Thank you @Gabriel Custodiet for interviewing Alfie Jianbin Zhao, Co-founder and Chief Technology Officer of GL.iNet on the Watchman Privacy Podcast.
In the past two years, the COVID-19 pandemic has forcefully induced an experimental remote workforce to reduce the risk of transmission. Two years later, work from home is no longer a necessity but has become a preferred working norm for some companies.
However, a remote working environment introduces network security risks to businesses because employees may be connected to unknown public Wi-Fi in a cafe or hotel environment. GL.iNet offers small and medium-sized enterprises a simple solution of assigning a VPN enabled travel router to remote workforces for maintaining an oversight on network traffic and conveniently protect their remote workforces’ digital assets and footprints online.
Looking forward, we will continue to pursue our mission to inspire smarter business and lifestyle solutions for customers and enterprises all over the world.
Listen to the full podcast by clicking Here.
Slate was our first Gigabit travel router. We thought about making a small and convenient gigabit router that would please the users and it worked. The OpenVPN can be set up easily. It is lightweight, small, does not overheat, and has two antennas. The three gigabits ethernet ports were beyond a lot of users’ expectations.
The original Slate was popular because our users prefer small and portable devices. However, users also demand more powerful devices, in which we need to find new chipsets and make a larger router so it can be cooled properly. Compared with the other AX routers in the AX router’s mass market, the Slate AX is relatively small.
We built our user interface based on top of OpenWrt which is readymade for routers. Users do not need to start from scratch to set up routers. Instead, they can focus on making their applications and that’s the reason why we use OpenWrt. Also, OpenWrt is an open source that is trusted by a lot of users, so users are comfortable about using the firmware. Some users just want vanilla OpenWrt on their routers, the firmware can be changed, and it‘s invisible from the manufacturers, which makes users feel even better.
First, you should choose OpenVPN or WireGuard protocol. We do not support older protocols like IPsec. Then, you should choose a compatible vpn service. The best way is to set up your own VPN server, but you can also choose some popular VPN services such as nord vpn and express vpn depending on your purpose.
Public Wi-Fi generally analyzes who uses their Wi-Fi network, how long they’ve been using, and which website they were accessing. Your mac address is recorded, they may know that you are a new or repeated customer by your mac address, they may also know which shop you’ve been to. By using a travel router, your laptop and phones’ mac addresses are secured, and the router can also use a randomized mac address, so it protects your privacy.
OpenVPN is traditional and widely supported. WireGuard is lightweight and faster, but it is not widely supported and some WireGuard service providers have bugs. OpenVPN uses pcp or ucp, it works on layer 2 and layer 3, but WireGuard only uses ucp and only works on layer 3. So it depends on your application scenario when choosing between OpenVPN and WireGuard.
The VPN policies have been improved and still can be found in the VPN dashboard but in a different place. You have global proxy, proxy based, mac address or domain names, it’s a fully customized vpn setup.
The Slate AX is our first router for wifi 6 and it’s very powerful. For example, the OpenVPN and WireGuard speed is 10 times faster than previous versions.
You can find it in the VPN dashboard, global options and it is called block non-vpn traffic which is named as more suitable to the function.
IP Masquerading is a special form of NAT in which the source mac address is unknown and the time the rule is added to the tables in the kernel. In some scenarios, especially site-to-site VPN setup, you can manipulate ip masquerading to achieve a unique setup, especially when you want to access resources on a site from a different site. But to access the internet, you should always have IP Masquerading on.
Adguard Home is a local version of AdGuard, which runs on your pc and raspberry pi before. We’ve worked with the AdGuard team to migrate AdGuard Home to the routers. It blocks unwanted ads or tracking for all the client devices connected to the router. So in the client devices you do not need any setup, it can filter a lot of ads and tracking for you.
GoodCloud is for remote controlling routers for consumers or businesses.. Dynamic DNS, DDNS are developed for easy to use for our routers, it is free, and recently we’ve added IPv6 to our DDNS, and that worked for hobbyists who want to have a lightweight and private GoodCloud. This new function extends the router from a pure network device that connects you to the internet to an enriched network centric personal machine.
Yes, we support all of our routers with upgrades until we announce a product is end-of-life. We will still continue to support the device for two more years before we discontinue our support in the firmware.
We do not have an EOL announcement for the original Slate. We will do that only if we cannot purchase the chipset. In the past two years, because of the pandemic, the chipset supply has changed a lot, so the supply is the main reason for our EOL of a product.
Actually privacy is complicated, I care about my own privacy but I’m also running a business, and I have to announce my name and a lot of information on the internet, so it’s complicated. But we do emphasis the privacy of our users, for example when we sell our routers, we do not need the router to register no our website, users do not need to register their mac address, we do not know who bought our routers unless they want to talk to us for customer service or technical support. Users also do not need to use a cloud or smartphone app to configure the router, so when we sell the router, users can just use it anonymously.
Yes that’s true, especially for business buyers, they need to record mac addresses because if you use a cloud service, it needs an ID, in general companies use a mac address ID. Also, if users connect to some networks, they need your mac address for authenticating the connection, so mac address is important to record. But for smartphones in the past two years, they all have private mac addresses, and right now, private mac addresses would work in most scenarios.
Okay, there are three things that I like to mention, the first is we use OpenWrt which is open source, this is the most important thing because most vendors do not want to open source, we have done our best to release source codes including OpenWrt support, and by using open source, our users trust us.
Thirdly, we prevent data leaks by using VPN and encrypted DNS, we have put a lot of effort into preventing data leaks in our router, this includes setting up VPN, routing policies, firewall, and DNS. It is quite difficult for users to do all of these manually.
Here’s how it works, at the beginning we targeted a small group of DIY users. The most important scenario for these users is protecting their privacy when traveling. This user group also grew bigger and bigger, and it quickly became a sizeable business.
Okay, after you do an initial setup on the router, you can use a randomized MAC address. Then setup a VPN, you can choose your own VPN server or use a commercial one like nordVPN that everybody uses. You can then set up encrypted DNS, there are a lot of choices on the router for you to choose. After all that, you can do some basic checks on data leaks and DNS leaks, and you’re all set up.
{"one"=>"Select 2 or 3 items to compare", "other"=>"{{ count }} of 3 items selected"}
