Last edit by: nkedel
Some of the popular routers in this thread:
Edimax 6258NL (or via Amazon)
Asus wL-330nul
TP-Link WR702N
TP-LINK TL-WR710N (out of production, but superceded by similar models)
Edimax BR-6258n
Hootoo Tripmate Nano (TM-02)
GLi GL-AR300M
GL.iNet GL-AR750 Travel AC Router - a higher-powered dual band option; probably bigger than most people want, but if you need it... (has its own thread here)
Edimax 6258NL (or via Amazon)
Asus wL-330nul
TP-Link WR702N
TP-LINK TL-WR710N (out of production, but superceded by similar models)
Edimax BR-6258n
Hootoo Tripmate Nano (TM-02)
GLi GL-AR300M
GL.iNet GL-AR750 Travel AC Router - a higher-powered dual band option; probably bigger than most people want, but if you need it... (has its own thread here)
World's Smallest Wireless Router for Hotel Rooms
#691
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,967
#692
Join Date: Sep 2005
Location: BOM-SIN-EWR
Programs: UA*G (1K again), Sixt Plat, *was*: SQ QPP01 & SK EBS/EBG, LH SEN, AA EXP, 9wPlat
Posts: 8,606
1. "TTL" or "TTL decrement".
2. "DNS Rebinding Protection".
Thanks in advance for any guidance - connected at other home with the same Slate router/device...
#693
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,967
GL-iNet devices don't have #1*, and I'm 90% sure #2 is under "Advanced", but I know it's there somewhere.
* - I have a Hotspot that gets slow speeds and counts the data against your cap unless the TTL is set to 64; for advanced users LuCI can be installed and you can add an iptables rule to set this, so I can get $20 unlimited (OK, soft cap at 50GB) data on T-Mo
* - I have a Hotspot that gets slow speeds and counts the data against your cap unless the TTL is set to 64; for advanced users LuCI can be installed and you can add an iptables rule to set this, so I can get $20 unlimited (OK, soft cap at 50GB) data on T-Mo
#694
Join Date: Sep 2005
Location: BOM-SIN-EWR
Programs: UA*G (1K again), Sixt Plat, *was*: SQ QPP01 & SK EBS/EBG, LH SEN, AA EXP, 9wPlat
Posts: 8,606
More Settings -> Custom DNS Server.
Thanks.
Maybe I should have separate DNS server entries too??
(Will have to try on my next flight though...not sure when that will be!)
Last edited by SuperFlyBoy; Nov 8, 2021 at 10:09 am Reason: Clarity...
#695
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,967
No, since most of your usage will be from "providers" that use captive portals, you want to ensure the DNS is that of the "ISP"; many times the HTTP redirect will go to a page that only resolves using the DNS of the network you're connected to. This is almost certainly what had happened in your case- "DNS Rebinding Protection" is a setting (ostensibly for security purposes) that doesn't bring over the ISP's DNS settings, proxying DNS via the GL-iNet. Problem is, doing it that way can't usually get to those captive portal pages, and without being able to resolve those and consent at least once, no traffic will flow through.
Also, ProTip: when connected pre-consent to a site like that, enter (best to bookmark on your home page) "neverssl.com" to begin the captive-portal consent process; SSL pages require a full connection to the internet for exchange and verification of the certificates, so most pages (as HTTPS is on most "meaningful" sites) either stall there or don't load all the way. NeverSSL is a straight page that doesn't use SSL and will trigger the portal. Of course, if you've already consented on another device behind the GL-iNet, you shouldn't have to do it again (but it never hurts).
You can try it on most public WiFi, like Starbucks or Mickey Ds, etc.
Also, ProTip: when connected pre-consent to a site like that, enter (best to bookmark on your home page) "neverssl.com" to begin the captive-portal consent process; SSL pages require a full connection to the internet for exchange and verification of the certificates, so most pages (as HTTPS is on most "meaningful" sites) either stall there or don't load all the way. NeverSSL is a straight page that doesn't use SSL and will trigger the portal. Of course, if you've already consented on another device behind the GL-iNet, you shouldn't have to do it again (but it never hurts).
Will have to try on my next flight though...not sure when that will be!
#696
Join Date: Sep 2007
Location: ORD
Programs: UA MM, AA PPro
Posts: 1,480
One option that sometimes works is to hit the gateway server directly, that is, type the IP address into the browser window. In the above case, substituting 172.19.248.1 for unitedwifi.com might have brought up the portal and allowed purchase to go through. Alas, turning the DNS rebinding protection off is easier. While it is a legitimate security feature, the chances of someone hacking inflight network to intercept traffic are very low.
#697
Join Date: Jan 2015
Posts: 2,918
I don't understand how the DNS rebinding protection setting causes all these issues? I did read up a little about it a long time ago but I don't see the relevance... I'm not saying there is anything wrong, I just don't understand how it fouls things up.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
#698
FlyerTalk Evangelist
Join Date: Jul 2006
Location: Upper Sternistan
Posts: 10,047
I don't understand how the DNS rebinding protection setting causes all these issues? I did read up a little about it a long time ago but I don't see the relevance... I'm not saying there is anything wrong, I just don't understand how it fouls things up.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
I really don't know if they then further block other DNS requests once connected - that could be different in different situations.
