Staying Connected On The Go

Since first adding a Palm V modem to my tech arsenal about 15 years ago to access Mindspring dial-up email on business travel, I’ve remained Internet-connected when mobile (and have even used “mobile” connectivity to power the home). The last few years, I’ve done my best to stay off public WiFi — the level of exposure and ease of interception exceeds my comfort levels. I wouldn’t say I’m paranoid and it’s not like I dabble in state secrets, but I’d rather not make my personal data any more accessible than it probably is. (Remember that time someone tweeted as me via Southwest Air WiFi?) Not to mention, those wireless networks (free or otherwise) often don’t perform so well – either by (poor or upsell) design or due to saturation.

With that in mind, I’ve been a huge fan of mobile phone tethering — which was fully ensconced within my workflow by 2006, when I kept my laptop online via a USB-connected 3G Sprint PPC-6700 while riding Amtrak to a NYC eventMore recently, one motivating factor to move from Verizon Wireless to T-Mobile about a year ago was a more generous hotspot package. I believe I had 1GB of data available on Verizon… which isn’t a whole lot. But beyond that small data bucket, what really pained me at the end was accidentally downloading a Mac OS update while tethered and being hit with a substantial overage charge. My original T-Mobile plan included a far more generous 3GB of 4G data… which seemingly wasn’t capped those first few months. Given remote desktop software I use for work, my data consumption has gone way up. And T-Mobile’s newly imposed hotpost hard cap presented a challenge.

cloak-mac

Enter Cloak, an Apple-centric VPN service. For $3 a month, Cloak encrypts up to 5GB of my Mac OS X and/or iOS traffic over a VPN when I’m forced to use hotel or cafe’ WiFi – due to exceeding my allotment or poor T-Mobile coverage. Beyond securing a connection over public networks, one can also choose an overseas endpoint for additional content options. Even better, I just swapped an older T-Mobile “Unlimited” plan for a newer “Unlimited” plan, at no additional cost, that bumps my “limited” tethering quota from 3GB to 5GB… which, combined with Cloak, should be just enough to make it thru CES in January.

How do you make it thru the day?

25 thoughts on “Staying Connected On The Go”

  1. Yes, I know how to tether without alerting the carriers. But iOS is my daily driver 6 months a year and I prefer to not jailbreak. :)

  2. I use an SSH connection to my NAS while at work and on public wifi to tunnel my browser traffic through it. Slows things down a bit but still acceptable. Side benefit is that I have access to all of my files too.

    I am on the road a lot, so wifi is a must. I would need a 50GB plan or more to make it through without overages. Just streaming one NHL game is well over 2GB…

  3. Do you tunnel your browser traffic or all traffic? I had my Gmail address book lifted, possibly in August – still trying to understand vector of attack. Wonder if a rogue Android app grabbed it versus my laptop being vulnerable on public WiFi. Hm. (An old work buddy used the SSH-to-home approach – maybe he still does.)

    Cloak has an all-you-can eat WiFi package and there are many other VPN providers. But if you can safely segregate data it may not matter. Well, aside from the fact the most hotels I’ve been in the last couple years have slow speeds… These days I almost always travel with my wife, so the few months that I’ve run out of data while out of town I’ve been able to also tether to her phone – our buckets are separate.

  4. Dave, get rid of that new awful Verizon Gateway, get a router that you can flash DDWRT and use that as a VPN server. works great.

  5. I guess you missed my tweets yesterday – the new Verizon gateway is packed up for the moment, but I picked up the free Asus T-Mobile is giving out. I can’t use the Asus VPN with my configuration — old Verizon router handling DHCP, firewall, etc with WiFi turned off and Asus running as a dual band wireless access point.

    https://twitter.com/davezatz/status/545379137331134465

    With really no effort and no money, I’ve increased my coverage and speeds. But, yeah, no VPN like this. I could almost port forward from VZ -> ASUS for VPN if I wanted, but double NATing by flipping from AP to Router could create other problems down the road. I could also completely take the Verizon router out of the mix and have them flip me from MoCA to Ethernet, but I worry about reliability in streaming my TiVo content around the house as the XL4 is next to the coax outlet but not collocated with Ethernet to bridge – I’d have to get a wireless or Powerline accessory. It can be done, but I’m not sure that I want to go down that path. $3/mo is pretty painless and no risk to TV viewing (plus the occasional BBC iPlayer perk). :)

  6. If the Palm V modem worked, don’t understand why you didn’t stick with it.

    —–

    “I could also completely take the Verizon router out of the mix and have them flip me from MoCA to Ethernet, but I worry about reliability in streaming my TiVo content around the house as the XL4 is next to the coax outlet but not collocated with Ethernet to bridge – I’d have to get a wireless or Powerline accessory.”

