I recently purchased the GL.iNet “Slate” 750M travel router https://www.gl-inet.com/products/gl-ar750s/ to use in my “Go bag” and thought I’d share a few thoughts on it.
I became interested in this unit after hearing about it on Episode 153 of the excellent (The) Privacy, Security, & OSINT Show (https://soundcloud.com/user-98066669/153-privacy-news-travel-routers-osint-updates)
I travel quite a bit for work (this may be the understatement of the year), and always utilize a VPN of some sort from each of my devices. (Why? See my earlier post for a primer on MITM attacks) On corporate devices I use the Cisco AnyConnect Client for SSLVPN to the mothership. On my personal devices I may connect to NordVPN or to another network using the OpenVPN client to connect to a server I manage, or both depending on the environment and resource I need to reach. Note that using this device does not negate the need to use the VPN client on your endpoint if you don’t trust the environment to which you are connected.
Like many of you, I carry multiple devices when I travel and joining each of them to the conference or hotel wifi can be cumbersome. That’s where this little router comes in. I decided to use it just as you would a “My Fi” or personal hotspot, but without cellular connectivity. I’ll just connect to the wired or wireless network on-location and use a single SSID for my devices. Of course, some places don’t allow such “rouge” wifi devices, so in those circumstances I’ll simply use the wired ports.
About the unit
The device is extremely compact and lightweight. Here’s a picture next to an iPhone 11 for scale. It runs the well-known OpenWRT OS with a slick GUI that makes it really easy to configure. All of the requisite nerd-knobs are available via the “Advanced” tab. The default installation included a number of packages, and it took some time to whittle down the list. I settled on using the netfilter/iptables firewall packages for basic functionality. I also added the Snort NIDS (2.9.11) packages and the OpenVPN client and others from the public OpenWrt package library and no third-party sources just to be safe. Additionally, the unit supports dnsmaq/override and DNS-over-TLS via Cloudflare, but I stuck to Cisco Umbrella/OpenDNS for now. DNSoTLS (or DoH as it commonly referred) is great for my traveling use-case, but what makes it good for this is what makes it terrible for enterprises IMHO – but I’ll save those thoughts for another post. While one could certainly build a similar system with a Raspberry Pi or similar hardware and load pfSense, IPFire, untangle, etc. I wanted something that just works out of the box and I don’t have to maintain – especially when on the road.
CPU QCA9563, @775MHz SoC
Memory DDRII 128MB
Storage Dual Flash 16MB Nor + 128MB Nand Flash
Interface 3 WAN/LAN Ports (10/100/1000 Ethernet)
1 Micro USB (power)
TF Card Slot (128GB Max.)
Transmission Rate 300Mbps (2.4GHz) + 433Mbps (5GHz)
Max. Tx Power 20dBm (2.4GHz), 20dBm(5GHz)
Protocol 802.11 b/g/n/ac
External Drive Format Support FAT32/NTFS/exFAT/EXT4/EXT3/EXT2
DIY Features UART, GPIO, 3.3V & 5V power port
External Antenna 2 X 2dBi undetachable antennas
Power Input 5V/2A
Power Consumption <6W
Dimension, Weight 100mm X 68mm X 24mm, 86g
I tested the following modes of operation and all met my basic requirements. Note that for each test the unit was in routed mode with the WAN address and default route assigned via DHCP, along with PAT. My goal was to test functionality and a not a performance/security efficacy stress test as both OpenWrt and snort have proven track records. (I could take it to the lab and fully torture it via Avalanche and BreakingPoint point if anyone is really interested) The unit also supports (USB) tethering to a cell phone or cellular modem, but I haven’t tried those out yet.
- Wired (WAN) Wired (LAN)
- Wireless(WAN) Wired (LAN)
- Wired (WAN) – Wireless (LAN)
- Wireless (WAN) – Wireless (LAN)* As there is no dedicated WAN radio, the unit worked best if one radio is used to connect to the WAN (e.g 2.4Ghz) and the the other (e.g 5Ghz) used for clients.
- All combinations above, but with the OpenVPN client connected over the WAN port, thus tunneling all traffic.
I’ve found this to be great unit overall. It’s simple and performs as advertised. Grab one and kick the tires and see if you agree. Do you have another model that’s just as good or better? Drop a comment below and help the community!