So I’m on the market for a 4G or 5G mobile hotspot with a build-in VPN client I can carry around in my backpack and connect my cellphone to. I’ve looked far and wide, and really the only manufacturer that seems to make what I want is GL.iNet.

The two battery-powered models they offer that interest me are the Mudi v2 and the Puli: they only do 4G and I wish they did 5G too, but I can live with that. Other than that, they really tick all the boxes for me.

From what I could read, the GL.iNet company also seems very open and very responsive. That’s a plus too.

But I have one giant problem that prevents me from whipping out the credit card: GL.iNet is a Chinese company, and those products are sensitive applications. I know I can flash OpenWRT separately on those devices to ensure they’re not doing stuff behind my back, but I don’t really want to do that because I’d lose the GL.iNet plugins and custom UI. Not to mention, I have no free time for that. I’m looking for a ready-made solution if possible with this one.

Anybody knows if GL.iNet can be trusted?

Also, has anybody ordered from Europe using their EU store? They say they ship direct from Europe but they give no details.

And finally, what do you think of those two mobile VPN routers if you own one. Do they work well? I read somewhere that they can be buggy with certain VPN providers. Do they work in Europe? I assume they do since they sell EU plugs but maybe there are caveats.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    23 days ago

    Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don’t have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.

    Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc


    I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you’re paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn’t matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It’s just more portable. And you have a backup phone when you’re traveling

    • ExtremeDullard@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      4
      ·
      23 days ago

      get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that

      That’s what I thought too. So I tried it on my CalyxOS phone and… it doesn’t work: the hotspot doesn’t route through the VPN. And from what I read, it’s by design.

      I have an old Nokia 4.2 running LineageOS. I might try that one.

      end-to-end VPN

      Incidentally, do you know if the GL.iNet devices can act as a VPN server too?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        23 days ago

        I use a calyxos device to share VPN, as of a few months ago.

        Hotspot & Tethering

        • Allow clients to use VPNs

        https://calyxos.org/features/list/#network

        Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I’d be curious to learn about it

        If openwrt can do it, gli-net can do it

        • ExtremeDullard@lemmy.sdf.orgOP
          link
          fedilink
          arrow-up
          2
          ·
          23 days ago

          I use a calyxos device to share VPN, as of a few months ago.

          Hotspot & Tethering

          • Allow clients to use VPNs

          Oh wow I totally missed that. It works great! Genius!

          Thank you for that. Suddenly it makes repurposing one of my old cellphones a very simple and viable proposition.

          (and I’m posting this from my laptop connected to the hotspot connected to the Calyx VPN 🙂)

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        23 days ago

        True, but don’t let perfect be the enemy of good.

        Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That’s a pretty good trade-off

        • Imprint9816@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          23 days ago

          No offence but that’s terrible logic.

          There is no point in using a vpn if you don’t care if your data leaks outside the tunnel.

          It would be much better to just use a free VPN, like proton, on all devices instead and then just use the regular hotspot functionality.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            22 days ago

            There is no point in using a vpn if you don’t care if your data leaks outside the tunnel.

            Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone.

            • Imprint9816@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              22 days ago

              Either you didn’t read the github comments or dont understand how vpns work.

              If the VPN over hotspot function leaks data outside the tunnel, then your phones data is going to be revealed in the clear.

              • jet@hackertalks.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                22 days ago

                And yet even with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it’s coming from the phone so it isn’t throttled by the carrier as tethered data. The failure scenario being the data goes slower.

                I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.

                No need to insult me, I both read the GitHub and understand how VPNs work.

                • Imprint9816@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  22 days ago

                  Sorry my bad, I should of responded in a more professional tone.

                  Yeah I totally agree there is a valid reason to have the function but its all moot if the function doesn’t work correctly.

  • twinnie
    link
    fedilink
    arrow-up
    7
    ·
    23 days ago

    There are others that aren’t Chinese but nothing anywhere near the price bracket you’ll get from GL.Inet. I wouldn’t trust them either, I’d just take the hit and lose the app. Since it’s OpenWRT I wouldn’t be surprised if there’s an alternative to the apps. Flashing standard OpenWRT to them is really easy, you just download it from the site and flash through the firmware upgrade option, no dramas. Many VPNs will have instructions on how to set up their service on OpenWRT.

    • ExtremeDullard@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      2
      ·
      23 days ago

      There are others that aren’t Chinese but nothing anywhere near the price bracket you’ll get from GL.Inet

      Can you give me some pointers to non-Chinese equivalents of those GL.iNet routers? I’m quite ready to suck up the extra cost.

      • twinnie
        link
        fedilink
        arrow-up
        1
        ·
        19 days ago

        About to head off to work but I think Netgear make one, but it’s like 6-7x more expensive. And it’s probably made in China anyway.

    • ShortN0te@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      23 days ago

      The cheap models can not be flashed with openwrt since they use some proprietary drivers or something.

      The complete Opal series is not supporte iirc.

  • bloubz@lemmygrad.ml
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    23 days ago

    It’s crazy to fear for Chinese espionage/tracking more than European or US one

    • ExtremeDullard@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      23 days ago

      At this point, I think China is well known for infiltrating local businesses and forcing them to sell networking gear with trojans.

      The US is better known for surveilling people indirectly by exploiting corporate surveillance data collected by big tech monopolies doing their bidding for them and by directly “tapping the line”. I don’t think US officials asking US companies to compromise their products and keep quiet about it would fly in the US. At least not yet. But I wouldn’t put it past them either.

      To be honest, of all three, I’d rather purchase something made in Europe, even for a premium.

  • JoeKrogan@lemmy.world
    link
    fedilink
    arrow-up
    3
    ·
    23 days ago

    I’m looking to get one soon enough from the EU store. Depending on the product they will say if it is shipping from China directly. I guess we have to trust some of these companies at some point with all of our devices. I plan to use it with a commercial vpn

  • foiledAgain@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    23 days ago

    I have been using one of their top end routers for nearly a year. Have stock fw installed and chosen not to flash with openwrt. I’m privacy conscious but figured with the amount of customers and forum space dedicated to their products someone would have noticed any funny business by now. Router works great and have had no problems over several updates.

  • ReversalHatchery@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    23 days ago

    I don’t have any recommendations, but if you download the table of hardware spreadsheet, you can use libreoffice to filter devices by column. like there’s a column with the device type, but be careful (and open in a sense) because the classification is not always right. you may also want to reorder the columns, because the default ordering is not that convenient

      • interdimensionalmeme@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        21 days ago

        There are some that have builtin LTE modems

        I don’t know viable, available or pricey these are but I found the following in the table of hardware and there are still about as many of them left I didn’t copy.

        https://openwrt.org/toh/views/toh_extended_all

        COMFAST	CF-E7
        Edge-corE	OAP-100
        GL.iNet	GL-AP1300
        MikroTik	RBwAPGR-5HacD2HnD&R11e-LTE (wAP ac LTE)
        MikroTik	RBwAPR-2nD (wAP R)
        Sony	AI Home Gateway (NCP-HG100)
        ZBT	WE1026-5G
        ZBT	WE1026-H
        Arcadyan / Astoria	Easybox 904 LTE
        BOLT	Arion
        BOLT	BL100
        Cell C	RTL30VW
        https://openwrt.org/toh/views/toh_extended_all
        
  • Archy@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    22 days ago

    There is an interview with the founder on one of the Privacy podcasts. You can form your opinion. My opinion - yes, they are trustworthy and you can do with them anything that you can with any Linux box, alternatively flash a clean OpenWRT for extra paranoia