Slate AX | Not Hacker News!

Discussion (14 comments)

Showing 14 comments

dwood_dev

5d ago

1 reply

Strange to see this device here. I have one and use it extensively, but this isn't even the current generation.

It does work well as a travel router, and can pull north of 400Mbps over WireGuard.

Runs openwrt, but not upstream, so installing some packages can be a pain.

beerandt

5d ago

Yea couldn't install gps, then realized the package manager only had maybe 10% of what most gli.net routers have because of the 'special' chip in this one.

Still a great travel router, but had to buy a BerylAX for what I wanted to do with the usb gps.

reactordev

5d ago

2 replies

Cute but without sim capabilities. As a professional remote nomad, Starlink is king. The router is decent but not for hard wired things. You could put this in between and be double NAT’ed but why? If you need to transfer files on the go, AirDrop or hotspot on your device and connect from the other. I’m not exactly sure what niche this product is filling without supporting SIM cards for being a true travel router.

lsowen

5d ago

1 reply

I use a similar model to this extensively.

1. Hotels where you have to pay a "connection fee" you only have to pay once

2. I travel with a chromecast that can connect to my private network

3. I run wireguard, so all my traffic back is automatically encrypted

4. I can position this to get a better wifi signal, "boosting" the signal (via my private network) for all my devices

wolvoleo

5d ago

> 1. Hotels where you have to pay a "connection fee" you only have to pay once

Yeah especially when not travelling alone. Some places are really exploitative with this.

kotaKat

5d ago

Drop the Starlink into bridge mode, use the Gl.inet in front as your edge router, have WireGuard/Tailscale/etc connections back to more permanent infrastructure.

Even without a SIM card itself -- Android and iOS devices will tether over USB, so you can tether your own phone directly in and share the connection to other devices as well when you don't want to mess with Starlink.

oezi

5d ago

2 replies

How likely is it that this router manufacturer is putting in software and hardware backdoors?

TrueDuality

5d ago

1 reply

Pretty unlikely in my book. This runs OpenWRT out of the box. Given, there are still closed source binary blobs in these things, especially around WiFi 6 and frequently the customizations for the kernel isn't released, but those tend to be more expensive locations to place backdoors especially when the system is very open to inspection. These kind of devices are VERY frequently torn down by security researchers and used in WiFi shoot-outs leading to much higher potential increased detection of anything present.

A lot of this these "backdoor" style hypothesis' still need a motive justification for the cost. Who would they be targeting? What is the potential value of the backdoor?

Given the visibility and complex locations required for the firmware, this would be an expensive backdoor to put in place for any amount of time. The attack is completely untargeted, at best you may be able to say tech enthusiasts that travel. You probably can't count on executive targeting, this device requires a separate battery pack as well as per-site configuration as opposed to pairing to their iPhone and not carrying all that extra stuff.

What are the chances of an expensive, high-visibility backdoor showing up in a dirt cheap product line for a high-risk untargeted attack? Pretty low in my book but your threat model may vary.

daneel_w

5d ago

Wow. It's as if you're completely unaware of how lucrative the market for malware in affordable IoT devices is.

It doesn't have to be targeted. The general demographic is a fantastic subject, and cheap affordable devices are a fantastic method. If one such trojan network device happen to end up in the home of an employee in a valuable position, or better yet in some office, an attacker has a chance to pivot further into a network.

daneel_w

5d ago

Valid question, and in my opinion a valid concern with Chinese telecom and networking equipment marketed to Western customers. Replacing the vendor firmware with vanilla OpenWRT, when possible, will reduce a lot of risk. That said, I can't recall reading anything yet about GL.iNet being caught with "forgetting" a "debug feature" in any of their devices.

evanjrowley

5d ago

I've been using 2 of these as APs for a few years.

They've worked well, except for one time when it seems as though they magically turned on IPv6: https://forum.gl-inet.com/t/incident-involving-ipv6-and-glin...

I wish I had dug deeper on that incident to determine how the configuration changed on those devices.

TD-Linux

5d ago

If you want OpenWRT you don't want this, you want one of the Mediatek based routers (GL-MT*).

mrbluecoat

5d ago

> OpenVPN speed up to 560 Mbps (with DCO support); WireGuard speed up to 550 Mbps

Is the CPU missing AES headers? (curious why OpenVPN is faster)

johnnymonster

5d ago

How did this make FP???

Resources