Unifi Travel Router
Key topics
The Unifi Travel Router has sparked a lively debate about the best travel companions for staying connected on the go. Many commenters swear by the GL-AXT1800, praising its reliability and flexibility, with some even using it for work or to keep all their devices connected. A key takeaway is that extensibility is a major draw for tech-savvy travelers, although others argue that simplicity is just as valuable, with some opting for phone hotspots or SIM cards instead. As discussions around travel WiFi needs heat up, it becomes clear that different priorities - from convenience to device compatibility - drive the choice of travel router.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
36m
Peak period
96
0-12h
Avg / period
22.9
Based on 160 loaded comments
Key moments
- 01Story posted
Dec 23, 2025 at 7:30 PM EST
10 days ago
Step 01 - 02First comment
Dec 23, 2025 at 8:06 PM EST
36m after posting
Step 02 - 03Peak activity
96 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 29, 2025 at 2:58 AM EST
4d ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
My wife and I traveled a bit this year and it was great having all our gadgets connecting to a single AP under our control. It’s easily paid for itself by avoiding ludicrous per-device daily charges.
I own two of their products, one of them I bought in 2019 and can still run what I need to on it.
Uptime is in years, it’s invisible and chugs along without visible power draw. All her devices connect to it, including her Cisco voip phone. It autossh to my ovh server with remote port forward for remote admin. Cost me 15€ in 2016.
> My wife’s work WiFi is handled by a gl.inet 150 (...) since at least 2019. All her devices connect to it (...) Cost me 15€ in 2016.
I think this answers GP's question as (yet another) solid reason why manufacturers "can't understand" prosumer needs - it's because targeting prosumers, or generally making products that "just works", is very bad for sales down the line.
Since her desk is far from the internet router, I added this little guy for her to have less cables and allow more connectivity.
Some companies aren't very big, and neither are their budgets. And of course, it might be said that there is no solution more permanent than a temporary one.
We've got a large-ish color laser printer (IIRC, an HP 4600) at one of our locations. It's not a big place; it has only had as many as 3 people working there regularly and has been normally staffed by exactly 1 person for the last several years.
When we moved into that building, a missing link was noticed: The printer did not feature wifi, and there was no way to get a clean ethernet drop to it without visible external conduit. The boss man didn't like the idea of conduit.
To get it working for now, I went over to Wal-Mart and bought whatever the current rev of Linksys WRT54G was. I put some iteration of Tomato on it so it could operate in station mode and graft the printer into the wifi network.
I plugged that blue Linksys box in back in 2007; it turned 18 years old this year.
It's pretty little slow by modern wifi standards, and the 2.4GHz band is much more congested than it used to be, but: It still works, and nobody seems motivated to spend money to implement a better solution... so it remains.
I’ve been getting SIM cards for over a decade, now even eSIMs are cheap enough for casual use.
I’m sure I could find a good all Europe card, but I need my number for work calls.
You don't need a "travel router" for this. My phone is permanently connected to my server via Wireguard (so that I can access my files from anywhere). Adding another device just requires adding a peer in the server's config file and can be accomplished very quickly. It's not clear what problem the travel router solves, unless perhaps you travel with dozens of devices.
> no million suspicious login detected from all your social accounts,
I can personally do without those.
Do you need a client to be running on each device?
Even regardless "I just need to edit a config file real quick" is... Way more work than I want to do. Works for someone on hn but I'm imagining trying to show my dad how to do that.
That's the benefit of a travel router.
But I value my time enough that I don't want the hassle of that for the various devices my family uses when I can just preconfigure and plug in a tiny device and not have them depend on me being in the same location all the time.
Some hotel rooms (particularly older business hotels) will have an ethernet port for the guest. These work maybe 50% of the time these days. Sometimes you can find a Ruckus AP in your room at outlet level, and these usually have several ethernet ports on the bottom. These also have a working port around 30% of the time.
So, TL;DR: various ethernet ports in hotel rooms work less than half the time these days.
At that point you're in the 0.1% that the hotel does not really need to worry about. The other >99% will still need to pay for wifi.
TP-Link AC750
https://a.co/d/esxrRA4
When you are some place with a captive network and want to use devices that don’t have a browser. You connect the router to the WiFi network that has internet access and you connect the other WiFi network to a device with a browser like your phone. Every device looks like one device to the captive network and you can use them all.
Second use case, I now live in a place with a shared internet access that is shared between all of the units. Anyone can broadcast to and control our Roku device and there is no way to block it from the Roku.