    As always, think you’re making this much too complex.

    Start with taking the atrocious Verizon router out of the mix and having them enable ethernet on your ONT.

    Then you buy a cheap, dumb MoCA bridge to connect to a cheap DD-WRT router, and voila. You have a competent router, and everything else works just as it does now. It’s simple, it solves all your problems, and it’s future-proof.

  7. Cheap, dumb MoCA bridge at router suggests collocated Ethernet and coax – that’s not the case anywhere other than the homerun in the basement storage room, which may not be the best location for wireless. If I go down the path, I think a pair of Powerline adapters or a wireless bridge/extender would be the right solution to feed the TiVo. I need to take a look at my outside and inside FiOS boxes to see if I’m already wired to flip from Coax to Ethernet – unlike my prior home, I have one box outside and one inside. Wonder if I’ll need to open one or more and if I’ll need to track down a special tool as I did with a Cox cable box I once had to open.

  8. “Cheap, dumb MoCA bridge at router suggests collocated Ethernet and coax – that’s not the case anywhere other than the homerun in the basement storage room, which may not be the best location for wireless.”

    Why not do it there? You seem to be sloooowly discovering that a router is not necessarily meant to double as a your WiFi access point, since standalone AP’s are dirt cheap, and can be put in multiple places.

    Make your router a router. Put dirt cheap AP’s wherever needed. Give yourself future flexibility. Simplify the hell out of your current Rube Goldberg LAN architecture schematic.

    Plus, the basement storage room sounds like a perfect place for your to-be-purchased headless Mac Mini household server.

    As far as Powerline goes, given that you’re already fully wired for Coax. why add complications?

    ——

    Alternatively, have you considered 3-D printing a new house, with ethernet drops built in?

  9. I have two Netgear extenders/APs that I gave up troubleshooting… who knows why ithey couldn’t reliably communicate. There is some newer firmware since last attempt, but I haven’t gotten it installed yet. Anyway, I tweaked my knee Wednesday night so I won’t be visiting the basement for awhile. I may have even lost my ability to flake out on CES due to injury. We’ll see how fast I can heal. Can I suspend my Fitbit account? ;)

  10. “I have two Netgear extenders/APs that I gave up troubleshooting… who knows why ithey couldn’t reliably communicate.”

    Bizarre. I bought a bunch of Netgear AP’s years ago, which I set up in minutes, and have given me zero problems from setup to today. You did at least try using the same SSID name, right?

    —–

    “Anyway, I tweaked my knee Wednesday night so I won’t be visiting the basement for awhile.”

    No problem. Just 3-D print yourself a new knee. It’s a brave new world out there. Get with the times!

  11. “At least I won’t have to worry about moving TiVo recordings to my Android tablet any time soon.”

    And now I finally understand your inexplicable inability to get that to work. You were trying to physically walk the bits from your TiVo to your tablet…

  12. Dave,

    In a similar situation with Fios and have a Tivo. I have no ethernet wired in the house and three coax outlets. I configured as follows: Actiontec -> Asus RT-N66U -> Moca bridge. The two other coax outlets have Moca bridges (Tivo as bridge, ECB3500T, and NIM100).

    The Actiontec has all services turned off (especially Moca LAN to prevent a loop) and the Broadband Moca bridged with Lan Ethernet. This lets the Asus WAN pick up the external IP from the ONT. This now works as if I had used the ethernet jack at the ONT. The Asus does all my routing/wifi/VPN server/QOS/firewall etc… using Merlin’s lightly modified Asus firmware. Solid and zero issues so far. From the Asus LAN I connected the ECB3500T bridge to enable Moca LAN, which the Tivo and NIM100 use without issue.

    I used the following as guides: http://www.hanselman.com/blog/SimplifyingYourNetworkWithABridgeMakingAnFIOsActionTecMI424WRANetworkBridge.aspx

    http://jmikola.net/blog/fios-actiontec/

  13. And Chucky thinks my setup is too complex or redundant – you disabled Verizon MoCA to put a second MoCA network in play. ;) I may have a somewhere better coax & Ethernet jack setup, so I’d probably see about entirely removing the Actiontec before I neutered it like you have. In either scenario, tho, instead of setting up a new MoCA network off the Asus, I’d more likely do Powerline or stick a wireless bridge (that isn’t Netgear) on the TiVo (which will light up the MoCA for my two Minis).

