GL.iNet Mango (GL-MT300N-V2) Travel Router Review
I just recently got my first GL.iNet travel router, the GL-A1300 Slate Plus. It’s a wonderful device and I blogged about it here. On a whim I purchased its little brother the GL.iNet Mango (GL-MT300N-V2), $30.
On their page they refer to it as the N300, with the 300 standing for the max wifi speed of the router of 300 Mbps.
In this day and age of Wifi 6 you might be wondering why anyone would get something that ran at 300 Mbps.
The answer to that is FORM FACTOR. It is a super tiny, and lightweight device that could easily slip into a pocket. The mission of this device is mostly to connect to free wifi hotspots and then automatically connect to an OpenVPN or WireGuard VPN connection. This makes that very unsecured wifi portal safe to use. A VPN is a Virtual Private Network that creates an encrypted tunnel between your devices and the VPN service. No one can see what you are doing. After I blogged about the other GL.iNet travel router a friend of mine sent me this:
“Staying at a hotel right now that touts each login has their own VPN, because “your privacy is important to us.”I open Spotify and it asks if I want to join a random persons listening group that is listening to music on their Xbox. Sure.“
Accessing The Mango
Accessing the Mango is as simple as connecting to the wifi network it broadcasts after you power it up. The admin interface can then be accessed via a browser by navigating to:
https://192.168.8.1
SSH
SSH secure shell is enabled however I couldn’t access it. Digging deep in the GL.iNet docs I see this is a Mac and Linux issue. There shouldn’t be any issue using Putty client on Windows. GL.iNet docs say to create a config file and add the following content on your Mac or Linux box:
cd ~/.ssh nano config
Paste the following into the file:
host 192.168.8.1 HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
Now hit CTL +X key and Y to save the file. You should now be able to ssh into the device. Seems like this shouldn’t be something the end user needs to do however, it is a fairly simple fix.
I don’t think most casual users will ever SSH into the router but when all else fails the command line can save the day.
Security In A Small Package
The GL.iNet Mango is based on OpenWRT which is a Linux OS designed for embedded devices. Translation: It is the router firmware and operating system. OpenWRT is Open Source and has long been known to be a secure platform.
If you go to Walmart and buy a router off the shelf the box will tell you it is FAST, by golly. But it won’t make giant claims about security. Their goal is for you to take it out of the box and get online easily. That way you won’t call their tech support people on the phone and cost them additional money. Most commercial wifi routers have ABYSMAL SECURITY.
The downside to OpenWRT is that it is a bit daunting to configure, especially if you are not a network admin guru. GL.iNet fixes all that by laying a slick user interface over OpenWRT that is intuitive, easy to use, and quite powerful.
GL.iNet Mango Key Security Components
First and foremost is the ability to connect to VPN. You will of course need to have a VPN service to connect to. In the example below I am using ProtonVPN which is a component of their paid email services that I use.
With ProtonVPN, as with most VPN services there is tool for configuring either an OpenVPN or WireGuard client connection.
In the example above you can see I have a green light connection to ProtonVPN WireGuard.
Configuring WireGuard is as simple as cutting and pasting the content from your VPN provider into the GL.iNet interface.
Let’s look at some additional security tricks, shall we?
Encrypted DNS
When you type something like www.google.com into a browser the Domain Name Service (DNS) acts like a phone book and matches the text entry of the website to an IP Address. DNS queries are plain text and unencrypted. Anyone in the chain can see what your searches are. Unless of course you encrypt them. And encrypting DNS is as easy as flipping a switch in the admin interface.
I’ve decided to use Cloudflare DNS over TLS which is probably the fastest encrypted DNS resolver there is. Are we beginning to see how powerful this little router is?
What About That Speed?
I spent a full 24 hours connected to the Mango. While it may not render a busy webpage like Facebook or YouTube as fast as your high speed cable, especially when connected to VPN……..nothing choked. I watched several YouTube videos, streamed from Sling TV, listened to Spotify, and on and on and on.