We create a private network with the router
I'd be happy to be proven wrong on this however.
It's called Dual-Band Simultaneous or "STA+AP" (Station + Access Point) concurrency that can bridge an existing wifi connection to an access point to other devices via a hotspot.
If you don't have a wired connection then this wouldn't be any better, except for any connectivity features it might offer (probably some vpn capability).
I have a gl-inet device and it does pretty much all I need whenever I travel.
That’s the real win of a travel router, IMO.
It's incredibly useful, with the added bonus that you don't need to install tailscale client in any of your travel devices (phone, tablet, work computer, etc).
It's cool to have your own network in a hotel. But it'd be nice to be able to do that on the road, away from public wifi, internationally, whenever - which hotspots do. But at the same time, it'd be nice to be able to do the WiFi thing too to cut back on data usage. I frequently blow through my hotspot data.
I'd rather this be in one device instead of two. Beggars can't be choosers, though, I suppose?
I like it enough that I might buy a second, more compact unit for when space is more a premium, but I’ve been really happy with this one.
But now that I have it, the device is handy for family travel as well. Put an unlimited data eSIM in the device and everyone has “unlimited” data n the road and when we arrive at a hotel or AirBnB, one person signs it on to wifi and everyone is connected, including tailscale connections to home.
If I was doing personal and work travel only, I’d look for a smaller unit, but still with a decent battery.
Can anybody explain what Tailscale is, does, or why everybody seems to have it?
Looking at their website, it’s just a huge wall of business jargon. Really! Read it. It’s nothing but a list of enterprise terminology. There’s a “how it works “ page full of more (different) jargon, acronyms and buzzwords, but no simple explanation of why everybody on this thread seems to be paying money for this thing?
Any help? Should I just pay them my $6/month and hope I figure it out at some point?
Install it on all the machines you want. When you are running it on the machine, it is networked to the other machines that are running it. Now make an 'exit node' on one of those machines by selecting it in the UI, and all your gear can access the internet via that exit node. Your phone can run it. Your apple tv can run it. You can have multiple exit nodes. So you can have a worldwide network and not once did you have to open ports in firewalls etc.
I think I understand what it does now. So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
If you go to https://tailscale.com/pricing?plan=personal
The first plan on the left called 'Personal' is free.
It uses a central orchestrator which is what requires you to sign up. If you prefer to self host your orchestrator you can look into Headscale, an alternative that seeks to be compatible with the clients.
> So, basically you leave a computer running at home, and this thing lets you pretend to be running your internet stuff through it while you’re on the road?
That's one thing you can do with it, yes. You can also run custom DNS entries across it, ACLs, it is very flexible.
A less hostile website design would have (again) saved me a question.
Sorry, but try a little harder. Tailscale isn't hostile, but it seems you are -- you claim to think you need it, but don't know what it does and can't put in the effort to determine and foist those inabilities on Tailscale?
I've been using Tailscale for many years now and they have a terrific product.
It's especially handy if you want a secondary way in, in case you have problems connecting using wireguard, since it supports using a relay if you're stuck in a hotel with a heavily restricted connection.
If you run DNS at home, you can even configure it to use your home DNS and route to your home subnet(s).
The two problems I have with zerotier are:
1) It's supposed to let a mobile device like an Android tablet route its traffic through zerotier (functioning as a VPN to my home site, in this case). However, I've never got that to work. It's running, but doesn't affect anything network-wise for the other applications (unlike running e.g. openvpn on it)
2) On a couple of computers with specific routing set up to various destinations, when Zerotier runs it simply blocks all of that and there's no way for me to continue accessing anything else than the Zerotier network. No fiddling with routing tables etc. changes any of that. On other computers, also some running OpenVPN, Zerotier does not interfere. I've never figured out what causes this.
So, in short, I'm pondering if I should ditch Zerotier and try Tailscale instead. If it does the same - I simply want a way to connect my devices, but I also don't want to lose total control over routing. For mobile devices I would want full VPN, for computers I don't.
Thanks for any input on this.
Tailscale and ZT are not the same. ZT can do certain things that TS can't. One example is acting as a layer 2 bridge. Or a layer 3 bridge. TS can do neither. It can achieve mostly similar results though.
ZT can be a pain to setup. TS is a breeze. ZT's raw performance is quite poor. TS's is usually very good.
If I understood you correctly, you want both a way to access your home LAN when you're out - this is easy. Set up a node with NICs on the LAN subnets you want access to (I run it on my router), and configure the TS node to announce routes to those subnets. Install the TS client on your laptop and mobile and accept those routes. Job done.
