in my ereader or Switch or iPad.
Changing countries a lot reduces this option a bit.
I’m sure I could find a good all Europe card, but I need my number for work calls.
6 replies →
Convenient to connect all devices to one WiFi. E.g. baby camera is on same WiFi as laptop etc.
Have you tried hooking it up to an Ethernet port in a hotel room like the one that the TV uses?
This rarely works. The TV network is usually access controlled, so you either won't get an IP or you simply won't have internet access.
Some hotel rooms (particularly older business hotels) will have an ethernet port for the guest. These work maybe 50% of the time these days. Sometimes you can find a Ruckus AP in your room at outlet level, and these usually have several ethernet ports on the bottom. These also have a working port around 30% of the time.
So, TL;DR: various ethernet ports in hotel rooms work less than half the time these days.
How’s that access control handled? Very easy to spoof the MAC of the TV or setup some SNI spoofing proxy server, NGFWs with TLS Active Probing are probably harder to deal with but do hotels really have that?
2 replies →
I've had success hooking it up to some Ethernet cables in hotels, but it's 50/50.
I could never figure out which gl-inet to get, since some of the newer products seemed less powerful than older ones depending on the product family or something...
> some of the newer products seemed less powerful than older ones
Cynic in me thinks it's because they don't want you to buy one product and be set for a decade, like HN-er here: https://news.ycombinator.com/item?id=46373387. Older products might've been too good.
I think the GL-X3000 could be the daddy for power users and any eventuality: https://www.gl-inet.com/products/gl-x3000/
Not sure if you're talking in the context of travel routers, but if you're not, the Flint 2 is always a solid pick.
Do you mind expounding on how it has saved you? I'd love to know the practical use cases.
While on a scuba diving trip in Thailand a couple months ago we could position the router slightly outside our hotel room to be able to be able to strongly connect to the very dodgy hotel wifi so my girlfriend could do her work calls.
It would also automatically log into the captive wifi which seemed to require a login every hour or so.
Another time we Ethernet into it using the cable in another hotel to bypass some ridiculous speed limitations on their access point.
I'm considering getting their model which can take SIM cards, so that we can also failover to mobile networks wherever we are.
What is the benefit of this over, for example, an iPhone hotspot?
Run one wireguard server in your home and one client instance on this router and now all of your devices can share the same residential VPN connection. No fraud blocks or extra verifications from your banking apps, no million suspicious login detected from all your social accounts, use your home netflix account, etc. All without your individual devices running a VPN app.
> Run one wireguard server in your home and one client instance on this router and now all of your devices can share the same residential VPN connection.
You don't need a "travel router" for this. My phone is permanently connected to my server via Wireguard (so that I can access my files from anywhere). Adding another device just requires adding a peer in the server's config file and can be accomplished very quickly. It's not clear what problem the travel router solves, unless perhaps you travel with dozens of devices.
> no million suspicious login detected from all your social accounts,
I can personally do without those.
8 replies →
An iPhone can't bridge a wifi network. So you need something like a travel router to share a wifi connection.
They're suggesting just running off your data plan which works for domestic travel (at least to urban areas with good cell service) and can work for international if you go through getting a data eSim.
chromecast - godsend on long hotel stays. need to dial in through my home (wireguard) so no license issues with streamers and once I connect my GL.iNet GL-MT300N-V2 to hotel wifi instant bubble of safe wifi for all my devices! weighs nothing, been using for 8 years rock solid.
If you’re using a VPN: iPhone won’t route hotspot clients over the VPN, so you need to set up VPN on all clients.
You can control it from the ground up, including installing alternate firmware. You can also use VPNs etc.
Husband can go pick up food order and baby cam still accessible from wife’s phone.
How do you handle captive portals in hotels ?
Usually you connect your laptop/phone to the portable router network, which then just pulls up the captive portal. Once you auth from one device, any device behind the router is authed with the portal. This is because the hotel network just sees your router's IP/MAC.
Connect on your phone or other device. Connect to travel router. Clone the mac address of your device. Connect router to wifi. Adjust device to not auto login. Good to go.
GL.iNet routers don't even need this. It has an option to pass through captive portals. So you connect to your GL.iNet AP, then you set it up for the hotel WiFi, tick the option for passing through (it essentially disables VPN, AdGuard Home and other things if enabled), it will then link you to the captive portal where you can log in as you would otherwise.
Once the internet is active, the GL.iNet router will then re-enable things like VPN and AdGuard Home.
Since these devices are OpenWrt underneath with a pretier ui, I presume this is all possible on any OpenWrt device.
Is this an annoying amount of steps? And do you have to do this on every expiry of your session on the portal?
What advantage does this have over the cheaper UniFi router in the OP?
The Beryl AX is going for cheaper ($70) on Amazon right now vs the UniFi Travel Router ($80). Better bang for the buck on both hardware and software without needing specific Ubiquiti anything.
The UniFi router depends on you already having a UniFi environment. If you do, it's a good option, but the GL would work with any heterogeneous network
Thanks! Thats helpful.
It's available right now, for one.
these are awesome, i just take my old wifi router tp-link, its big though. I might have to get one of these little guys.
What’s the use case exactly?
I have this.
TP-Link AC750
https://a.co/d/esxrRA4
When you are some place with a captive network and want to use devices that don’t have a browser. You connect the router to the WiFi network that has internet access and you connect the other WiFi network to a device with a browser like your phone. Every device looks like one device to the captive network and you can use them all.
Second use case, I now live in a place with a shared internet access that is shared between all of the units. Anyone can broadcast to and control our Roku device and there is no way to block it from the Roku.
We create a private network with the router
One is actually usable wifi at hotels with ethernet cables available. I don't use that device, but a DIY version that also acts as a portable media server while traveling. We can tunnel back to our home network, but often stay places with very bad reception and or internet access. Also helps keep the kids entertained on longer road trips. They can connect their devices to the router as we travel and have full access to the cached media.
Yes these are the way. Use them to get cheap anker security cams to work as baby monitors while we’re in hotel rooms
I am apparently dumb. What benefit does this give you, other than a segregated network? Do us hotels typically have exposed Ethernet ports?
I always travel with my GL.iNet GL-MT3000 (Beryl AX) and this is what I use it for:
- My wife and I travel with multiple devices (laptops, phones, Chromecast...) and when we get to a hotel/Airbnb, I simply connect my Beryl AX to their network (it deals with captive portals btw) and all of our devices automatically connect.
- I changed the `/etc/hosts` directly in the router, meaning I can test my local servers under custom domains easily on my other devices like phones/tablets without apps like SquidMan.
- I route specific domains through specific VPNs. Government websites, streaming websites, AWS services, etc.
- I can plug in a 4G USB modem into it and it can automatically fallback to it if the main connection drops.
- It has built-in Tailscale support.