Using a VPN with the ship's wifi

[Jim_Iain]

3 hours ago, pisces223 said:

Thank you everyone for your thoughtful and concise responses! Would you recommend Nord for a VPN? If so, about how much is it? I saw the different plans and am wondering if there is something I should know about how to choose. Thanks!

Really depends on how you plan on using.   If just going to use it for a cruise I would recommend the 30 day plan about $14.00.    If planning on using it all the time go with the promotional 1 year basic at $58 for first year (goes up to $99 year 2 on)   I just  cancel subscription at end of first year and then sign up for another 1 year.    It is always on sale.

 

For the 2 year plan ($78 per year for first 2 years).    

[Charles4515]

1 hour ago, Jim_Iain said:

I use both Express VPN and

 

Express VPN was bought last year to by a company with sketchy reputation, a  company that used to distribute malware.  That has been buying VPNs. They also bought Private Interent Access and Cyberghost. The VPNs are supposed to be independent but I am leery of the connection. 

[Heymoe]

I'm on the Infinity now and can confirm that Celebrity blocks most VPN traffic. Their DNS definitely blocks lookups of sites with "VPN" and it appears they block ports commonly used by VPN programs.

 

If your VPN provider has an option for using TLS protocol (Port 443), you're in luck.  That's the protocol used to break China's Great Firewall - also used to break the great Waterwall of Celebrity.  It's very hard to stop because websites using "https://" transfer their data over port 443

 

Most VPN standalone programs don't offer a TLS connection, but one that does appears on StackSocial.com with good discounts.  It's KeepSolid/VPN Unlimited.  Not the fastest, but has quite a few endpoints.  I'm not affiliated with KeepSolid but found it's pretty resilient.

 

And the cost to bypass Celebrity's 'curation' is $50 a day!!!

[Jim_Iain]

I've used VPN  Express, Nord, Tunnel Bear, Cisco etc on all classes of ships and never had a problem.   Actually I'm using Nord on Solstice right now.

 

You are correct they do block all VPN's dns lookup so if you try to log onto Nord or Express you can't get through.   Make sure you have it installed prior to boarding.

 

Once on board I just fire it up.    I'm also using NordVPN via my Firestick app and can spoof location.

 

Proof of concept

 

[D C]

On 12/4/2022 at 7:41 PM, Jim_Iain said:

I've used VPN  Express, Nord, Tunnel Bear, Cisco etc on all classes of ships and never had a problem.   Actually I'm using Nord on Solstice right now.

 

You are correct they do block all VPN's dns lookup so if you try to log onto Nord or Express you can't get through.   Make sure you have it installed prior to boarding.

 

Once on board I just fire it up.    I'm also using NordVPN via my Firestick app and can spoof location.

 

Proof of concept

 

Can Nord or the others give me remote access to home? I use OpenVPN now when I'm away to be able to access my home network (files, cameras, and whatnot).  Doesn't work on Celebrity with the crummy internet (pre-starlink), but did on Princess. 

[Jim_Iain]

2 hours ago, D C said:

Can Nord or the others give me remote access to home? I use OpenVPN now when I'm away to be able to access my home network (files, cameras, and whatnot).  Doesn't work on Celebrity with the crummy internet (pre-starlink), but did on Princess. 

 

Nord recently came out with something called NordMesh -  Both both machines need to be logged onto Nord account via VPN and from that you can connect securely to your home PC.    I tried it in December using Starlink and worked perfect.

https://support.nordvpn.com/General-info/Features/1845333902/What-is-Meshnet.htm

 

Another options is TeamViewer free for individuals as long as being used for non-commercial use.   If they expect you are using for commercial purposes they will freeze the account but you can e-mail them assuring our not commercial and they unlock it.

 

I've use TeamViewer many times while on Celebrity. 

Edited February 6, 2023 by Jim_Iain

[CruisinShips]

Bringing up this old thread. Going to be on the Apex in the Caribbean, and using ExpressVPN. Does anyone know if it matters what specific US city you spoof to/from?

[Wineaux007]

44 minutes ago, CruisinShips said:

Bringing up this old thread. Going to be on the Apex in the Caribbean, and using ExpressVPN. Does anyone know if it matters what specific US city you spoof to/from?

I used Atlanta.

[Esmerelda]

We have had Surf Shark for about 4 years. We have never had any issues onboard a ship and were able to log in from different countries to watch shows late at night. 