If you also want to mask your egress - i.e. reach the Internet via your home network as if you were there - then you need a node (can be the same as above) configured to act as an Exit Node. When you want one of your devices to use this, just select the appropriate exit node. Job done.
My last gripe is more niche, but I found Zerotier's single threaded performance to be abysmal, making it basically unusable for small single core VMs. My searching at the time suggested this was a known bug, but not one that was fixed before I switched to Tailscale. Not impossible to work around, but also the kind of issue that didn't endear the product to me or inspire confidence.
Encrypted overlay network based on wireguard tunnels, with network ACLs based around identity, and with lots of nice quality-of-life features, like DNS that just works and a bunch of other stuff.
(Other stuff = internet egress from your tailscale network ('tailnet') through any chosen node, or feeding inbound traffic from a public IP to a chosen node, SSH tied into the network authentication.
There is also https://github.com/juanfont/headscale - which is a open source implementation of some of tailscale's server side stuff, compatible with the normal tailscale clients.
(And there are clients for a very wide range of stuff).
It is simply a managed service that lets you hook devices up to an overlay network, in which they can communicate easily with each other just as though they were on a LAN even if they are far apart.
For example, if you have a server you'd like to be able to SSH into on your home network, but you don't want to expose it to the internet, you can add both it and your laptop to a Tailscale network and then your laptop can connect directly to it over the Tailscale network no different than if you were at home.
But notice how you just did a much better job of explaining what this thing does without using any jargon at all. The jargon helps if everyone already knows what you’re talking about. It hurts if anyone doesn’t.
That’s what I’m poking fun at. There’s a trait in lots of engineers I’ve worked with over the years to be almost afraid to talk about tech stuff in layman terms. Like they’re worried that someone will think less of them because they used words instead of an acronym. Like they won’t get credit for knowing what a zero trust network is if they describe the concept in a way that regular people might understand.
One of those guys was certainly in charge of this company’s website copy.
I've been trying to get a definition of zero trust at $client from the security people who are pushing tools onto our platform, so we can have an honest conversation around threats and risks, and finding the best balance of tools, techniques and processes to achieve their desired outcomes.
Unfortunately, it seems like everybody just want "zero trust" because a vendor sold them on that idea and they gave money to the vendor, so now there's the need to justify that expense and "extract value" from the tool - even if it may in fact be worse than the controls that are already in place.
There was plenty of jargon and acronyms like LAN and SSH. You're just used to those ones.
Since this is HN, it’s almost expected the participants here would either know the terms, or at the very least be able to find out what they mean on their own and realize it’s not made up jargon but rather common industry terms.
Tailscale is not trying to sell to the average buyer, it’s trying to sell to a specific audience.
If you want to self-host, use NetBird instead.
In my mind Tailscale was primarily to expose local services but answers here sound a bit as if people used it as a VpN replacement.
If I do not want to expose local services but only protect me and hide from untrusted WiFi, would I better use a traditional VPN or Tailscale?
My thinking is that Tailscale could be the better VPN because they have a clean business model while pure VPN companies are all shady.
VPN companies aren't really in the business of selling VPNs. They sell proxies, especially proxies that let you appear to come from some country, and you typically connect to the proxy using the VPN functionality (particularly if you're using a consumer device instead of a laptop), but often you can use SOCKS5 instead.
Tailscale isn't in the business of selling proxies.
I run a tailscale exit node on an anonymous vps provider to give me a similar experience to a consumer vpn.
You might be thinking of tailscale funnel:
https://tailscale.com/kb/1223/funnel
Which is nice, but still a beta feature. Tailscale itself is indeed a mesh VPN.
Install the tailscale client on each of your devices.
Each device will get an IP address from Tailscale. Think about that like a new LAN address.
When you're away from home, you can access your home devices using the Tailscale IP addresses.
So much for resilience.
What am I missing?
I checked, and Tailscale only allows a single Owner [1], so it would still be pretty disastrous if the Owner account was suspended by the single sign-on organisation.
[1] https://tailscale.com/kb/1138/user-roles#owner
So almost like SSO being the paywall for some enterprise apps.
Wireguard is not that hard to set up manually. If you've added SSH keys to your Github account, it's pretty much the same thing. Find a youtube video or something, and you're good. You might not even need to install a wireguard server yourself, as some routers have that built in (like my Ubiquity EdgeRouter)
Tailscale does use Wireguard, but it establishes connections between each of your devices, in many cases these will be direct connections even if the devices in question are behind NAT or firewalls. Not every use-case benefits from this over a more traditional hub and spoke VPN model, but for those that do, it would be much more complicated to roll your own version of this. The built-in access controls are also something you could roll your own version of on top of Wireguard, but certainly not as easily as Tailscale makes it.