While this might not be optimum for fragging bad guys in Call of Duty it is way more than fast enough for conducting business and entertaining yourself while in the hotel room.
I am not, and have never been a numbers guy. I see lots of reviews where people will tell you down to the millisecond how fast connections are. Me…….I am all about “Did it work all day long?”. Initial numbers are useless if it chokes a couple of hours in, or crashes occasionally.
I’ve had a solid experience and am using that connection to write this blog as we speak.
Caveats
We already discussed the speed which in my mind is fine for almost everything you can do on a computer.
Because of the size and the cost the onboard Flash RAM is 16 MB. While that is enough, here’s an example of how tight it is. OpenWRT, by itself, has an admin GUI called “Luci”. Under Advanced Settings you can get to Luci on these GL.iNet devices but it isn’t installed by default on the Mango.
It says I only have 19% space left which is 2MB. Luci will fit but then there isn’t much room for anything else.
If you are a super power user and need to hack around under the hood and like to install additional OpenWRT packages then you might just want to buy another GL.iNet device. My GL-A1300 Slate Plus has lots more CPU power and lots more Flash ROM.
Another caveat is that this travel router doesn’t have AdGuard, or ZeroTier, or Tailscale support built in because of the small Flash ROM size. Again, if you are a power user and want all the bells and whistles, then you need to level up, bro. (I’ve always wanted to say that).
Finally, if all you want to do is take an unsafe hotel wifi captive portal and make it safe, then you have found your device. The Mango with a VPN connection and Encrypted DNS is all you need to make that free wifi hotspot safe for use.
File Sharing
Mango has a USB 2.0 port which allows you to hook up an external drive. By default File Sharing is not enabled, and doing so knocks you down to 13% space left in your Flash ROM. That Flash ROM sure is tight. This enables Samba File sharing. You can also enable LAN access which is great for sharing files between any computer hooked to the Mango.
There is also a MultiMedia File Sharing option and installing it drags you down to 5% space left on the device. A DLNA server lets you share photos, music, and videos which can be detected by Windows and found under Media Devices. I don’t recommend installing it and it can be uninstalled under Plug Ins. The name is mini-dlna. But that’s just me.
Conversely, if you need all of this stuff like DLNA servers and the Luci GUI then once again, you need to level up, bro.
Power Situation
The Mango only comes with a micro USB to USB A cable. No AC brick. The only detriment I see here is suppose you are in a hotel using a free wifi hotspot. There may or may not be a USB A outlet in the room. If there is a USB outlet it may not be safe. Look up “Juice Jacking” which is where a USB outlet connects to your phone or other device and starts copying data or sending Malware.
The cure for that is a device that cuts the two middle data wires off of a USB cable only leaving you with Vcc Power and Ground. I have no idea whether the included cable is only a power cable or a data cable. An AC adapter brick would be nice.
Wrap Up
Is your internet safety and data privacy worth $30 to you? Without getting too political everyone knows that our society is evolving towards a “social credit score”. If you aren’t a good little citizen you won’t get to play along. No one, and I mean no one has any business being able to see your web searches. Would you like your car insurance folks knowing you are shopping for an auto repair so they can raise your rates?
Would you like your work to know that you just got diagnosed with some disease? Do you want ANYONE AND EVERYONE knowing your stance on societal issues? How’d you like knowing that the guy a couple hotel rooms over is sifting through your shared files and your wife’s cheesecake photos?
For me, this device is good for hooking to a VPN and using encrypted DNS. Anything beyond that is really going to cut into the tiny onboard Flash ROM.
The potential SSH problem on Mac and Linux is a bit annoying but there is a fix.
$30 is a REAL SMALL PRICE to pay for some privacy and internet security. The GL.iNet Mango is way more than up to the task to provide you that piece of mind. I think every road warrior should have one of these travel devices in their laptop bag.
Hooking up to free wifi hotspots is DANGEROUS. Don’t live dangerously.
Pingback: GL.iNet Beryl AX Review - John's Tech Blog