Hi Everyone,

I'm trying to figure a secure connection solution for a situation and I'm on a research journey.

Scenario: free, unsecured public wifi at the hotel

Solution: create VPN to connect securely

The logic or solution that I'm trying to find out(preferably without buying VPN services from a company) is my dilemma. 

Can building an OpenWRT VPN router that I bring with me to the hotel be the solution?  From a logic standpoint I would say no, but please help me to understand...

my devices---connected to>---- my own VPN OpenWRT setup router---->connected to----> open public wifi router connection.... = secure? 

As I would assume, that the connection from my devices to the VPN OpenWRT router would be secure, but then the VPN OpenWRT router connecting to the free public wifi would be unsecure, correct? Which leads me to thinking that I would have to host an online server that would be configured to be on all the time to connect to, is that my only solution?  How can OpenWRT be a part of the solution, or is it?

That's what I'm trying to figure out.  Can someone shine some light or point me to the correct road(s)?

You need an external/secure endpoint for your VPN to connect to. That could be a commercial VPN service, your own router at home or a vserver/ root server somewhere in a data centre.

This is how I solved this issue:

* I have a OpenWrt router at home, connected to the internet, which acts as an OpenVPN server, and shares the internet connection to the OpenVPN clients.

* All my devices have a OpenVPN client, that connects to the OpenVPN at home, and direct all outgoing traffic through the OpenVPN tunnel.

If your home is connected, and already own a router that can run OpenWrt, then the cost is zero. If your home is not connected, I would consider either paying a dedicated VPN provider (and install their VPN client in all your devices), or paying for a VPS somewhere and install a VPN server there.

I just do not see the benefits of carrying a router around.

Hey there.

Could you please elaborate who the attacker in your scenario is, what he's going to accomplish and what he's doing to reach is goal?

Regards,
Stephan.

Thanks, that sounds like what I need!  I wouldn't mind carrying the router around, but the problem is, if it solves my security concerns, which, it seems from a logic standpoint, that carrying one around wouldn't(due to end to end connection..ie: my device to VPN, VPN to public unsecured, etc.), unless I've been mistaken?

I suppose I'm more concerned with packet sniffers and data flowing out in an unsecured manner.  Just practicing better security measures.

(Last edited by opensource101 on 20 Jun 2017, 20:18)

No, carrying a router around will not help at all with regard to your security. It will make things easier, if you connect it to an external VPN and then your devices to your router, because then you will need just one VPN client on the router, not on each device. But you definitively need a VPN server, hosted somewhere you deem "safe".

Going back to your initial post, fortunately, I have a home connection that is always on and I have 2 routers(more than willing to get more if necessary) that can run OpenWRT, which from what I understood, the OpenWRT router can serve as the server: 

So it sounds like a great solution, next I just gotta do some more research on the installs for my netgear R7000 and my linksys ea6500 v2.

Like eduperez said.

I will add that the travel routers in general are all slow.  The best are about a 680 cpu and 128MB ram but none have hardware encryption which most newer laptop CPUs have.  5-7Mbps is about all one can reliably get from a pocket router, many seem to get less.  Speed also varies depending on cable vs wireless.  That's about the bottom end for good streaming of HQ video, but fine for most other browsing activities.  Also be aware that OpenWrt does not play nice with redirects to captive portals found at hotels etc.  I generally need to manually open the portal URL to log in.  Also have sometimes seen short leases (ie less than the advertised 12 or 24 hr periods)

You also need to consider that the hotels free services are usually crippled so they can sell you better services. 
You may want to be aware of this site:  https://www.hotelwifitest.com/

If you need to share a connection for multiple devices in a hotel, than get a dual port travel router so you can run cables to the laptop and hotel Ethernet for best performance.  Run your phones etc wireless.  For just a laptop then run the VPN from that device and you should get much better performance (all else equal and unconstrained ie not limited by your homes service or router)