Travel Routing & VPNs
While traveling, it's not uncommon to use a VPN for personal security or to hide your location from anyone who might care, like your favorite streaming service. I sometimes need my internet to be operationally within the US to perform specific job functions that are unavailable in areas of the internet that are understood to have a lower security posture.
There are a few levels of complexity when doing this, each reducing your risk; ultimately, you need to balance your needs, but let me guide you through the options you have at your disposal.
It's worth noting that VPNs can be illegal; they seem to get regulated with the same enthusiasm as satellite phones and sex toys. So, if you plan on visiting a region that might be sensitive along those lines, it's important to check local restrictions. That said, the ability to detect and limit VPNs depends on your setup's security and the state actor's sophistication.
Level 0: Software VPN
Software VPNs are the most basic option. You will often see fear-mongering ads for why everyone needs a VPN, or you might have one of these provided by your corporate IT setup.
Ads tend to overstate the risk; they have a product to sell, but generally, it is prudent to use a VPN when connecting to a public network like a coffee shop or an airport. Teaching the basics of local network penetration is a hacking workshop that can be done in an hour.
If you already have a corporate VPN on your computer and still need to VPN for other reasons, like geo-restricted network access, a software VPN will not work for you. You will need to move to the next level.
I use NordVPN's services. For you, the traveler, VPNs are a commodity. Feel free to pick the one whose branding matches today's outfit, but ensure they have servers in the country you wish to appear from. Most will.
The risk with software VPNs is that if the VPN disconnects or otherwise decides not to route DNS traffic, your computer, by default, will continue to browse the internet and expose your location and traffic. There are settings on some providers, like NordVPN that reduce this risk, but it's impossible to remove it at this level.
Level 1: Hardware Router
The next step is to get yourself a travel router. This will allow your computer to connect to the router while the router manages the VPN connection. This also allows you to double VPN by allowing your base internet connection to communicate through your VPN, while a software, often corporate, VPN can run on your computer.
What's nice about this is by default, if your router loses connection to its VPN server, your computer will lose access to the internet, creating a very secure fail-safe. Additionally, no software on your computer is aware of the VPN, nor can you accidentally turn it off. As far as your physical device is concerned, you are located at the location of your VPN.*
*Modern device location sharing uses a map of local Wi-Fi signals to triangulate you. If this concerns you, you may disable Location Services and/or turn off your Wi-Fi and connect to your router via an ethernet patch cable.
With a hardware router, you will still need a VPN server, like NordVPN, to connect to. I currently recommend GL.iNet's products. They are small, well-designed, well-made, and loaded with DD-WRT, which has an improved dashboard. Which is to say, they are easy to use while also giving you the control to do anything you could want to do with the router.
The Slate AX ships with a couple of notable features that it's worth looking out for.
- USB-C powers it, so you can run this off your laptop at a coffee shop without needing an outlet.
- It has a USB-A port that allows you to plug and use a SIM Card adaptor that you have a backup if your local network or Wi-Fi goes down.
- It supports 2.4GHz and 5GHz, so you can connect to your local Wi-Fi network regardless of how modern it is, Which is a variable while traveling.
The setup process for this type of device is pretty well defined, with GL.iNet providing tutorials. In addition to setting up the VPN, it's also worth checking out the Ad blocking, which will reduce bandwidth, helping your VPN to be faster.
Make sure to configure everything while you are still in your home country. Once set up, I recommend forgetting all other Wi-Fi connections on your laptop except for your travel router. This way, you can't accidentally connect to a non-VPN network.
Level 2: Hardware VPN
While your travel router and VPN service protect your computer's side of things, it's still pretty easy for anything you connect to tell you that you are connecting from a VPN. Sometimes, this is desirable from a security perspective, but as a traveler, you may want to ensure it looks like you are at your house.
This helps reduce the risk of being unable to connect to your VPN provider from a country that may put restrictions in place, even if VPNs aren't illegal. Or it can prevent corporate networks like your favorite streaming service from noticing your VPN.
You need to run a VPN server on your home network to accomplish this. Some home routers will let you do this; it's worth looking into, but if you got your router from your ISP, expect it to be highly locked down past the point of necessity.
Another option would be to get a second travel router and set it up as your VPN host. This might be overkill, but the hardware will be specialized, and the tutorials can guide you. So, buying a second Slate AX may be a great option if you are not the most computer-savvy person.
I think this is an excellent use for a Raspberry Pi. The additional processing power over a router will help it handle more traffic, and once set up, it can be forgotten about behind the router. I wouldn't be surprised if you could leave one set up in an Airbnb and find it still working a year later.
When setting this up, I would make sure to set some dynamic DNS system, as consumer home networks have a habit of changing IP addresses, and it would be unfortunate if you could not connect to your VPN without having physical access to fix it.
Bonus: Internet over DNS
While not as secure in the way that a VPN is, as a bonus for the highly technical, it's worth being aware that one can send internet traffic over DNS requests. It's slow and requires you to set up a server to translate the traffic, but it allows you to access the internet in most situations where one might encounter a paywall.
Do you have a different travel router setup, or would you like a tutorial on setting this up? Let me know in the comments.
Member discussion