[GVM]

On 12/4/2022 at 11:53 AM, Heymoe said:

I'm on the Infinity now and can confirm that Celebrity blocks most VPN traffic. Their DNS definitely blocks lookups of sites with "VPN" and it appears they block ports commonly used by VPN programs.

 

If your VPN provider has an option for using TLS protocol (Port 443), you're in luck.  That's the protocol used to break China's Great Firewall - also used to break the great Waterwall of Celebrity.  It's very hard to stop because websites using "https://" transfer their data over port 443

 

Most VPN standalone programs don't offer a TLS connection, but one that does appears on StackSocial.com with good discounts.  It's KeepSolid/VPN Unlimited.  Not the fastest, but has quite a few endpoints.  I'm not affiliated with KeepSolid but found it's pretty resilient.

 

And the cost to bypass Celebrity's 'curation' is $50 a day!!!

Lifesaver! I am on the Edge, sea day, between Vancouver and Juneau.

 

I always use OVPN, and indeed, first it didn't work. After switching to TLS Protocol (Port 443) I able to stream my local Dutch television. Needs some buffering every few minutes and it seems that the max quality is about 480p resolution. But hey, beggars can't be choosers! 🙂

 

Thanks for this tip!

Edited May 12 by GVM

[Heymoe]

2 hours ago, GVM said:

Lifesaver! I am on the Edge, sea day, between Vancouver and Juneau.

 

I always use OVPN, and indeed, first it didn't work. After switching to TLS Protocol (Port 443) I able to stream my local Dutch television. Needs some buffering every few minutes and it seems that the max quality is about 480p resolution. But hey, beggars can't be choosers! 🙂

 

Thanks for this tip!

You're welcome!  I didn't know Starlink equipped Celebrity ships still did this blocking.  My latest cruise was on the Edge (SYD-HNL) and I was able to use Cloudflare Warp tunneling, which didn't work in 2022.  But Celebrity may be switching onboard purchases of Internet to the faster/unmonitored tier of service (The onboard rate is $33 a day, or $50 for 3 days).

 

Have a great cruise!

Brad

[jelayne]

On 2/3/2024 at 7:54 AM, Esmerelda said:

We have had Surf Shark for about 4 years. We have never had any issues onboard a ship and were able to log in from different countries to watch shows late at night. 

I have Surf Shark and got off the Edge on 5/1.  The internet would not work on my IPad unless the they disabled the VPN, which they did.  However my IPhone worked fine for about 2/3 of the cruise then it would not work.  The iLounge staff said that the ships internet would not work with a VPN and that I was lucky the IPhone worked as long as it did.  Left the ship and reconnected the VPN and on the phone and it was fine.  We got to our hotel and the IPad  not work with VPN enabled.  Very frustrating as now I can’t get the iPad to to to connect with the VPN on .

[Jim_Iain]

On 2/1/2024 at 4:53 PM, CruisinShips said:

Bringing up this old thread. Going to be on the Apex in the Caribbean, and using ExpressVPN. Does anyone know if it matters what specific US city you spoof to/from?

 

It depends on what you are spoofing for.   For YouTubeTV often if you use a server other than one in your TV Market it thinks you are out of area and won't allow you to watch your usually local stations but can still view your recordings.  

 

For Netflix - really doesn't matter as long as Netflix tags the IP as heavily used --- in that case just choose another - often a little used server like Kansas City

[shirazcruiser]

On 5/12/2024 at 8:52 PM, Jim_Iain said:

For Netflix - really doesn't matter as long as Netflix tags the IP as heavily used --- in that case just choose another - often a little used server like Kansas City

I saw that EpressVPN has an app on my Fire Stick and you've used it before.  I was going to subscribe for a month and have it downloaded before we leave the US for London and the Canary Islands.  Once I connect to Celebrity wi-fi, does it pop up or something?  I have Amazon, HULU, Netflix, AppleTV, Paramount+, etc on my Fire Stick...will these work for streaming with the VPN?  Thanks for any help as this is new to me.  I've had great luck using my Ipad & the Apple HDMI adapter with downloaded shows on previous cruises.

