I just moved into a student dorm for a semester abroad, and beforehand I emailed them asking whether they had ethernet ports to plug my router into (I use it to connect all my devices, and for WiVRn VR streaming). They confirmed that I could, but now that I’m here the wifi login portal is asking me to accept these terms from the ISP, which forbid plugging in a router. There’s another clause that forbids “Disruptive Devices” entirely, defined as:
“Disruptive Device” means any device that prevents or interferes with our provision of the 4Wireless to other customers (such as a wireless access point such as wireless routers) or any other device used by you in breach of the Acceptable Use Policy;
So what are my options? I don’t think I can use this service without accepting the terms, but also I was told by the student dorm support that I could bring a router, which contradicts this.
EDIT: some additional context:
- dorm provider is a company separate from my uni (they have an agreement but that’s it)
- ISP (ask4) is totally separate from dorm provider, and have installed a mesh network that requires an account. On account creation, there are many upsells including one for connecting more than one device. The “free” plan only allows me to sign in on a single device, and I can upgrade to two devices for 15 pounds.
- ethernet requires login too
- VR streaming requires a high performance wifi 6 network, which is why I bought this router (Archer C6 from tp-link)
You must log in or # to comment.
I’m not advocating for breaking any rules, but many people know that you can hide your wifi routers SSID. even fewer people know how to track these networks.
Most commercial networks systems have the ability to detect rogue access points by analysing the radio spectrum, and hiding the SSID will not avoid detection once traffic starts flowing to it.
And they can triangulate the position of the rogue AP.
Interesting about hiding SSIDs, I never knew why that option existed. I’m here on Erasmus so I don’t want to risk too much by knowingly breaking rules… them triangulating it to my room and starting a legal case or something sounds real scary.
them triangulating it to my room and starting a legal case or something sounds real scary.
It’s also incredibly unlikely unless you’re actually causing problems
If you really want wireless, do the Ethernet > Desktop/Laptop with hotspot and limit it’s TX power WAY down to minimal levels.
You should be able to use it within your dorm room fine, but will have trouble penetrating beyond the walls and will also make detecting and triangulation quite difficult
So technically I should get away with connecting the router and making an AP right? I can’t do a hotspot from my laptop because the performance is not high enough for streaming (this is why I bought a dedicated router).
In that case I would pickup a cheap USB Ethernet dongle (or 2 if the laptop doesn’t have an onboard one)
Wall > Ethernet 1 and router > Ethernet 2
Configure windows to share Ethernet 1 connection to Ethernet 2 (Builtin functionality since Windows 7 iirc)
Configure the router for minimal power to the radios, use your laptop to handle captive portal and there should be no DHCP interference concerns with the Windows laptop on the middle in this fashion
Boom done, congratulate yourself a lil for a small win over corporate greed lol
Also, connecting an access point that doesn’t broadcast its SSID has another side effect: all devices configured to connected to it will periodically broadcast a signal to search for that hidden AP instead, so it makes you even easier to track down anywhere else.
That’s assuming they’re actively looking. Hiding your SSID is more to prevent someone from getting suspicious and calling out the ISP.
Assuming they have their own wifi, they just don’t want you using wifi off of your own router. A wired connection should be fine.
Unfortunately, connecting to the ethernet port still prompts me to log into the network (make an account and accept these terms)
Accept the terms and ignore them
100% the correct answer.
And if they complain, show them your previous correspondence with them
Would that work even if the T&Cs are for a third party (the ISP), while the correspondence is with my dorm provider (not legally related to my uni, they just have a partnership)?
Probably not. But there is a good chance that they won’t notice at all. If they do, you can always take it down.
Maybe use an inconspicuous ssid? Like a similar name to a company or institute nearbyTurn off SSID broadcasting entirely. Hidden networks require more technical expertise to discover than most people have.
The ISP techs will still be able to find it, but there’s little reason for them to go looking when nothing seems out of the ordinary.
This is what I was going to recommend. Worse case scenario the internet gets shut off and he has to email somebody and say he won’t do it again. Most likely that nobody will notice or care.
Yes I did the same thing at my uni halls, said fuck paying for multi device, bought a router, named it like a phone hot-spot and never had issues.
In reality no one that works there is paid nearly enough to care about the ISP’s terms and conditions, and even if someone from the ISP comes to do maintainance or something, they won’t be there to snoop for rule breakers and even if they are, if the SSID looks like a phone hot-spot, they won’t care, and even if they do they’re not going to trace it back to you directly and even if they do, you have the email saying its okay which will shift any and all blame away from you.
