Better networking while traveling
As I was preparing to travel to a family wedding recently, I decided to take action on an item that has been on my to-do list for some time: get better internet access for my devices while traveling.
Motivation
Hotel Wi-Fi is such a pain. I travel with a stupid number of devices, and getting all of them connected can take a lot of effort. At home each TV has a Chromecast with Google TV for streaming, but getting one connected to hotel Wi-Fi is usually an exercise in frustration. If we can manage to connect it, Caroline is stuck watching the morning news for wherever we happen to be because of silly content restrictions.
Here are some of the goals for this project:
- Make setup in a new hotel as easy as possible
- Protect ourselves from insecure hotel networks
- Allow devices we are traveling with to talk to each other
- Connect to devices left back at home
- Use our own Chromecast in a hotel room
- Avoid leaking information that the hotel can sell
- Access local-only content as if we’re at home
Start with a router made for travel
My first step was to find a travel router. I wanted something small and light, but durable enough that I wouldn’t hesitate tossing it in a crowded backpack.
My research led me to GL.iNet. They have a whole line of travel routers at multiple price points. I chose the Slate AX (GL-AXT1800) because I thought I might regret not having a second LAN port someday. The router runs OpenWRT which gives me confidence that I won’t miss out on important security updates if GL.iNet ever goes belly up.
Setting up
I recommend setting up the travel router at home first. Once you receive the device, there are two things you’ll want to do:
- change the admin password
- replace the SSID and PSK
The router will force you to change the admin password before it lets you do anything else, but you should also change the SSID and key, since they are printed on the bottom of the device that is likely to be left in a hotel room where hotel staff will have access to it.
Start by plugging the router in and connecting to the network with the details listed on the bottom of the device. Once you are connected, visit 192.168.8.1 or whatever IP address is printed on the bottom.
You will be prompted to enter a new administrator password for the router. Generate a random password and keep it in a password manager.
Next you’ll be presented with the router’s Internet configuration screen, which also provides a status overview for the router. Ignore this screen for a moment, and tap the hamburger menu in the top-right corner to open the menu and choose Wireless.
Tap Modify in the 5GHz WiFi section, and then update the WiFi-Name (SSID) and Wi-Fi Password fields. I recommend generating another random password here and dropping it in your password manager. I also changed the Wi-Fi Security field to “WPA2-PSK/WPA3-SAE”. When you’re done, tap Apply.
At this point, I recommend switching the device you are doing set up on from the stock SSID to the one that you just set up. This will save you from being disconnected when you repeat the above process in the 2.4GHz WiFi section. I used the same SSID and password for both.
Now that that’s all ready to go, it’s time to get the router connected to the internet. Navigate back to the Internet page via the menu.
You have four options to connect to the internet. The first is as simple as plugging an ethernet cable into the WAN port on the router. I’m going to ignore the Tethering and Cellular options. The Repeater option is the one I’ve found most useful in hotels.
To set up the repeater, click the Connect link. A modal will appear showing nearby Available networks as well as any networks you have previously connected to. Choose the network you want to connect to and enter the password if necessary, then tap Apply. This is the only part of the configuration that you’ll have to do each time you visit a new hotel.
During your trip
When you use the router at a hotel, the first device to connect to the travel router will usually be greeted by the hotel network’s captive portal. I thought I’d have to do some MAC address cloning to get the router reliably connected, but so far every hotel I’ve stayed at has just worked if I login to the captive portal through a device connected to the travel router (usually my iPhone).
Now that setup is complete, you can start connecting your devices to the router. Getting non-Apple devices connected the first time is a somewhat tedious but straightforward process, but the real beauty is that next time I travel, all of my devices will already know the network to connect to regardless of where I stay.
A major benefit of this setup is that if the hotel network doesn’t effectively isolate guest devices, the only device directly exposed is the travel router itself.
Another great benefit is that you can forget all of the hotel networks that your devices have remembered over the years, and you never have to add a new one. This saves your devices from trying to connect to random hotel networks any time you happen to be near one.
Home away from home, with Tailscale
The second piece of the puzzle is Tailscale. Tailscale is a managed VPN service that makes it easy to create a private virtual network among my devices. With Tailscale my iPhone can easily talk to my Philips Hue bridge back at home from anywhere, without connecting my Hue Bridge to the internet.
There is something unusual you’ll encounter when you sign up for Tailscale. You are presented with a list of authentication providers to choose from, and cannot sign up with a typical email address and password. Tailscale has chosen to stay out of the business of managing user identity in favor of integrating with many identity providers that you may already be using. I recommend picking one that you expect to keep the same account with indefinitely. For me, that was my Google account.
Tailscale has apps for MacOS and iOS that are available in the App Store To connect a new machine to the network, you just have to sign in with the apps. Setting up other environments is an exercise for the reader.
Tailscale gets even better paired with my travel router, because the router itself can connect to the Tailscale network. That means each device that is connected to the travel router can access other devices back at home.
To use Tailscale on the Slate AX, login to the admin site, and navigate to Applications > Tailscale. Check Enable Tailscale and then click Apply. A yellow box ought to appear that includes The Device Bind Link. Click that and you will be redirected to Tailscale to authenticate and connect the router. Once connected, you will be redirected to the Tailscale dashboard. One of the machines in the list will be your travel router.
On top of making all of that easy to set up, Tailscale has another great feature for travel: any node on the VPN can be configured as an exit node. All internet traffic from devices connected to the VPN will be routed out through the exit node. In my case, that’s a Raspberry Pi back at home. That means that all internet traffic from devices connected to the travel router will reach the internet through my home connection in Pittsburgh.
To set that up, you should follow Tailscale’s instructions on setting up an exit node. When you’re done there, head back to Applications > Tailscale on the router, and check Custom exit nodes, then close your designated exit node from the options in the dropdown list, and click Apply. That should be all you need to do to route traffic through your home connection for any devices connected to the travel router.
That’s great news for Caroline who would much rather start her day watching our local Pittsburgh news rather than hearing about whatever happens to be going on in Vermont. The other great thing about it is that we are effectively opted out of whatever data collection the hotel or their ISP might have had in mind.
Wrapping up
This setup has changed the way I travel. I’m more inclined to leave my laptop at home knowing that I can easily and securely SSH or VNC in in a pinch. We have the comfort of our morning and bedtime media routines without fussing with bad hotel TV services. Most importantly, setup in a new place is easy, and we are better inoculated against bad hotel network management.