[Jim_Iain]

6 minutes ago, shirazcruiser said:

I saw that EpressVPN has an app on my Fire Stick and you've used it before.  I was going to subscribe for a month and have it downloaded before we leave the US for London and the Canary Islands.  Once I connect to Celebrity wi-fi, does it pop up or something?  I have Amazon, HULU, Netflix, AppleTV, Paramount+, etc on my Fire Stick...will these work for streaming with the VPN?  Thanks for any help as this is new to me.  I've had great luck using my Ipad & the Apple HDMI adapter with downloaded shows on previous cruises.

 

After you select the Ship's Wifi you have to log into your Celebrity Account.   It sometimes pops up the menu but if not use the built in browser and go to guest.onboardicafe.com and log on using one of your accounts.

 

You can stream using VPN if needed to spoof your location.  Many of the streaming channels require you to be in the U.S.

Edited July 29 by Jim_Iain

[alfiemom]

Couple of questions:  Apple is advertising that Safari is private.  Is that really true?  Would that be true on a ship?  Anyone know how private Mozilla is?  

[fliprcruiser]

On 6/28/2022 at 10:39 AM, Wineaux007 said:

I started with NORD, but I can't remember what, but it wouldn't let me do some "things" -- can't recall what as it was a few years back.  I've been with ExpressVPN and very happy with it. 

 

Norton anti-virus offers free VPN with its service, but I still use Express.  

 

Thanks everyone for your responses.  I'll have to remember my settings on my next cruise.

I was using express but I couldnt get full speed downloads with it. 680 down with vpn off. Express was about 260 down. Pcmag said Nord was fastest, but still only get 380 down.

 

So i just learned to accept it. Large downloads I turn it off, back on when done.

[fliprcruiser]

3 hours ago, shirazcruiser said:

I saw that EpressVPN has an app on my Fire Stick and you've used it before.  I was going to subscribe for a month and have it downloaded before we leave the US for London and the Canary Islands.  Once I connect to Celebrity wi-fi, does it pop up or something?  I have Amazon, HULU, Netflix, AppleTV, Paramount+, etc on my Fire Stick...will these work for streaming with the VPN?  Thanks for any help as this is new to me.

Amazon doesnt cooperate well with VPN's or proxy servers.

[Jim_Iain]

2 hours ago, alfiemom said:

Couple of questions:  Apple is advertising that Safari is private.  Is that really true?  Would that be true on a ship?  Anyone know how private Mozilla is?  

They both have Private Browsing.    Really important to understand what your expectation of Privacy is.    In Private Browsing Mode on both Mozilla and Safari -  the browser won't remember your browsing history, removes tracking cookies etc.   I think all browsers now have an incognito mode. 

 

It will not  block someone from hacking your information over a public WiFi connection.   That is where VPN is helpful in keeping your data encrypted and less prone to hacking.  

 

This is only my opinion but but I don't think hackers hang out on cruise ships trying to capture data packets. ....but of course is possible on any unsecure Public Wifi network.   It would be much easier at a Starbucks and not have to pay the high cost of a cruise.

 

 

[DaKahuna]

12 minutes ago, Jim_Iain said:

This is only my opinion but but I don't think hackers hang out on cruise ships trying to capture data packets.

 

Jim -- I can neither confirm nor deny that this does take place.  I have some acquaintances that intercepted packets on ships and were able to caputre user ID's and pin's through the use of a rogue access point.  They did not do anything with it, just something they did to pass the time. 

I would not be concerned about it though as you are correct, not many hackers hang out on cruises trying to do anything with the WiFi. 

 

F Y I - - this was interesting.  Outdated but interesting. 

 

 

Edited July 29 by DaKahuna

[Jim_Iain]

John -- interesting and rather outdated as he was talking about WindowsXP and really old Wifi capabilities.  

 

When I was young(er) I use to enjoy PenTesting  (Penetration Testing) on my Own and other Servers and WiFi.   Didn't do much with it except when traveling I liked to hack into an accessible WiFi router to get free WiFi   Was much easier before many of then new encryption modes.   I've done some testing on my New Google Nest Router and it took over a week processing to un-encrypt the password.   While I have never done it -  I think it would be pretty easy to hack into someones WiFi Account.    With a brute force program and a word list of usernames and 4 digit pins could probably hack a couple in less than 30 minutes.... really wouldn't be helpful as you would toss them off the air.  