  14. My SSH Tunnel is only for browsing, and only in Firefox at that. However in theory if an app supports proxies it could use the tunnel. It’s just a hassle to switch all the time. Foxy Proxy makes it one click. This all came about at my last job who forced me to be on a VPN to do anything (and didn’t allow split tunneling). PITA just to print something. With SSH you can just forward the localhost port to the printer. I was even able to use my slingbox over the LAN (worked from home) through the tunnel. Bonus that DNS and HTTP requests stay off the company network too.

    Honestly I am more worried about iOS insecurity than anything else. So many developers are lazy and use plain text for sensitive info and you can’t even tell. So I try to leave that on cellular all the time unless it is a trusted network.

  15. “And Chucky thinks my setup is too complex or redundant – you disabled Verizon MoCA to put a second MoCA network in play.”

    Nothing wrong with redundancy. Just want you to stop using the abominable Actiontec as a router, in favor of using a full-featured DD-WRT router that will make you much happier and much more capable in easily accomplishing various LAN tasks for years to come.

    Brent’s solution seems to nicely accomplish that, (tho without the DD-WRT piece), even though I still think my idea of collocating the router and MoCA bridge in your basement storage room where you have both Ethernet and Coax is more elegant.

    “In either scenario, tho, instead of setting up a new MoCA network off the Asus, I’d more likely do Powerline or stick a wireless bridge…”

    I genuinely assume you must have reasons for that approach, but I don’t understand ’em. If you’re already fully wired for Coax, and MoCA is already doing the trick, why mess with it? (And it wouldn’t be a new MoCA network, it would be your same old MoCA network, just achieved via different means…)

  16. Taking that piece out for a moment, I don’t like the idea of leaving the Actiontec in play with everything disabled … but sending power and data to it. I would rather flip the ONT, if I can get it done easily. Brent’s scenario is slightly different given no Ethernet drops, whereas I only have a single location that I could get a MoCA bridge in play. Moving this future bridge from router to TiVo allows me more flexible placement across the board. Plus, I possess four wireless bridges/extenders that I mess with (including those two Netgears – maybe they’ll play better after a firmware update and/or by removing the Actiontec, which Amazon reviewers have indicated could be a pain point).

  17. “maybe they’ll play better after a firmware update and/or by removing the Actiontec, which Amazon reviewers have indicated could be a pain point”

    The company’s lawyers would prefer you refer to it by its actual name: the Abominable Actiontec™.

    Seriously, I’ve been beating this dead horse for eons because, when I removed my Actiontec, all kinds of little headaches immediately went away, and all kinds of things that had seemed difficult or impossible immediately became easy…

    (Odds are about 50/50 that removing the Abominable Actiontec™ will immediately heal your knee.)

  18. I have Fios at home and have never used the Actiontec router. My current network consists of a PFSense router built on a small $130 barebones PC. It is way more powerful than the Actiontec and even most mid-range enterprise routers as it has a decent Intel Atom chip, 8gb of ram, and a 60gb ssd.

    I also use it as a VPN server to access my home network and as a way to protect myself when on public wifi as I just connect to it and go out my home Fios connection.

    For wifi I have 2 Ubiquiti UAP’s for maximum coverage and redundancy should one go down or require a reboot or upgrade.

  19. There are plenty of good resources on replacing the Actiontec over at the dslreports.com FAQ pages. In your case without any actual FiOS STBs its easier to replace. There is no reason to ever use the Actiontec as the primary router anymore, and switching to the Ethernet port on the ONT sounds pretty easy and can be done via the Verizon Direct forum on DSLReports.

    I avoided having to switch mine by ordering the 150/150 service at install and then downgrading to 75/75. 150/150 guarantees that you get a GPON ONT and it also forces the initial install to be with ethernet instead of moca.

    Since I have the FiOS STBs I use the Actiontec behind my Meraki MX60 router to provide the MoCA connection for Guide data. Otherwise everything else that streams video is over ethernet unless its a wireless only device in which case its over my Meraki MR34 APs. Fixing your setup to remove the actiontec should be the first step, but second you should run ethernet to your Tivo, everything is always better if you have a true wired network run.