There's also a third major "feature" that is really just an amalgamation of everything Tailscale builds in and how it's intended to be used, which is that your network works and looks the same even as devices move around if you fully set up your environment to be Tailscale based. Again not everyone needs this, but it can be useful for those that do, and it's not something you get from vanilla Wireguard without additional effort.
I like to think of it as a software defined LAN.
Wireguard is just the transport protocol but all the device management and clever firewall/NAT traversal stuff is the real special sauce.
That’s such an elegant way of putting it that they should use it in their marketing.
Private file transfer and SSH, without fiddling with network stuff. I can, on my iPhone, select files or photos, then use the built in interface to hit “send to <name of my PC that also has Tailscale>”.
Then on that PC, I can ‘cd ~’ , ‘mkdir tmp’, ‘sudo tailscale file get .’ and those files/photos show up there. I like this more than eg Dropbox (they store my data, this is more private) or eg LocalSend, KDE Connect, etc (those require being on the same LAN, so if my desktop is on Ethernet and my phone on WiFi, these don’t work without extra configuration)
Or, while I’m traveling, I open Termius on my phone, and ssh directly into my home PC - no need to forward ports, worry about CGNAT, rent a VPS (I’m on Tailscale free plan), etc
Tailscale is "just" managed Wireguard, with some very smart network people doing everything they can to make it go point-to-point even with bad NATs, and offering a free fallback trustless relay layer (called DERP) that will act as a transit provider of last resort.
It also doesn't constantly try and ram any paid offerings down your throat.
I was originally put off by how much Tailscale is evangelised here, but after trying it, I can see why it's so popular.
It also handles looking up the IP address of your "nodes" through their servers, so you don't need to host a domain/dns to find the WAN IP of your home network when you're external to it (this is assuming you don't pay for a fixed IP).
Most people put an instance of it on a home server or NAS, and then they can use the very well designed and easy to use iOS/mac/etc client to access their home network when away.
You can route all traffic through it, so basically your device operates as if you're on your home network.
You can accomplish all of this stuff (setting up a VPN to your home network, DNS lookup to your home network) without Tailscale, but it makes it so much easier.
It can do way more than just being a VPN-to-home, but that's how most users use the free part.
If this is on Tailscale, you can just ask people to install tailscale client and login using one of the IdP, then ask them to accept the node you shared to them, and they can immediately access the server.
The alternative would be 1) sending VPN configs over and maybe also configure their VPN client for them, or 2) expose the service on the Internet protected by some OAuth proxy which really only works for web apps. Neither is easy/trivial.
Tailscale allows devices that can access the Internet (no matter how they access the Internet) to see each other.
To do that, you create a tailscale network for yourself, then connect your devices to that network, then your devices can see each other. Other devices that are connecting to the Internet but not to our tailscale network won't see your devices.
AI might explain it better :-) Don't know why I wanted to explain it.
Nothing that a network guru or even a sufficiently motivated hacker couldn’t do on their own, except that the maintenance is practically zero for the personal user and it’s actually easy enough for a very nontechnical person to use (not necessarily to set up, but to use), perhaps with a bit of coaching over the phone. Want to use a different exit point for your traffic? It’s a dropdown list. Share a file? Requires one config step on the client for macOS, once, and then it’s just in the share menu. Windows, Android, iOS are ready to go without that. Share whole directories? Going to require some command-line setup once per shared directory, but not after that.
There are features that are much more enterprise-focused and not as useful for personal stuff, but everything above is in the free version.
I’m not in tech at all, professionally, and never have been. I’m savvy for an end user - I can install Linux or a BSD, I can set up a network, I can install a VPN myself to get back to my home network - but I would never, ever call myself anything more than an interested layman. I probably could figure most of this out on my own, if I had to. Thing is, I don’t have to. It’s more than just Wireguard in a pretty wrapper.
Try it. It won’t take long to figure out why so many people here like it, even if you may not want to use it.
Their personal free plan is more than enough.
I personally use Pangolin, which is similar https://github.com/fosrl/pangolin
[0] https://youtu.be/sPdvyR7bLqI?si=2kIpHtNuJ52jEdmm
Fo example, if you have a default route back to your home network on the router, any client will also connect through that tunnel back through your home.
264 more comments available on Hacker News