[Charles4515]

1 hour ago, Jim_Iain said:

They both have Private Browsing.    Really important to understand what your expectation of Privacy is.    In Private Browsing Mode on both Mozilla and Safari -  the browser won't remember your browsing history, removes tracking cookies etc.   I think all browsers now have an incognito mode. 

 

It will not  block someone from hacking your information over a public WiFi connection.   That is where VPN is helpful in keeping your data encrypted and less prone to hacking.  

 

This is only my opinion but but I don't think hackers hang out on cruise ships trying to capture data packets. ....but of course is possible on any unsecure Public Wifi network.   It would be much easier at a Starbucks and not have to pay the high cost of a cruise.

 

 

You can also use iCloud Private Relay on Apple devices which is like a VPN if you have more than the included iCloud storage. The only time I use my VPN (Nord) is when I want to spoof my location. For example I don't have Hulu so I can't get Always Murders in the Building. Disney Plus in Canada has Always Murders so I connect to a Chnadian Nord VPN server and I can download Always Murders. That is where the VPN comes in handy. One thing about VPN's you have to trust that they are not tracking or other malicious activity. Nord VPN and Express VPN have audits done to confirm privacy. The free VPN's that are out there are problematic. Thet have to be logging and selling  info to exist. As for browser I suggest Safari, Firefox, DuckDuckGo or Brave as they are known as privacy first browser. The browser to avoid if you want privacy is Chrome. They were even caught collecting data in incognito mode. Googles whole model is collecting data to sell ads.

Edited July 29 by Charles4515

[DaKahuna]

34 minutes ago, Jim_Iain said:

John -- interesting and rather outdated as he was talking about WindowsXP and really old Wifi capabilities.  

 

 Yes agreed and based on my observations on Royal and Celebrity a lot of that is no longer preveland. 

 

34 minutes ago, Jim_Iain said:

When I was young(er) I use to enjoy PenTesting  (Penetration Testing) on my Own and other Servers and WiFi.   Didn't do much with it except when traveling I liked to hack into an accessible WiFi router to get free WiFi   Was much easier before many of then new encryption modes.  

 

 WiFi was where, out side of Governance, Risk, and Compliance my expertise lies.  I have done a lot of WiFi pentest in my time as part of my 'day job,' 

 

 I had a lot of fun bypassing captive portal to get free Wifi access.  Many hotels and restaurants made it just too easy but lately it has become considerably more difficult.  WPA-3 is definitely a game changer as most of the old handshake /brute force password attacks simply fail. 

 

34 minutes ago, Jim_Iain said:

I've done some testing on my New Google Nest Router and it took over a week processing to un-encrypt the password.   While I have never done it -  I think it would be pretty easy to hack into someones WiFi Account.    With a brute force program and a word list of usernames and 4 digit pins could probably hack a couple in less than 30 minutes.... really wouldn't be helpful as you would toss them off the air.  

 

 On Celebrity I agree with you and once you had their credentials it would be a matter of kicking each other off line whenever one logged in while the other was still connected. Sort of defeats the purpose.  The difficult part of that would be guessing the username someone chose.  That's why I do not use my real name or my Cruise Critic ID as my username for my onboard WiFi account.  I suspect a lot of people just user their first name or inital and last name.  

 

 If you guessed a pin every two seconds, which is quite slow by today's computer standards, it would only take 5.5 hours to crack a 4-digit pin, assuming there is no time out or account lock for unsuccessful attempts.  Most modern laptops can do hundreds to thousands of pins per second unthrottled so the time would be drastically less. 

Anyway, it's good to walk down memory lane with you once again discussing technology. 

 

[awhcruiser]

On 5/12/2024 at 8:52 PM, Jim_Iain said:

 

It depends on what you are spoofing for.   For YouTubeTV often if you use a server other than one in your TV Market it thinks you are out of area and won't allow you to watch your usually local stations but can still view your recordings.  

 

 

I use a workaround for YouTube tv when out of country,  I can spoof it to think I am still in my home area.  

[Jim_Iain]

43 minutes ago, awhcruiser said:

I use a workaround for YouTube tv when out of country,  I can spoof it to think I am still in my home area.  

I've been using YouTube TV on ships for about 4-5 years.   I agree with you I normally try for a Server in SF Bay area but on occasions Google identifies the server as  VPN server and blocks it,  and I have to choose a different location until Nord updates their server ip's.  In those cases I can still watch my recorded shows but unable to steam my local stations.