  20. Disclaimer: 1) I don’t know the performance drawbacks and equipment availability of MoCA. 2) Everyone’s finely detailed house layout and installed infrastructure is radically different.

    That said, two points to raise:

    “I don’t like the idea of leaving the Actiontec in play with everything disabled … but sending power and data to it.”

    I’m not sure I see your problem here. Isn’t the Actiontec in this scenario just acting like a unmanaged MoCA -> Ethernet hub / switch? If so, seems a nifty repurposing of existing equipment, even though I still think totally eliminating the Actiontec in favor of my basement storage room solution is a far more elegant solution.

    “Plus, I possess four wireless bridges/extenders, [and you are considering Powerline]”

    Still don’t understand the reluctance to utilize your existing MoCA infrastructure. (And I say this as someone who hates MoCA on general principles.)

    So, back to my original Ethernet router / dumb MoCA bridge in the basement storage room solution. Now, you have data flowing to multiple Coax outlets throughout your home. Assuming affordable unmanaged MoCA -> Ethernet hubs / switches exist, then you just place one or two or more of them where you choose. Voila! Ethernet where you want it, utilizing existing infrastructure. That should provide you with much faster and much more reliable performance than trying to do your entire home via an overly intricate WiFi bridge / extender scheme, no? You’ll still be able to use those WiFi AP’s, but they’ll get be getting their source signal via a robust wired connection, rather than recycled and weakened WiFi.

  21. Chucky sees my reasoning :) With only coax in the house I get to keep a network with wired reliability and speeds for my LAN segments. MoCA provides me ~120 Mbps between the endpoints that have gigabit ports. I’d wire the house with CAT6 but it’s not a reasonable retrofit with my house’s construction and the coax already exists.

    And yes, the Actiontec is turned into a simple physical layer bridge + unmanaged switch, a function at which it does fine. The ECB3500T (~$85) is a bridge + unmanaged switch but it doesn’t support MoCA WAN frequencies.

    I would have liked to simplify more by using the Actiontec to bridge the ASUS LAN with the MoCA LAN (it has the internal hardware for it), but the FAQs suggest those settings will not stay through a power cycle. I require my non-experimental systems to be non-technical spouse friendly, i.e. fixing it should only require a power cycle.

  22. I’d still rather just pull the Actiontec out if I do anything further – I do have three Ethernet drops which gives me more options than Brent. Chucky, the MoCA adapters run slightly more than Powerline not to mention those effectively free wireless bridges already in my possession. Having said that, I might be able to convert the Actiontec into a MoCA bridge and put it on the other side of the Asus or whatever else becomes the router.

    In regards to Anthony, where the TiVo is currently located, I can’t run Ethernet. HOWEVER, it now occurs to me that since the TiVo is generally *headless* in the finished basement space another option is stick the TiVo in the basement storage area *with* the router and connect both Ethernet and coax there. And if I ever get a Mac Mini, per Chucky’s multiyear plan for me, it could go there as well. But my 42″ bedroom plasma is tentatively scheduled to move into the basement on Friday… and might benefit from a TiVo. Hm.

    Feeling less good about this Asus vulnerability, since corrected, that allowed external forces to browse USB-attached drive not specifically set for external access. But one project at a time. (Plus, I haven’t visited the basement again since tweaking my knee.)

    http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/

  23. As far as the ASUS vulnerability, that is a good reason to not run stock firmware. The DD-WRT variants and PFSense mentioned before are both good options and will be updated more frequently so these kinds of long term flaws “should” hopefully be fixed. I ran PFSense on an Alix 2D3 board for several years before my recent upgrades.

    I like the idea of treating the TiVo as headless, that is the route all these systems should be going, someday at least….

  24. “And if I ever get a Mac Mini, per Chucky’s multiyear plan for me…”

    If you cut down the number of days per year you spend in Las Vegas hotels from 180 to 175, you could get the Mini tomorrow…

    —–

    “Feeling less good about this Asus vulnerability, since corrected, that allowed external forces to browse USB-attached drive not specifically set for external access.”

    As Anthony notes, running proprietary firmware on any router is a big no-no.

    Not only is DD-WRT an immeasurably better option from a security standpoint, but the broad user base and active community makes google research on doing stuff a snap. (I know nothing about PFSense, so I can’t comment on that one.)

    And using your router only as router, rather than for things it’s not particularly good at, like hosting lame SAN’s, is reason #37 to have a cheap Mac Mini (or similar Windows box) hidden somewhere on your LAN providing smarts and ports.

Comments are closed.