Podcast - Using GL.iNet Routers to Protect Digital Assets and Footprints

Podcast - Using GL.iNet Routers to Protect Digital Assets and Footprints

Thank you @Gabriel Custodiet for interviewing Alfie Jianbin Zhao, Co-founder and Chief Technology Officer of GL.iNet on the Watchman Privacy Podcast.

In the past two years, the COVID-19 pandemic has forcefully induced an experimental remote workforce to reduce the risk of transmission. Two years later, work from home is no longer a necessity but has become a preferred working norm for some companies.

However, a remote working environment introduces network security risks to businesses because employees may be connected to unknown public Wi-Fi in a cafe or hotel environment. GL.iNet offers small and medium-sized enterprises a simple solution of assigning a VPN enabled travel router to remote workforces for maintaining an oversight on network traffic and conveniently protect their remote workforces’ digital assets and footprints online.

Looking forward, we will continue to pursue our mission to inspire smarter business and lifestyle solutions for customers and enterprises all over the world.

Listen to the full podcast by clicking Here.

Podcast highlights about network privacy, security solutions, and future developments of GL.iNet

Your first huge success was the Slate router in 2018, which won various awards and continues to sell very well. People were astonished to have a tiny router that could be powered with a USB cord that also had the ability to run VPNs easily. Looking back at the original Slate, what are your thoughts on it?

Slate was our first Gigabit travel router. We thought about making a small and convenient gigabit router that would please the users and it worked. The OpenVPN can be set up easily. It is lightweight, small, does not overheat, and has two antennas. The three gigabits ethernet ports were beyond a lot of users’ expectations.

You have since 2018 made some successors to the Slate. There was the Beryl router in 2020. You now have the Slate AX.. Each of them became bigger and introduced larger power cables than the original Slate, which has made some complain that these new devices are not as portable as the Slate. Talk to me about the decision to introduce larger devices with larger power cables.

The original Slate was popular because our users prefer small and portable devices. However, users also demand more powerful devices, in which we need to find new chipsets and make a larger router so it can be cooled properly. Compared with the other AX routers in the AX router’s mass market, the Slate AX is relatively small.

Your routers use OpenWrt. Is this a pure OpenWrt or have you made modifications? Where can we find the source code? Why was OpenWrt chosen?

We built our user interface based on top of OpenWrt which is readymade for routers. Users do not need to start from scratch to set up routers. Instead, they can focus on making their applications and that’s the reason why we use OpenWrt. Also, OpenWrt is an open source that is trusted by a lot of users, so users are comfortable about using the firmware. Some users just want vanilla OpenWrt on their routers, the firmware can be changed, and it‘s invisible from the manufacturers, which makes users feel even better.

Our audience is mostly concerned with the VPN functionality, so let’s talk about that. First, what are the basics of using VPNs on your travel routers?

First, you should choose OpenVPN or WireGuard protocol. We do not support older protocols like IPsec. Then, you should choose a compatible vpn service. The best way is to set up your own VPN server, but you can also choose some popular VPN services such as nord vpn and express vpn depending on your purpose.

Let me give you a common scenario. Someone goes to a coffee shop and they don’t want the coffee shop WiFi to know anything about them. So they set up a Slate router. This allows the person to connect all of their devices to the router instead of directly to the WiFi network. Just stopping right there: assuming no VPN. What kind of additional security and privacy does one have by funneling WiFi through the Slate router?

Public Wi-Fi generally analyzes who uses their Wi-Fi network, how long they’ve been using, and which website they were accessing. Your mac address is recorded, they may know that you are a new or repeated customer by your mac address, they may also know which shop you’ve been to. By using a travel router, your laptop and phones’ mac addresses are secured, and the router can also use a randomized mac address, so it protects your privacy.

You have the two options for VPNs: OpenVPN and Wireguard. What are the differences that users of your routers need to be aware of?

OpenVPN is traditional and widely supported. WireGuard is lightweight and faster, but it is not widely supported and some WireGuard service providers have bugs. OpenVPN uses pcp or ucp, it works on layer 2 and layer 3, but WireGuard only uses ucp and only works on layer 3. So it depends on your application scenario when choosing between OpenVPN and WireGuard.

What were “VPN policies” in previous routers? Why is that option no longer in the Slate AX firmware?

The VPN policies have been improved and still can be found in the VPN dashboard but in a different place. You have global proxy, proxy based, mac address or domain names, it’s a fully customized vpn setup.

You have most recently released the Slate AX (GL-AXT1800). What is this Slate doing differently from the previous versions?

