Routers (travel)

Budoka · ‎08-03-2021

Would like some feedback/input from the community about Travel Routers.

I am a road warrior and for the past couple of years have been using a TP-Link TL-WR802N travel router. The size can't be beaten. My primary use case is as a hotspot router.

But, unfortunately, TP-Link hasn't issued a firmware update in years which is a little unsettling. It is also only operated single band 2.4GH and has an internal antenna... which honestly hasn't been a huge issue but there are a couple of hotels I use frequently that I must request specific rooms or floors so that I can grab a signal. But, that is the exception now not the rule.

So I think it is time for a new travel router. Looking for comparable size and maybe an external antenna this time. Also dual-band 2.4GH/5GH.

Now to my question. I am actually a little concerned because it seems like every router manufacturer now is in Mainland China. We know that some router manufacturers were putting backdoors into their products. Steve Gibson at Security Now did a very good episode on one such incident for those interested. I guess at some level this is out of our control but what are you doing with your routers, security-wise, after you pull them out of the box to harden them. The only thing I can think of that would be truly secure would be to flash a custom firmware right?

Also, do you have any suggestions for a travel router you consider secure/hardened?

I am thinking about just picking up the subsequent model to the one I have now (TL-WR902AC).

Also looking at GL.iNet’s GL-AR750S and Mudi GL-E750 but I had never heard of this company until I started researching new products.

Thanks

dcontesti · ‎08-04-2021

Great question and as things begin to open up, I will be watching for answers as I know I will be back traveling.

d

Peter_Sklenar · ‎08-04-2021

That's a really good question. I'm afraid, you are depending on the manufacturer. For getting control over your device, you can try to flash a opensource router firmware on it. Like OpenWRT.

Mudi GL-E750 is based on OpenWRT (according to their website), so there might be a chance, that it will work.

If it doesn't need to be battery powered, you could use an IoT Router. Teltonika is not that expensive and reliable.

Cons: you need a power socket, bigger and heavier.

Budoka · ‎08-05-2021

Yeah. Agreed. At the end of the day, we are at the mercy of the manufacturer. I am actually not that skittish, but for example, I would have never thought that a router manufacturer would hard code credentials on their product. And there have been cases of exactly that recently. So now I have become more cautious re this kind of stuff.

I think I will be looking at products that use/can use OpenWRT, Tomato, etc That at least will give me some flexibility in configuring/hardening the device. I think it would also be good to run the VPN on the actual router which OpenWRT will allow. Sadly that rules out the TP-Link Nano routers which for size and power have really been great.

I wasn't familiar with Teltonika. Will definitely take a closer look at them. Fundamentally speaking I have no issue requiring a power socket. But would be nice to be able to power off of USB.

This kind of stuff isn't exactly my wheelhouse but guess it is going to have to be if I really want to be as secure as possible on the travel router side of things.

Any other feedback from the community would be appreciated.

Budoka · ‎08-22-2021

Quick update:

After doing some more research decided to order the GL.iNet’s GL-AR750S. when it arrives I will flash the most recent stable Vanilla OpenWRT to it and go from there. I'll update this thread.

There is a fellow InfoSec Pro that has an interesting tweet thread on this particular product if interested.

https://twitter.com/RoganDawes/status/1203623239425150976

I may still pick up a Teltonika as well.