I just moved into a student dorm for a semester abroad, and beforehand I emailed them asking whether they had ethernet ports to plug my router into (I use it to connect all my devices, and for WiVRn VR streaming). They confirmed that I could, but now that I’m here the wifi login portal is asking me to accept these terms from the ISP, which forbid plugging in a router. There’s another clause that forbids “Disruptive Devices” entirely, defined as:
“Disruptive Device” means any device that prevents or interferes with our provision of the 4Wireless to other customers (such as a wireless access point such as wireless routers) or any other device used by you in breach of the Acceptable Use Policy;
So what are my options? I don’t think I can use this service without accepting the terms, but also I was told by the student dorm support that I could bring a router, which contradicts this.
EDIT: some additional context:
- dorm provider is a company separate from my uni (they have an agreement but that’s it)
- ISP (ask4) is totally separate from dorm provider, and have installed a mesh network that requires an account. On account creation, there are many upsells including one for connecting more than one device. The “free” plan only allows me to sign in on a single device, and I can upgrade to two devices for 15 pounds.
- ethernet requires login too
- VR streaming requires a high performance wifi 6 network, which is why I bought this router (Archer C6 from tp-link)
That seems pretty standard stuff. My dorm had the same policy, because they operated their own mesh network and didn’t want students sending out their own radio signals that would have absolutely made their wireless network not work well.
Is there some reason you need your own router?
ETA: The student dorm people probably meant a network switch. Regular, non-techy people don’t usually know the difference between a router and a switch.
Yeah, the interference argument is fair, but I think this is also the ISP (totally separate third party) trying to protect the paid plans they sell for connecting more than one device…
trying to protect the paid plans they sell for connecting more than one device
It’s definitely 90% of the reason
So it’s a network operated by a third party? That’s interesting. The handful of universities I’ve been to maintain their own.
Where I went to school, originally the dorms were on the university network but a year in they offloaded us onto regular, commercial ISPs. The change was great for us since the university network was very strict on stuff like torrents (using DPI any torrent, even legal, got you disconnected for 24h)
My university had student apartments, each had their own router. No weird rules since it wasn’t the university’s network at all, it belonged to whoever lived in the apartment. Full router access, connect whatever, put it in bridge mode and connect your own if you want.
If there’s enough space between them, it would be less of an issue. If it was in a multifamily high rise with hundreds of units, I would expect it to cause issues.
Is this a problem with 5G networks? There are more channels and they don’t go through walls as well, right?
Tl;Dr It’s complicated.
Do you mean 5Ghz networks (5G is cellular tech, after all)? If so, 5Ghz can travel through walls, but it doesn’t travel as far, because there’s an inverse relationship between range and channel width. Also, 5Ghz has a shorter wavelength; some of the signal’s light will get absorbed by the walls, but not all of it.
Ultimately, you’d still have the same problem: too many radios sharing a limited range of frequencies on a band would interfere with each other if sufficiently close.
It would be akin to having everyone playing different music at full volume on their own personal speaker; you’ll inevitably hear the people closest to you. Radios can’t “hear” anything outside of their chosen frequency (channel), but if other people nearby are also on that channel, you might catch or lose some unintended packets, triggering a resend event (TCP) or causing stuttering/lag (UDP).
The number of channels available for 5Ghz varies by country, with the EU having the most, iirc. In the US, if you try to force your router to use one of the blacklisted channels, your devices will likely not connect (unless they were directly imported), despite being able to use the 5Ghz spectrum.
In that case, just set up a router level VPN. The university probably doesn’t give a shit. Which is why the help desk IT kid said it’s fine, probably.
It’s the 3rd party ISP just being greedy. The ISP may not even care as long as you’re not running an insane amount of traffic through it. Often this type of stuff is added to TOSs to allow them the option, if you’re being a bad actor.
psst
Hey, kid, don’t tell anyone I told you about this
*Lifts coat
iodine
https://code.kryo.se/iodine
Description: tool for tunneling IPv4 data through a DNS server
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.You got the goods! I used an HTTP tunnel when I was in college.
I also like the idea of ptunnel
Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies.
I don’t understand how that can be reliable without being extremely obvious.
Yeah, any off the shelf network intrusion software would probably immediately flag either of those based solely on the amount of traffic.
Well it would be obvious. Any decent network tool would be able to filter traffic on a port or type (ICMP, DNS, etc).
“Wonder why this kid has 2.5Gb of DNS traffic last week? That isn’t normal. Maybe we should go check it out”
The trick to staying hidden is to look like noise. And this would not be noise.
In 2014 when I was in the hospital for a week I got a visit from their IT. Seems like pushing 5 to 10 gig a day through a ssh connection triggered something. Just a gig of ICMP of any variety would trip a alarm.
Man, I wish I knew this back then. I used Google translate as a proxy. Then that was blocked, so I used babelfish’s built-in translation engine which was touch and go. This would have helped a lot lol
I love things that can route internet over something that should not be used for that. For example I’m thinking of making same thing over SMS and Veloren/Minecraft (or anyother videogame)'s private chat or something.
Oh, you are going to love this one then if you haven’t seen it before: https://robertheaton.com/pyskywifi/
Amazing…
Does it work with DoH ?
No, this is specifically for DNS over UDP (Port 53). What you’re looking for is just an HTTPS proxy. There is no difference between a DoH connection and any other HTTPS connection.
Except on my networks all port 53 tcp/udp and port 853 for that matter are forwarded to my dns per firewall rules. I also block all encrypted dns as well as dns over https blocked. Its my dns or nothing. I also have a vpn and proxy blocklist that updates twice a day. PFblockerNG is effective when maintained.
This is a very neat tool that I’ve bookmarked for further research. But I think you’re missing the point. He doesn’t need to hide network traffic, he needs a Wifi6 router. Now maybe you could setup a router to go through this service to further obfuscate the traffic but I don’t think this alone solves his purpose.
But I’m very glad you posted it because I love learning about little tricks like this to get around overly restrictive networks.
The reason they don’t want you using your own WiFi access point is probably because dorms are prone to over congestion if everyone sets up their own WiFi network.
If you wanted to fuck with them-and you don’t mind spending money-then you could set up your WiFi and get internet via mobile carrier or starlink, so that you never actually have to agree to their terms. Then when/if someone comes around to bitch at you you can watch them slowly come to the conclusion that they’ve got nothing on you.
Otherwise your options are to follow the rules to the letter and live without vr streaming, or accept that you might get in trouble. Some WiFi routers can be configured to not advertise their network; annoying because you’ll have to manually enter the network information on every device, but it might keep you from getting caught.
As for connecting multiple devices without paying; there’s probably some creative ways to tunnel all your traffic through a single device to get around that. Could still get you in trouble if you’re caught.
If you’re doing anything that could get you in trouble with the school make sure you save the email in which they told you using your own router is allowed.
Ah such a masterful plan, paying for your own internet
Tbf you’re paying for the college to provide you internet.
Ah but that one isn’t your own it’s shared
I got news for you about almost every ISP
Some WiFi routers can be configured to not advertise their network; annoying because you’ll have to manually enter the network information on every device, but it might keep you from getting caught.
Just name the network something like Samsung S20 Personal Hotspot. They’re not gonna look into why a student created a Hotspot with their phone.
Or, shit - lock the fucking door.
If it’s a dorm they have the key.
IT does? Damn, didn’t know - my bad. Where I’m from IT doesn’t have the keys, and the people that do have the keys know better than to try entering people’s dorms, unless it’s really something critical. Wifi doesn’t qualify.
Where I went to college, they probably didn’t directly have the key, that’d have to go through maintenance. But one of the things you signed on to initially was for maintenance to enter if they needed to while you were out.
Plus, at least half of the WAPs were actually in rooms and not hallways, so to service the network beyond IDF problems they’d have to get in
You don’t actually need internet for the VR streaming part, so you could just set up a router not plugged into the wall
You do if you are rendering in the cloud, e.g NVIDIA CloudXR. Not sure what OP plans to do.
NVIDIA CloudXR
that’s an incredibly tiny edge case.
Sure yet it’s a perfectly legitimate one. I’m not OP, it might be exactly their use case.
in a dorm room?
realtime cloud VR rendering for use in a dorm room?
A lab, sure.
A dorm bedroom?
pfft
I’m not sure if you played PCVR in the Summer but imagine that in a tiny room… it’s just way too hot. Again I’m NOT saying it’s good, or bad, I’m only saying you made assumption about OP usage. I’m not sure if you tried CloudXR but basically, it works and it’s not that complex to setup (e.g 1h) so it’s relatively faster and cheaper than building and owning a gaming PC.
I don’t understand why you are even arguing about a legitimate usage.
because I’ve been into vr for about a decade and know no one who uses cloudXR. 120hz ain’t gonna happen over a college dorm network. 90hz on quest 2 would be very challenging.
wait, you realize, his requirement for streaming has NOTHING to do with cloud rendering right?
You shall not use or attempt to use a device or software (such as NAT, Address Masquerading, Proxying, or the connection of an additional wireless router) that would allow you to connect more than the number of devices set out in the Service Information to the Network.
One of the ways they detect this is by checking the TTL of the packets coming from the “one” device is less than expected. If your router is using OpenWrt, you can configure an iptables rule to reset the TTL of outgoing packets to the default.
My router is an Archer C6 from TP-Link. I’ve never used OpenWrt, but I have used Linux on my laptop & server for many years. Is this worth looking into/possible without any prior networking knowledge?
It’s pretty straightforward to use, in my experience. There’s a web UI, so you won’t need to worry about the nitty gritty details unless you go beyond what’s supported through that.
So most dorms don’t want you using your own routers because a bunch of student routers causes A LOT of inference.
You should probably reach out not to the dorm folks but the university networking folks as they’re the ones that will ultimately make the decision on whether or not to turn things off/disconnect you.
A cheap networking switch would probably be okay by them to get some more wired connections in your dorm room (routers aren’t really a great way to do that).
As a secondary concern, using a router will cause a double NAT for all your connected devices (universities don’t operate in the way ISPs do). That could cause some weird networking shenanigans, particularly for anything peer-to-peer like online games.
That’s good advice, however this dorm is not part of my uni (just a partner to provide housing) and the internet provider whose T&C I’m expected to accept and sign up for 1y of are a totally separate legal entity, that has a bunch of upsells for stuff like “connect more than 1 device” (which my router/AP would basically be bypassing, and I think that’s what these clauses are about). About the interference, is it possible to limit it severely while still having a reliable connection just within my room? I only really want to connect:
- Laptop (wired)
- Phone
- VR for streaming from laptop
You can do a few things to reduce interference if the device broadcasting the signal supports it. Unifi APs support these settings. Most routers with WiFi probably do not support transmit power.
- Adjust transmit power to lower setting
- Higher the frequency, shorter the range (but that frequency may be highly used in the area), so #3 is the better option
- Analyze the frequency usage and picking a frequency that is least used
- If 2.4Ghz band isn’t necessary disable it and only use 5Ghz since it’s a higher frequency it again has a lower range.
- You could also faraday cage your room so the signal won’t leak out, but thats probably more work than its worth.
You may want to update your OP. Not being part of the University, makes a HUGE difference and will affect your options. Typically, when people say “dorms” it’s direct University provided housing.
Options in this case:
-
Just play dumb, nobody expects anyone to actually read TOS.
-
Setup a router level VPN.
-
Buy your own hotspot for Internet access. (May be cheaper to just pay for additional devices)
-
Mine didn’t either when I lived in a dorm. I got around the network block.
- Plug Xbox 360 into ethernet wall port
- Log into uni network, get internet
- Plug router directly into pc.
- Assign router same ip as Xbox
- Spoof router mac address to match xbox
- Unplug from pc
- Quickly swap cable in wall from Xbox cable to router cable, Indiana Jones style
- Internet for 1 month. Repeat monthly.
TIL you aren’t a wireless professional until your hacks comes with a cinematic soundtrack.
You’re not a wireless professional if you use wired ethernet cables…
this gives me playstation 1 CD swap vibes
(inserting a legal cd to pass verification and then swapping it for your own cd)
Hacker on steroids.
deleted by creator
This isn’t rare and not altogether a bad idea.
My university had a problem of students bringing their own WiFi routers before the dorms had WiFi. Students would set them up incorrectly and cause a series of problems with colliding DHCP servers and interference and it would cause outages for nearby wired students.
A lot of IT departments locked the network down for these reasons.
Students would set them up incorrectly and cause a series of problems with colliding DHCP servers
That’s an IT problem, not a user problem. The downstream ports should have been isolated at both the link and packet layers. Configuring a router to share an unrestricted LAN between a dorm full of untrusted users is a disaster waiting to happen.
A lot of Unis have IT on a shoestring budget.Especially the CompSci dept have the most idiotic IT “professionals” working there.
Usually it is the Sciences dept like Mech-E or Tech-E or Elec-E who run massive Compute nodes for Rendering Physics or Fluid dynamics or something something research …
Unfortunately, the Unis that have massive student dorms on-campus tend not to isolate their networks properly and allow students to directly connect to all depts Networks without any barriers. The isolation happens between LAN and Internet which is where most of the controls and filtering happens.
It would be nice if each dept had their own VPN servers and proper network isolation at the LAN instead of the crazy monkey wiring everything to everything else on-campus.
I work in university IT so I have some experience here. Some schools are better than others but in general providing IT services for students is like trying to wrangle a herd of starving feral cats who are all in heat.
First of all I have never seen 802.1x implemented (Ethernet authentication) in the wild that wasn’t almost immediately removed. It’s a shitty protocol that’s terrible to debug. I totally get why they restrict APs … my god if every student had one it would be a pain. It would be like standing in a crowded room with everyone shouting and you’re trying to pick out one conversation 20 ft away.
My guess is you’re basically in a situation like my son was at ECU. It’s likely not really a university dorm but closely affiliated hence the reason of a third party. Or the central university IT is abysmal and can’t be bothered. Either way the only reason to use 802.1X is because they think it’s more secure, when in fact it’s way more trouble than it’s worth. You can do the same thing by controlling downstream routing or MAC filtering. The ECU “dorm” did that and it wasn’t much better honestly. You had to go into a website to add your MAC address to get access to the WiFi. Firstly how do you do that when your computer can’t talk to anything. Chicken and egg problem. Secondly for the ones who figured out how to do that using your phone, good luck getting a history major to figure what even what a MAC address was.
My suggestion is don’t bother. If they’ve implemented 802.1x they’re a micromanaged IT and will catch you eventually. I’d also guess they have completely overtaxed their egress traffic and your speeds are abysmal.
On a related note, when you graduate never ever rent from an apt complex that generously process WiFi or Ethernet. It will almost always suck, they will have no one to provide adequate tech support, and they are just using it as another revenue stream.
Sorry I don’t have better advice but if they control the network there isn’t really much you can do.
I was once responsible for a student house (we don’t have dorms in the US sense, this is the closest we have) and I have similar experiences but less extreme. My favourite was when I had forgotten to configure DHCP filtering and someone plugged in a router the wrong way so it started offering DHCP (that didn’t work) to everyone in the building, in a race with our upstream ISP.
Also, the times rats got into the networking room and ate random cables. I should add the network was built by volunteer students in the ‘90s.
I did this a work one time… sorta the same thing. I installed pfsense VM and left the DHCp server on. I killed the network in our office for about 15 minutes.
Users are often dumb. Imagine 100 people who think they know what they’re doing trying to set up a bunch of custom networking.
That’s your dorm.
Most dorms either outright prohibit using personal hardware like that or require the schools IT department to install it themselves and set it up.
Run a network of your own someday and you’ll understand. It’s hard enough to get your own network working perfectly without a bunch of wildcards popping up everywhere.
Do you know how many times I have killed my own network at home and I control EVERYTHING!! I’m the only wildcard…. Of course I have ADHD and documentation is not my strong suit 🤣
I’ve never seen this happen. The reality is unless it’s a dorm full of CS students most don’t know fuck all about WiFi, networks, or want to pay for their own routers. It’s better to talk to the few who would attempt something like this.
No what this actually is is the ISP trying to make money charging for more devices.
If someone deploys their router using a uni network as wan then I don’t see how that could affect other uni network users? I can imagine some internal services might not work behind such a router but it would be illogical of the user to blame anyone but themselves.
The post mentioned a wireless mesh network, so it sounds like the ISP/provider already has a bunch of wireless access points set up to cover the whole building. One of the problems with high-density living spaces is that there are only a limited number of communication channels WiFi can use, so if everyone living there also runs their own wireless networks they use up all the available channels and have to cross-talk over eachother, leading to everything slowing down.
If everything is set up perfectly, it should work, sure. Now how many people do you think even know the difference between WAN and LAN? You expecting the bio or art major to not make any mistakes at all? Or the business major?
But if the bio or art major can seriously affect your network then is that even their fault? What if someone had skill and malicious intent?
Lmao you are oblivious if you think it’s possible to set up a network that someone CANT fuck up while having physical access to it.
It’s not magic.
The point is NETWORKS ARE COMPLICATED. Users are generally dumb. The point is you don’t expect them to have the knowledge to do it right. So they’ll break something. Users with actual knowledge could yes, break things even worse.
That’s EXACTLY why they’re restricting hardware use.
Welcome to the conversation, smh
I do know from experience that networks are complicated and users are dumb, but I still think that if someone with barely any knowledge and without malicious intent can mess with your network then something’s wrong with the setup.
Imagine 100 people who think they know what they’re doing trying to set up a bunch of custom networking.
you mean like an apartment building?
Shit, ask4? I think they were the isp when I was at uni about a decade ago. I’m sorry to hear they’re still kicking.
If it’s still the same as back then, all the dorms are essentially on the same lan and they’re using Mac filtering at the gateway. Since this was before Https became ubiquitous this meant you could sniff other people’s http requests.
What you do (what we did) was sign up with one device and setup a proxy on it. I think we used squid-cache. But anything that will masquerade the traffic as coming from that one device should do the trick.
Yes, i think squid proxy would do the trick too. It even has installers for windows.
pretend you didn’t read it and press the button
As someone who has administered networks and written policies like this the concern here is that you will run an open network that may be used for piracy, hacking, DDOS or to send bomb threats. Tracing down this type of behavior is required by law and allowing students to run open networks makes this near impossible.
Not only that, but managing wifi channel congestion in a dorm is a pita.
It’s tough enough when you fully control the airspace, to have nice clean coverage and overlapping cells.
But then add dozens or hundreds of individually managed APs in a tiny space…with DFS and/or 160MHz channel widths?
Ops best bet is to get their own 5g home internet and plug in.
You’ll be hard pressed to get a router to talk to a captive portal sign in…but if OP wants to get creative, this can easily be fixed with a dumb switch and a Linux PC with two NICs. You could use windows for this, but why would you?
Assuming they have their own wifi, they just don’t want you using wifi off of your own router. A wired connection should be fine.
Unfortunately, connecting to the ethernet port still prompts me to log into the network (make an account and accept these terms)
Accept the terms and ignore them
deleted by creator
Would that work even if the T&Cs are for a third party (the ISP), while the correspondence is with my dorm provider (not legally related to my uni, they just have a partnership)?
deleted by creator
Turn off SSID broadcasting entirely. Hidden networks require more technical expertise to discover than most people have.
The ISP techs will still be able to find it, but there’s little reason for them to go looking when nothing seems out of the ordinary.
This is what I was going to recommend. Worse case scenario the internet gets shut off and he has to email somebody and say he won’t do it again. Most likely that nobody will notice or care.
Yes I did the same thing at my uni halls, said fuck paying for multi device, bought a router, named it like a phone hot-spot and never had issues.
In reality no one that works there is paid nearly enough to care about the ISP’s terms and conditions, and even if someone from the ISP comes to do maintainance or something, they won’t be there to snoop for rule breakers and even if they are, if the SSID looks like a phone hot-spot, they won’t care, and even if they do they’re not going to trace it back to you directly and even if they do, you have the email saying its okay which will shift any and all blame away from you.
So just go for it, there’s a 99.999999999999999999% chance you won’t get caught and even if you do you won’t get any blame because you asked the company.
100% the correct answer.
I would just accept the terms and disable wifi, or if you don’t want to double nat just use a switch and accept the terms / login on every device connected to the switch.
If you are really worried about getting caught not following the exact rules as written, you could always pay for multi device connections… then they won’t care.
But it’s definitely possible to set up your VR router in a way that is not gonna bother anything. Most people in this thread don’t know that your VR router doesn’t need internet access. If the VR stream is all it is doing, it can be isolated from the internet, and the isp won’t know or care it exists.
The other thing about rules, that they don’t tell us autistic people, is that following rules is actually kind of optional. Certainly more optional than it feels like to us. Think about it in terms of what the people were thinking when they wrote the rules, and who will be enforcing the rules and what they will care about. And what the enforcement of the rules would look like. (In this case, the most likely initial outcome of them enforcing these rules would be either an e-mail or paper letter telling you they noticed you are breaking a rule, possibly with details to help you stop breaking it, but likely not). Try to sus out the “spirit” of the rules rather than the letter of the rules. That is how all the other humans use rules and why to us it always feels like everyone is breaking all the rules and getting away with it.
If you follow every rule to the letter… you really can’t do anything. At all. Like, literally, even we are breaking rules we don’t yet know about every single day.
I have to agree with this comment. I’d probably just set up the router regardless (probably in WiFi AP mode) and not worry about it too much. No one reads the terms and conditions anyway. If someone comes to actually enforce the thing I’d obviously take it down. Hide the ssid if you want to.
As others mentioned, there are ways to also hide traffic behind a single device, maybe connecting to a VPN on the router level would help with this?
Back when I was in uni I had terrible wired Internet so I’d try anything. At one point I was using a jailbroken iPhone to share its 4g connection without having to pay extra to the wireless ISP (basically data plan was unlimited but tethering wasn’t). It worked fine, I could use my data on any of the devices over wifi but it was barely faster than the wired network and it was a lot of hassle so I gave it up.
Not a lawyer but if you have an email that says you can, I’d argue it’s override the ToS assuming the person giving permission actually legally can.
Anyway I bet what they avoid is reselling access so I believe as long as you don’t pay for yourself then resell to others you’ll be OK.
This. The ISP isn’t going to care about (or notice) a single person using a router. They will notice and care if 1 person is consuming the data of 20.
The email says that you can do it. It doesn’t say that you can do it without purchasing the upsell option.
And importantly, the email is from my dorm (whose contract simply said they provided free fast wifi), while these unexpected T&Cs are from the dorm’s ISP.