The Slate AX is our first router for wifi 6 and it’s very powerful. For example, the OpenVPN and WireGuard speed is 10 times faster than previous versions.

How do we manage kill switches now?

You can find it in the VPN dashboard, global options and it is called block non-vpn traffic which is named as more suitable to the function.

What is IP Masquerading?

IP Masquerading is a special form of NAT in which the source mac address is unknown and the time the rule is added to the tables in the kernel. In some scenarios, especially site-to-site VPN setup, you can manipulate ip masquerading to achieve a unique setup, especially when you want to access resources on a site from a different site. But to access the internet, you should always have IP Masquerading on.

What does AdGuard do?

Adguard Home is a local version of AdGuard, which runs on your pc and raspberry pi before. We’ve worked with the AdGuard team to migrate AdGuard Home to the routers. It blocks unwanted ads or tracking for all the client devices connected to the router. So in the client devices you do not need any setup, it can filter a lot of ads and tracking for you.

For our advanced users, maybe talk about your other features: GoodCloud, Dynamic DNS, Network Storage. Just give us a basic sense of some of the more advanced features that people can use.

GoodCloud is for remote controlling routers for consumers or businesses.. Dynamic DNS, DDNS are developed for easy to use for our routers, it is free, and recently we’ve added IPv6 to our DDNS, and that worked for hobbyists who want to have a lightweight and private GoodCloud. This new function extends the router from a pure network device that connects you to the internet to an enriched network centric personal machine.

Regarding firmware/software updates. You now have many generations of routers. Will you continue to support previous devices with upgrades? How does your upgrade schedule look for past and current devices?

Yes, we support all of our routers with upgrades until we announce a product is end-of-life. We will still continue to support the device for two more years before we discontinue our support in the firmware.

We do not have an EOL announcement for the original Slate. We will do that only if we cannot purchase the chipset. In the past two years, because of the pandemic, the chipset supply has changed a lot, so the supply is the main reason for our EOL of a product.

Is privacy one of your interests? Was privacy an interest that started gl inet?

Actually privacy is complicated, I care about my own privacy but I’m also running a business, and I have to announce my name and a lot of information on the internet, so it’s complicated. But we do emphasis the privacy of our users, for example when we sell our routers, we do not need the router to register no our website, users do not need to register their mac address, we do not know who bought our routers unless they want to talk to us for customer service or technical support. Users also do not need to use a cloud or smartphone app to configure the router, so when we sell the router, users can just use it anonymously.

Is the recording of Mac addresses for networking equipment? Is that kind of a standard thing in the networking industry?

Yes that’s true, especially for business buyers, they need to record mac addresses because if you use a cloud service, it needs an ID, in general companies use a mac address ID. Also, if users connect to some networks, they need your mac address for authenticating the connection, so mac address is important to record. But for smartphones in the past two years, they all have private mac addresses, and right now, private mac addresses would work in most scenarios.

Share some of the technology that goes into these award-winning routers that you made? What makes these so special?

Okay, there are three things that I like to mention, the first is we use OpenWrt which is open source, this is the most important thing because most vendors do not want to open source, we have done our best to release source codes including OpenWrt support, and by using open source, our users trust us.

Secondly, we use a user-friendly user interface, the users want easy configuration, the UI makes it easy to set up the router, and it works as expected by users. Now you can’t imagine setting up OpenVPN by manually inputting each parameter.

Thirdly, we prevent data leaks by using VPN and encrypted DNS, we have put a lot of effort into preventing data leaks in our router, this includes setting up VPN, routing policies, firewall, and DNS. It is quite difficult for users to do all of these manually.

Here’s how it works, at the beginning we targeted a small group of DIY users. The most important scenario for these users is protecting their privacy when traveling. This user group also grew bigger and bigger, and it quickly became a sizeable business.

Let’s say you are using a slate router and you just want to be as hidden as bulletproof as possible, you want to be totally private. What are these settings that you would use in order to be as completely anonymous and private as you could be?

Okay, after you do an initial setup on the router, you can use a randomized MAC address. Then setup a VPN, you can choose your own VPN server or use a commercial one like nordVPN that everybody uses. You can then set up encrypted DNS, there are a lot of choices on the router for you to choose. After all that, you can do some basic checks on data leaks and DNS leaks, and you’re all set up.

About GL.iNet

GL.iNet builds network hardware and software solutions that bring affordable and secure network connectivity to families and businesses all over the world. We work with a wide range of industries, solving everyday internet problems in offices, and providing complex networking solutions such as smart buildings and IoT Networks. At GL.iNet, We believe all successful businesses build upon a strong and secure foundation, which is why our highest priority is perfecting network security and reliability for our partners.