So just go for it, there’s a 99.999999999999999999% chance you won’t get caught and even if you do you won’t get any blame because you asked the company.
I would just accept the terms and disable wifi, or if you don’t want to double nat just use a switch and accept the terms / login on every device connected to the switch.
psst
Hey, kid, don’t tell anyone I told you about this
*Lifts coat
iodine
https://code.kryo.se/iodine
Description: tool for tunneling IPv4 data through a DNS server
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.You got the goods! I used an HTTP tunnel when I was in college.
I also like the idea of ptunnel
Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies.
In 2014 when I was in the hospital for a week I got a visit from their IT. Seems like pushing 5 to 10 gig a day through a ssh connection triggered something. Just a gig of ICMP of any variety would trip a alarm.
I don’t understand how that can be reliable without being extremely obvious.
Yeah, any off the shelf network intrusion software would probably immediately flag either of those based solely on the amount of traffic.
I love things that can route internet over something that should not be used for that. For example I’m thinking of making same thing over SMS and Veloren/Minecraft (or anyother videogame)'s private chat or something.
Oh, you are going to love this one then if you haven’t seen it before: https://robertheaton.com/pyskywifi/
Man, I wish I knew this back then. I used Google translate as a proxy. Then that was blocked, so I used babelfish’s built-in translation engine which was touch and go. This would have helped a lot lol
Does it work with DoH ?
No, this is specifically for DNS over UDP (Port 53). What you’re looking for is just an HTTPS proxy. There is no difference between a DoH connection and any other HTTPS connection.
Except on my networks all port 53 tcp/udp and port 853 for that matter are forwarded to my dns per firewall rules. I also block all encrypted dns as well as dns over https blocked. Its my dns or nothing. I also have a vpn and proxy blocklist that updates twice a day. PFblockerNG is effective when maintained.
I work in university IT so I have some experience here. Some schools are better than others but in general providing IT services for students is like trying to wrangle a herd of starving feral cats who are all in heat.
First of all I have never seen 802.1x implemented (Ethernet authentication) in the wild that wasn’t almost immediately removed. It’s a shitty protocol that’s terrible to debug. I totally get why they restrict APs … my god if every student had one it would be a pain. It would be like standing in a crowded room with everyone shouting and you’re trying to pick out one conversation 20 ft away.
My guess is you’re basically in a situation like my son was at ECU. It’s likely not really a university dorm but closely affiliated hence the reason of a third party. Or the central university IT is abysmal and can’t be bothered. Either way the only reason to use 802.1X is because they think it’s more secure, when in fact it’s way more trouble than it’s worth. You can do the same thing by controlling downstream routing or MAC filtering. The ECU “dorm” did that and it wasn’t much better honestly. You had to go into a website to add your MAC address to get access to the WiFi. Firstly how do you do that when your computer can’t talk to anything. Chicken and egg problem. Secondly for the ones who figured out how to do that using your phone, good luck getting a history major to figure what even what a MAC address was.
My suggestion is don’t bother. If they’ve implemented 802.1x they’re a micromanaged IT and will catch you eventually. I’d also guess they have completely overtaxed their egress traffic and your speeds are abysmal.
On a related note, when you graduate never ever rent from an apt complex that generously process WiFi or Ethernet. It will almost always suck, they will have no one to provide adequate tech support, and they are just using it as another revenue stream.
Sorry I don’t have better advice but if they control the network there isn’t really much you can do.
I was once responsible for a student house (we don’t have dorms in the US sense, this is the closest we have) and I have similar experiences but less extreme. My favourite was when I had forgotten to configure DHCP filtering and someone plugged in a router the wrong way so it started offering DHCP (that didn’t work) to everyone in the building, in a race with our upstream ISP.
Also, the times rats got into the networking room and ate random cables. I should add the network was built by volunteer students in the ‘90s.
if you have what support soid in writing then ask student legal (most universities give you free lawyer access, use it) but in general specific advice like this will in court override what the eula says. The person who said you could should of course be fired but that isn’t your problem.
in the us fcc rules say these are unlicensed bands and they cannot make those rules about any radio. However the eula seems to be about wifi use but connecting their network to wifi and that difference is in their favor. If you get your own network connection (how?) You can bring your own wifi but don’t connect theirs.
Woah, that’s really cool. I’ll contact my uni to ask about it and I guess for now use a phone data hotspot and skip on VR.
It’s a security\legal risk to allow adhoc wireless networks within your environment, pretty much any organization above a certain size has the same restrictions.
You could theoretically allow anyone to access your router directly, which would let them bypass agreeing to the Acceptable Use Policy, for example, shifting liability back to the organization for that users behavior.
Not all that surprising. I don’t know of any network manager who’d happily allow rogue routers on their network, particularly if you still have it configured as a DHCP device and not a pass through device, which most college students do not consider and will very much disrupt campus network performance.
I’d be happy to set my device to passthrough mode, but I think the ISP prevents peer-to-peer connections (which my laptop would make to the VR headset) unless you buy one of their plans for Chromecast/smart TVs. Would that prevent it from working? And would I still be able to connect multiplw devices despite their one-device limit?
It’s hard to say without knowing all the details of how the college configures their network. Back when I was in college, I had a student job with the campus’ IT department, and students running into issues getting all their devices connected was a regular issue at the start of every year.
The main problem with most college networks is that you’ve typically got an enterprise setup that’s also having to double as home internet service for those living on campus. Depending on when the network was built it was likely only planning for students to have a laptop, maybe a desktop too, as opposed to modern times when just about every electronic device has an internet connection.
Some things just may not work like they did at home.
That’s fair yeah. In my case the dorms are a separate unrelated company from the uni (they just have a partnership) and the ISP is yet another third party that did the install and sells extras to each student. I think it’s pretty scummy since I read my whole dorm contract and it never said this would be a condition to the “free fast wifi” access.
Eww, yeah, that sounds like a crappy setup to milk more money from students with no other option - especially if you’ve got student aid requiring you to live in school housing.
You may want to see about getting your own wireless carrier internet service. Not the best solution, but at least it would be yours and unrestricted.
I’m only staying for a semester (via Erasmus, or what remains of it post-Brexit) so while I did consider this I don’t think it’s very viable.
Fair enough. My recommendation would be set the router to pass through and see if it works. Just secure the wireless network created by your AP - be a responsible network policy violator!
I don’t really have any other ideas that wouldn’t involve additional hardware, which doesn’t make much since give the short time you’ll be there.
Is there a limit to the number of devices allowed to connect that this rule is trying to enforce?
Either way, if the vr headset doesn’t need internet connection you could connect your computer to the internet wirelessly and to your own router via cable for vr.
Why does the dhcp on the router affect the main network? I’d think that way it only needs to deal with the router, as opposed to all the devices connected to the router if it’s passthrough?
Because that router will be broadcasting DHCP signals and offering IPs, conflicting with the authorized DHCP servers on the network. This wiki article will probably explain it better. I’m not so good with the words a such.
A consumer router only operates DHCP on the LAN side. Presumably one would plug the WAN side into the university network, making this a non-issue.
Some of my other replies address that. Worked in IT on a college campus, and every class will have at least a few clueless users who just plug the cables into the LAN ports.
Makes sense. Would that not be trivially mitigated by just blocking dhcp responses from unapproved servers on the switch though?
Should be, yes. At that point it’s a question of how well the network was configured. I’d hope this wouldn’t be much of an issue these days - I did graduate from college in 2011, and I’m sure (hopeful) campus networks have improved since my student IT job days. These days my router config experience is from the ISP side. The only private network I’m responsible for is my own, thankfully!
I went to college in the mid-late 2010s and I recall they specifically banned WiFi routers, but when I checked what they meant specifically all they cared was that it didn’t broadcast on the 2.4 or 5 ghz spectrum and if it was all wired I was fine.
I don’t know much about networking but that page seems to be about someone else setting up a dhcp server without the knowledge of the administrators or the users. In op’s case the concerns about mitm attacks don’t apply and the other concerns sound like problems that could arise in cases of misconfiguration or if the users aren’t aware they’re connected to a different network. I also couldn’t see anything about it affecting the main network’s performance
I mean, it’s all right there in the first two paragraphs. Keep in mind that by DHCP server we aren’t talking about something specifically set up by people with malicious intent. A home router is a DHCP server when not configured for pass through. Students who don’t know how routers actually work (we can’t all be IT nerds, lol) plug them into their dorm Ethernet jack, and now you’ve got an unauthorized device offering IP addresses that conflict with the authorized DHCP servers, which can quickly start causing issues with any new devices trying to connect to the network, and existing devices as their DHCP leases expire. Also keep in mind that we’re talking about a college network that will likely have local network resources for students like shared drives that would not be accessible to anyone connecting through the rogue device. Your IT department will quickly start getting complaints about the network that are caused by an access point you have no control over.
