Blog

Did we find the better answer to traveling security?

by | Mar 22, 2023 | 0 comments

One of the challenging issues we face day-in and day-out is security on the go. Truthfully, trying to keep security at 100% is practically impossible unless you’re keeping a device offline and putting up a barrier that can only guarantee that you can access through the barrier to get to that PC. So if that is difficult from a stationary computer, imagine how hard it is when you’re trying to go elsewhere with mobile tech?

As usual, the best you can do is put barriers. There is a concept in our line of work called Zero Trust where the simplest phrase to describe is: “Never trust, always verify” or basically always verify every request and transaction that occurs usually in the network sense. This is honestly quite harder to do when you have less control from outside sources, so you just try your best to provide internal sources that can be controlled.

One concept when you’re on a laptop and doing some work, you may want to use a café’s WiFi and hope no one is using the same wifi maliciously nor is it compromised. Its generally worse with a Hotel. If you can afford to tether your phone’s internet, perhaps using that would be more secure. Well, that one is more just hoping that nothing is intercepting from the tower point which is always hard to know if its not compromised. Also, there is tricking the tower if one had a portable tower and happened. If the information you have is critical, then we need to do something about it. Connect to a VPN, but you’re still having to expose your device first before you can connect to the VPN and that may not be appreciated.

Small Size Beryl
So here we have this little network device that we had the recent chance to test. It is a router called the Beryl GL-MT3000. “Oh? So to trust a routing source, take a router with you?” Well, kinda. This isn’t your typical router, but it is stronger than it looks. It has a simplified interface of OpenWrt, a type of modular OS for handling router duties, but with an interface in a friendlier way. And the company that made this particular hardware, GL.iNET has figured out what is needed to make it happen.
Beryl AX GL-MT3000

GL-MT3000 Specs

Brand GL.iNET
Model Beryl AX GL-MT3000
CPU MT7981B Dual-core Processor @1.3GHz
Memory DDR4 – 512 MB
Storage NAND Flash 256 MB
Power Input USB Type-C 5V/3A, best rated for at least 10W capability
WiFi Tech Up to WiFi 6, AX
Notable Features:
  • USB 3.0 port
    •  Can use for Network Storage
    • Can use for Tethering
    • Can use for USB Modem
  • 2.5G WAN Port
  • AdGuard Home
  • OpenWRT OS Preinstalled
  • External VPN Toggle
  • VPN & Wireguard to all connected devices
  • Easy Encrypted DNS setup
  • Guest Network capable
To start, we would just setup the WiFi that we’d use and the devices that would be able to connect. We then had the chance to setup some VPNs. So naturally, we added a company one and a tested non-business-related VPN. We also added a connection to the home base if we can work it (because if you have a good enough understanding of your home routing, then surely you would be able to rely on it doing its job right for your connection and only your connection).
Main Screen

Then came the test. While at a hotel, there was no ethernet cord to plug into a device. So we had tried using a relay method. We connected the WiFi the hotel had with the wifi on the router. We then connected our laptop to the router. Because the Hotel had a captive portal (a page that you either sign in or agree to before you can get on the internet), we copied the MAC address the laptop to the router, then proceeded with signing in. Upon signing in, the router worked as a full gateway repeater with the approval of the connection for the other devices we tested, including cell phones.

But then we had to see if we could work the VPNs into the mix. At that time, each method of VPNs were connecting just fine. We even added an encrypted DNS to the mix which made all devices connecting on the router effectively safe to do banking on and e-mail checks. What was great with the VPN options is that even if you weren’t using the pre-defined ones in the list, you could either download the plugin or if you went to the VPN’s website, they would have the information to download a file that you would be able to drag & drop to the page.

The router had the option to make a guest network, but we felt no reason to really test that. Though, we feel if we did, it should perform just as well as they would be isolated from the rest of your critical stuff. I suppose on a business trip, or a family outing, we could see the idea of putting game consoles on the guest network or even your portable firetv sticks or chrome cast devices.

Beryl AX GL-MT3000

We were also able to test out programming a switch on the side (Shown above) so that upon getting on a network, we simply flip the switch right into our designated trusted selected VPN.

While the device is capable of being physically connected to a modem and connecting a local device hardwired with an ethernet cable, we also tested functions like using a cell phone as a tether device via USB and as a WiFi hotspot. Both worked well. Generally, it seems like once its all setup, its painless just to connect. Almost a set it and forget it. The only complication seems to be just in remembering if you use a Hotel’s WiFi, it may be best to clone the MAC address of your simplest accessible device. For instance, if your tablet is the easiest to do those logins, then clone the tablet. Just remember, it needs to be the same device when going through those hotel logins or you’ll have issues with the other devices wanting to go through the login process.

One feature we appreciated was you could define every single device you have connected to the router, and you would at least know when these devices were connected. If something else was connected, the device is shown in the list and if you never edited that device before, you can choose to block its future access. Someone else somehow logged into your wifi? Block its access and that is after changing the wifi password.

Client Control

We’re sure there may be a weird legal edge case with a device like this, but there is a precedent as well for using this in places like a hotel or a café. Some hotels want to charge with the more devices being on the network than intended. Technically, that is fair. But at the same time, the hotel is never responsible for your devices while on the network, so technically, if you get a malware or someone manages to get on to your device remotely from within the hotel, that is on you unless you have hard evidence to the contrary. On this avenue, all you’re doing is securing your devices while simultaneously making it far easier to manage your devices. Think about it, you no longer have to have an endless supply of wifi names saved on your device when all you might need is home, work, and the travel router.

For travel, it has been tested while connected on a VPN to hit about 114 Mbps which there is still room to improve it further and we feel it can hit more than that. We didn’t have a good enough Wireguard option to test if it can hit 300 Mbps, but that is ok. We feel that the Beryl is adequate for work related tasks as we’re not looking for what can max out 1000 Mbps or even the next 2500 Mbps speed since one wouldn’t be expecting to have more than 5 devices that needs connecting anyways. 10 maybe with a family. This is a travel router so we never tried testing how well it could handle itself if one went all out with 20+ devices connected, though since the VPN would have to put in lots of work and be used generally for all devices, you wouldn’t want that for 20+ devices anyways. It is rated for 70+ devices however if concerned, so it should have just enough power to keep up like some of the other routers out there. Besides, in its advertising, supposedly it offers low-latency gaming, so if you need that on the side, it should just work.

Lastly, the power we tested if any USB Type C can be connected to the power slot and it seems that it can with no tricks. On power draw test, we couldn’t get it to go above 3.5 W, so theoretically, the more devices you have hammering away on the router, the more power it could use, but according to the data sheet, we shouldn’t see more than 8 W and we believe that. In fact, we’d say pair this with a 20,000 mA portable battery charger and we could see this being used as a short time period for secure net access, probably 1.5 hours worth if you’re lacking a wall outlet of sorts.

Overall, we think this is the cheapest answer you’re looking for when it comes to a need of more security layers to your traveling needs. And if you want, Whispering Dragons can teach you how to use it during a session!