1965

—- Cross Post from the Spec Ops Technology Blog —-

Spec Ops Technology prides itself on taking difficult problems and providing practical engineering solutions. Quite often this real world experience is born of a real world problem we personally faced. There is a passion we look for in our engineers that breeds a team that, by nature, develops creative fixes.

As the United and Lufthansa ticket counters can attest, I spend a lot of time on the road. In today’s connected world I depend on a secure and platform agnostic internet connection. There a few major hurdles that make this difficult:

  1. Wifi is platform agnostic in most business friendly locations, but is limiting in how access is permitted. For example many of us travel with a cadre of smart phones, tablets, and laptops and these hotspots will lock access to one device.
  2. In cases where the network is setup to share a single WAN connection users are stuck sharing a common switched environment. Do you trust the person next to you with your username and password? On a flat network, you do.

We have had great experience with Piglet, Astra, and Linux porting has so I began to scour the OpenWRT pages for a compatible router that would allow me to build a custom image for my uses. The requirements were simple:

  • Multiple network modes:

  • Standard router for sharing ethernet WAN connections to multiple clients via Wifi
  • Share a USB 3G connection like those found from prepaid GSM vendors around the globe and then share the connection to multiple clients via Wifi
  • Take an already established Wifi network and rebroadcast to a private Wifi connection. In the industry this is sometimes called WISP

  • End-point VPN terminations via SSH, OpenVPN, PPTP, and IPSEC. With multiple VPN technologies accessible, it is possible to bypass restrictive firewalls and setups. While PPTP and IPSEC are often blocked, OpenVPN running on TCP 443 or SSH are rarely captured
  • Transparent TOR proxies to all clients
  • Extending wireless networks for expanding coverage to fringe clients
  • Powered by a standard USB port

There are a few challenges with Travel Routers on the market that made the above requirements difficult to meet. The routers in OEM configuration very rarely support any type of VPN endpoint configuration, let alone something like TOR for bypassing and “anonymizing” prying eyes. If they do support an open porting environment they often do so with severely limited memory and CPU.

Enter the T-Link MR3020

MR3020

The MR3020 is a neat little router on its own merits before we tear it apart and replace the internals, but the real power comes from the USB port and its standard AR9331 chipset. OpenWRT provides documented support in the trunk release (the daily code releases not necessarily for common users) and is getting more stable each passing day.

After installing a mini-USB storage connection and moving the package installation to it, I was able to meet all the above requirements. While traveling I now enjoy:

  • USB port power allows me to use the device anytime I have my laptop without needing to hunt for wall plugs.
  • The ability to rebroadcast wifi points allows me to hide my own WPA2 encrypted network (as opposed to sharing a flat network (and thereby the security issues associated).
  • With VPN endpoint support I can initiate a single VPN connection from the travel router to secure access points around the globe and then share that single connection to my phones, tablets, and laptops.
  • Transparent TOR access allows for anonymizing access when needed.
  • Netflix and Hulu access from abroad for those times jet lag gets the best of me.
  • QOS and Layer 7 filtering make sure those very limited connections in hotel rooms provide adequate throughput for my needs. As an example when you are on a VOIP call and trying to pull large emails, who wins? I know with my setup.
  • Linux IPTABLES firewall provides for enterprise-grade security and protection from those WAN connections.
  • Storage sharing between devices; this is great for management of large multimedia files while traveling.

This all sounds great for a personal user, but what does this work provide Spec Ops customers?

  • With the flexibility of Linux and a small low-power router we are able to deploy flexible solutions.
  • The USB port and Linux kernel means that we can add Serial ports or 429 buses for integration of IP and military networks in places that would commonly require a large x86 computer.
  • USB video adapters mean providing data displays in a secure, read-only, and low-power setup.
  • We can leverage small 5 volt sensors (EOP, Data Link configurations, etc.) and not the larger systems so often installed.
  • Without the need for a full Cisco or Juniper router, provide OSPF and complex routing to vehicles and airborne platforms.
  • Secure and anonymous access to the headquarters from any location that has Internet access.

In the end it is all about Spec Ops Technology’s ability to take real-world experience and convert it into usable products and services. All too often, in this community, the standard off the shelf components are not a good fit. Having a team with the know how and background to create small niche products gives our customers an edge in whatever mission they are tackling.

Updated: