19
Aug
2025

Protecting Traffic Using Cloudflare WARP While Using Hotel Wi-Fi

While a convenient method of internet connectivity, hotel Wi-Fi is generally insecure, with wireless networks without any form of encryption and also not knowing who or what is between the access point and the rest of the internet. For the security conscious, using these networks can pose too much of a risk.

I have been using a GL.iNet travel router for my last couple of holidays, originally I purchased it to prevent having to authenticate against a captive portal on all of my devices when arriving at a hotel – but I soon saw the other benefits of this device, such as its robust VPN support.

Initially I had configured the router as a WireGuard peer with my home Mikrotik router, which worked great – I was able to route specific traffic back to my house as required, just as if I was there. I was able to access my Plex server, check in on my home lab and use Home Assistant.

More recently I have been playing with Cloudflare’s WARP Zero Trust Network Access (ZTNA) as another connectivity option between mine and my parents house, and other remote devices – which got me thinking, can I also use WARP as a free VPN service to encrypt all my traffic egressing my travel router when it’s connected to a network that I don’t trust? Cloudflare has an extensive network, meaning that no matter where I travel to, I’m surely going to be pretty close to one of their POPs.

WARP can be used as a pseudo VPN service, and if you’re only looking to encrypt your traffic between your router and the Cloudflare POP, it’s a great option. You obviously will not get all the features other commercial VPN providers provide, such as bypassing geo-blocking by selecting your exit node – but as a low latency encryption method, the price is right. The Cloudflare WARP ZTNA service is free for up to 50 users, with no bandwidth restrictions that I have come across.

To connect my Mikrotik routers to WARP I followed this guide Setup Cloudflare WARP Connector on MikroTik, essentially using the wgcf-connector Docker image to create a WireGuard compatible config file to connect to Cloudflare network – rather than having to use the WARP client, particularly important for devices that don’t support it.

After creating a new tunnel for my travel router, I followed the same guide as above to the point where a wgcf-connector.conf file is created. With this file I followed the GL.iNet guide to setup a WireGuard client manually.

Once the WireGuard client is successfully created on the travel router, I then ensured that the VPN policy sent all traffic via the Cloudflare tunnel, and finally – using the Hurricane Electric BGP Toolkit I ensured that the ISP ASN is Cloudflare’s. Additionally using Cloudflare’s Speed Test site, you can see additional information about the connection, including the throughput of the connection.

This setup has worked successfully for me in a number of hotels, I simply connect the GL.iNet to the hotel’s SSID or via an ethernet port in the room, authenticate via the captive portal – and as soon as the router detects internet connectivity, the VPN connection is established and traffic is routed over it – hidden away from other guests, or the hotel itself.

Posted by haydio, 0 comments
25
May
2023

Setting Printer ACLs via PowerShell

I have been looking for a way to set the "Manage Printer" and "Manage Print Jobs" permissions using PowerShell. I created the following PowerShell function that works well and takes a Active Directory group name as an input.

function Set-PrinterPermission {
param (
[string]$adGroup,
[string]$server,
[string]$printerName
)

$GroupSID = (Get-ADGroup -Identity $adGroup).SID
$SDDL = (Get-Printer -ComputerName $server -Name $printerName -Full).PermissionSDDL
$SDDL += "(A;;LCSWSDRCWDWO;;;${GroupSID})(A;OIIO;RPWPSDRCWDWO;;;${GroupSID})"
Set-Printer -ComputerName $server -Name $printerName -PermissionSDDL $SDDL

# Wait for a brief moment to allow the permission change to take effect
Start-Sleep -Seconds 2

$updatedSDDL = (Get-Printer -ComputerName $server -Name $printerName -Full).PermissionSDDL

if ($updatedSDDL -eq $SDDL) {
Write-Host "Printer permissions set successfully for $adGroup"
}
else {
Write-Host "Failed to set printer permissions for $adGroup"
}
}

This function can be called with the following code

Set-PrinterPermission -adGroup "YourADGroup" -server "ServerHostName" -printerName "YourPrinterName"
Posted by haydio in Windows, 0 comments
15
Jan
2020

Expanding the Root Partition on an Ubuntu Azure VM

By default Ubuntu IaaS virtual machines on Azure come with a 30GB OS disk.
The easiest way to enlarge the root partition after increasing the OS disk size is to run the following two commands:

sudo growpart /dev/sda 1
sudo resize2fs /dev/sda1
Posted by haydio, 1 comment
02
Apr
2018

Interesting VHF/UHF Frequencies in Perth

While there is a wealth of information on the warsug forums, some of the content is quite old and hard to tell if it is still active, I have compiled a list of active frequencies. I live in Perth’s southern suburbs so your milage may vary.

Frequency Description
 418.275 TransPerth Security
 418.700 TransPerth Trains Control
 163.675 DFES 6AR
 473.250 Possibly Canningvale/Success Area Busses
474.750 Possibly Armadale Area Busses
489.500/480.200 Swan Taxis
489.75 Black and White Cabs
472.800 Channel 7

If you have any favourite frequencies please leave a comment below, another great resource is the ACMA’s Site Location Map, you can also turn on filters to only show licenses within your radios frequency range.

Posted by haydio in Scanning, 3 comments
30
Oct
2014

Peer-to-peer AirPlay

A major feature in iOS 8 and Yosemite is the ability to connect to an Apple TV whilst not being on the same wireless network. The underlying technology for this is peer-to-peer AirPlay. Peer-to-peer AirPlay adds some great improvements to the old style AirPlay, if both the Apple TV and iOS or Mac support peer-to-peer they will connect this way even if they are both on the same wireless network. This removes the strain of video streaming from networks, and also improves the reliability of AirPlay streaming. Peer-to-peer AirPlay needs no configuration.

Peer-to-peer AirPlay requires the following:

  • Apple TV 3rd Gen (Rev A) – Model Number A1469
  • Mac from 2012 or later, running OS X Yosemite. Some unsupported models can be enabled by using the Continuity Activator.
  • iOS Device from 2012 or later, running iOS 8

Apple also recommends not using the 149 or 153 5Ghz wireless channels on your infrastructure wireless networks, not using these channels will eliminate any interference between the Apple TVs network and your wireless network.

Further information can be found in this great reference page from Apple.

Posted by haydio in Apple, iOS, OS X, 0 comments
Load more