#699
Join Date: Sep 2007
Location: ORD
Programs: UA MM, AA PPro
Posts: 1,480
I don't understand how the DNS rebinding protection setting causes all these issues? I did read up a little about it a long time ago but I don't see the relevance... I'm not saying there is anything wrong, I just don't understand how it fouls things up.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
So I guess the related question after that is, can you turn it back on after clearing the portal? There are other security issues that leaving one open isn't the greatest idea.
In my experience, the setting can be re-enabled after signing in to the portal. You will be able to use the internet, but won't be able to connect to the internal portal (e.g., to watch BYOD entertainment or check on flight's progress) - similar to being connected to a VPN.
#700
Join Date: Jan 2015
Posts: 2,918
AFAIK, these captive portals intercept DNS to direct you to their sign-in and payment pages. If you don't allow them to intercept your DNS, you'll never get through their process.
I really don't know if they then further block other DNS requests once connected - that could be different in different situations.
I really don't know if they then further block other DNS requests once connected - that could be different in different situations.
The way unitedwifi.com portal works is that the name resolves to a private, non-routable IP address while in-flight, e.g., 172.19.x.x in the above screenshot. On the ground, the same unitedwifi.com name resolves to a public, routable IP address, e.g., 161.215.209.23, and brings up a generic "United WiFi" page. The setting in question "enables DNS rebind attack protection by discarding upstream RFC1918 responses" - basically, disallowing an internal IP address to be mapped to unitedwifi.com - and therefore preventing access to the portal page. For more information on DNS Rebinding attacks, see https://en.wikipedia.org/wiki/DNS_rebinding.
In my experience, the setting can be re-enabled after signing in to the portal. You will be able to use the internet, but won't be able to connect to the internal portal (e.g., to watch BYOD entertainment or check on flight's progress) - similar to being connected to a VPN.
In my experience, the setting can be re-enabled after signing in to the portal. You will be able to use the internet, but won't be able to connect to the internal portal (e.g., to watch BYOD entertainment or check on flight's progress) - similar to being connected to a VPN.
This kinda reminds me of my last few trips to China. My first trip I noticed that my DNS settings on my laptop kept on getting reset every time I connected to the internet... it wasn't until I put a personal router in-between and set up a VPN that things started working properly again.
#701
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,622
Another tip is to use a non-encrypted (http instead of https) website to trigger the portal page. I intentionally have my company's homepage set to http and often recommend a "dumb" webpage such as IPChicken.com for this. I have no doubt that the DNS rebinding setting is what was getting in the way here
#703
Join Date: Nov 2004
Location: TEXAS
Programs: UA Silver, AA
Posts: 140
Just bought two of these from Dell. I'm using one for me, and one for my next home Crypto mining home client. I can drop a wired network anywhere there is wireless that the client has access to. I'll let you know how it works! I've been trying out different brands of wireless bridges with marginal success. Being a bridge is a hidden feature of some range extenders.
TP-Link TL-WR902AC - Wireless router - 802.11a/b/g/n/ac - Dual Band
TP-Link TL-WR902AC - Wireless router - 802.11a/b/g/n/ac - Dual Band
#704
Join Date: Dec 2006
Location: SNA
Programs: Bonvoy LTTE/AMB, AmEx Plat, National EE, WN A-List, CLEAR+, Covid-19
Posts: 4,967
FWIW, (and 'cause I'm addicted to "new and shiny" apparently), I just bought GL-iNet's new "" router, which is pretty much the "Slate" but has USB-C for power, which makes it easier for me when I'm on the road.
Only $45 (at least when I got mine). Forum page: https://forum.gl-inet.com/t/our-new-...-now-available
I don't expect many changes, but one thing about my Slate is I have to use a USB hub when plugging in a HotSpot device to its USB, else I get frequent disconnects and I'm curious to see if this one suffers from that (neither my AR-300M nor AR-750 do, though).
Only $45 (at least when I got mine). Forum page: https://forum.gl-inet.com/t/our-new-...-now-available
I don't expect many changes, but one thing about my Slate is I have to use a USB hub when plugging in a HotSpot device to its USB, else I get frequent disconnects and I'm curious to see if this one suffers from that (neither my AR-300M nor AR-750 do, though).
#705
FlyerTalk Evangelist
Join Date: Sep 2002
Location: Between AUS, EWR, and YTO In a little twisty maze of airline seats, all alike.. but I wanna go home with the armadillo
Programs: CO, NW, & UA forum moderator emeritus
Posts: 35,432
FWIW, (and 'cause I'm addicted to "new and shiny" apparently), I just bought GL-iNet's new "Opal" router, which is pretty much the "Slate" but has USB-C for power, which makes it easier for me when I'm on the road.
Only $45 (at least when I got mine). Forum page: https://forum.gl-inet.com/t/our-new-...-now-available
I don't expect many changes, but one thing about my Slate is I have to use a USB hub when plugging in a HotSpot device to its USB, else I get frequent disconnects and I'm curious to see if this one suffers from that (neither my AR-300M nor AR-750 do, though).
Only $45 (at least when I got mine). Forum page: https://forum.gl-inet.com/t/our-new-...-now-available
I don't expect many changes, but one thing about my Slate is I have to use a USB hub when plugging in a HotSpot device to its USB, else I get frequent disconnects and I'm curious to see if this one suffers from that (neither my AR-300M nor AR-750 do, though).