I see, I thought routers knew not to do dhcp on the Wan port
Typically they do. Which is great until you get a student who doesn’t understand WAN vs LAN and plugs both connections into the LAN ports. Never underestimate the power of a Stupid User.
They do.
Which is all well and good until you get someone who plugs both connections into the LAN ports.
If you plug the dorm ethernet jack into the LAN side of a consumer router, there’s a chance they don’t.
Sure, you can catch this if you watch the dhcp leases your router is handing out, but…
Ah! I just saw you specified if it’s configured for pass through. If it is configured for pass through, then yeah it likely won’t cause issues on the network. The DHCP server is the critical bit.
From a network management perspective, though, they still won’t want these because you have to trust all these college students are going to properly configure their devices - most of them won’t know how and won’t bother figuring it out. And then you still have the issue of a bunch of unmanaged access points to your network, which is just poor security.
Yeah a simple little unmanaged switch would solve all these issues for about $20 and probably wouldn’t break the ToS.
Yeah. I think OP’s issue is they may have a few devices that are wireless only. Not sure of the best way to handle those.
Ah yeah just saw they specifically want to connect a VR headset wirelessly. I’m not real sure how to approach that either, if there’s any kind of port on the headset at all they could potentially adapt it to RJ45 but that defeats the whole point.
If a wireless connection is a must OP is just going to have to disable SSID broadcast, restrict it to certain MACs, and try to lock it down as much as possible and hope for the best. If they do it right it’ll won’t interfere with other devices and no one will ever know.
I just saw you specified if it’s configured for pass through.
I didn’t, that’s just bad grammar. Edited the comment
It just says you can’t use things that allow you to connect more devices than agreed. Which means nothing without knowing how many devices were allowed to begin with.
Yeah that’s the thing… the max devices is one, unless I pay a fee (per device I think). This third party that manages the internet offers a bunch of upsells in the account creation for stuff like more devices.
Is this a private or for profit university?
This is pretty typical for universities. They don’t want the airwaves clogged, doubling up NAT can lead to networking wonkiness, and they don’t want you giving university network access to unauthorized folks with an open AP.
When you say VR streaming, you just mean wireless from your PC to the headset, right? There’s a chance you could do that with an offline wireless router if the VR experiences you’re looking to play are single player.
Yep, that’s what I mean with VR streaming. The PC connects thru eth to the router, and the headset is connected to the router’s AP via wifi. I get the point about unauthorized access, but I set strong passwords and never share them. I think this clause is more about preventing me from connecting more than one device to the internet, which they want to charge me for if I do. Obviously having my own AP would allow me to easily circumvent that.
Add a wireless AP to your pc and create an adhoc wifi network for your vr to connect to your pc directly.
I wonder if you could just use your PC to hotspot when you need to use VR.
None of that is binding because you have no real alternative to accepting those terms. Just click agree then freely ignore everything it said. If they don’t like it, that’s their problem.
My university was pretty zen about this — essentially, “don’t use your own access point/router please. But if you do, please talk to your resident (University employed) student IT rep and they can probably help you set it up correctly.”
You can disable your router’s wireless networking (or hide its SSID if you want to use wireless networking). It won’t be an issue if you use either way. Since your dorm told you that you could use a router; these terms wont matter.
Note that hiding its SSID won’t turn off the wireless broadcast which would be adding to the “noise” in whatever channel it’s using.
In this case you would want to turn off the wireless itself
As someone who has administered networks and written policies like this the concern here is that you will run an open network that may be used for piracy, hacking, DDOS or to send bomb threats. Tracing down this type of behavior is required by law and allowing students to run open networks makes this near impossible.
Not only that, but managing wifi channel congestion in a dorm is a pita.
It’s tough enough when you fully control the airspace, to have nice clean coverage and overlapping cells.
But then add dozens or hundreds of individually managed APs in a tiny space…with DFS and/or 160MHz channel widths?
Ops best bet is to get their own 5g home internet and plug in.
You’ll be hard pressed to get a router to talk to a captive portal sign in…but if OP wants to get creative, this can easily be fixed with a dumb switch and a Linux PC with two NICs. You could use windows for this, but why would you?
pretend you didn’t read it and press the button
