Photo of author

Doug Reid

At a Glance
Product [Website]
Summary Free Wi-Fi mobility platform that lets you securely connect to your home network from anywhere
Pros • Free
• Easy to use
• No end device software needed
Cons • Can’t reliably handle double NAT
• Throughput limited


Updated 9/2/2013 – Added throughput test information
Updated 8/28/2013 – Incorporated clarifications & corrections from Anyfi

This review is about a wireless software platform called, developed by Swedish company Anyfi Networks AB., billed as “The Open Wi-Fi Mobility Platform,” is software that can be integrated into wireless routers and access points that simplifies connecting to remote Wi-Fi networks.

Here’s the concept. Let’s say you’ve got Wi-Fi at home configured and running with your own SSID and password. However, when you take your Wi-Fi device (laptop, smartphone, tablet,…) elsewhere, you have to connect to a different SSID and enter a new password to get on line. Imagine a world where when you leave home, you connect to Wi-Fi securely and automatically without having to enter new passwords! That’s’s goal.

How does it work?

To start, you need software loaded on your home wireless router or access point. At the end of this review, I’ll discuss how you get on a wireless router or access point.

As an end user with an enabled wireless router or access point, you simply setup your Wi-Fi SSID and password as you normally would. You then connect your devices to your home network with your Wi-Fi password. You’re now able to access your home network and surf the Internet over your home Wi-Fi as normal.

In the background, when an enabled home wireless router or access point comes on line, it registers with’s Mobility Control Server, as depicted below. This is similar to VoIP technology where a VoIP device registers with a SIP server. The registration message contains your wireless router or access point’s IP address and your SSID.



Once your Wi-Fi device authenticates with your home wireless router or access point, your wireless router or access point sends a message to the Mobility Control Server, depicted below. This message binds the MAC address of your Wi-Fi device (laptop, smartphone, etc..) to the previously described registration record on the Mobility Control Server. At this point, you are connected to your home wireless network as expected and prepared to go to other networks.

Device Identification

Device Identification

Now, let’s say you visit a friend who is also using an enabled wireless router or access point. Let’s say you want to use your Wi-Fi device(s) at your friend’s place. Normally, you’d have to ask your friend for their password to get on their Wi-Fi network. Not with

When your Wi-Fi device attempts to get on line, your friend’s wireless router or access point will see your device’s MAC address and send a message to the Mobility Control Server. The Mobility Control Server will reply to your friend’s wireless router or access point with the IP address of your home wireless router or access point and the SSID used by your home wireless router or access point.

Your friend’s wireless router or access point will then transmit your home SSID to only your device. At the same time, your friend’s wireless router or access point will set up a secure tunnel (called a Wi-Fi tunnel) to your home wireless router or access point, depicted below. Your laptop, smartphone, or tablet will then authenticate against your home network, using whatever Wi-Fi security protocol you have configured and you’ll be allowed to surf the Internet at your friend’s house. Your passphrase or other credentials always stay where they are and encryption keys are derived only in your own device and in your own home router.

Wi-Fi Tunnel

Wi-Fi Tunnel

The end result is you’re on line and can surf, you didn’t have to enter a new password, and you have remote access to your home network. Further, your friend didn’t have to give you her Wi-Fi password, thus maintaining network security.


A beauty of the solution is that no software or configuration is required on your laptop, smartphone, tablet, or other Wi-Fi device. The magic is entirely in the software loaded on the wireless routers and access points, along with the Mobility Control Server. Thus, can work automatically on Windows, Mac, Linux PCs; iPhones and iPads; Android smartphones and tablets and virtually any Wi-Fi enabled end device! sent three pre-configured Wi-Fi network devices with software: a TP-Link TL-WR2543ND wireless router; Inteno VG50A wireless router and a Ubiquiti NanoStation loco access point. All three devices were preconfigured with different SSIDs and wireless passwords and all had enabled. gave me the Wi-Fi password for only the TP-Link, intending that I use the TP-Link as my home router. Thus, I used the Inteno and Ubiquiti for testing remotely.

The only configuration option I could see for in the TP-Link GUI was a check box to turn it on or off, shown below. Other than that, there were no configurable options or status screens. At minimum, I think should add a screen to display the number of clients connected over an tunnel, both on the remote and home wireless router or access point. Reports on number of clients and bandwidth utilization from clients might also be useful.

Enabling AnyFi

Enabling’s website provides detailed documentation on the ins and outs of’s technology. This documentation not only describes the technology, but also provides guidance for vendors interested in integrating software into their wireless routers or access points.

In Use

A requirement of is you have to keep your home wireless router or access point powered on and connected to the Internet. This makes sense, as the remote wireless router or access point needs to tunnel your traffic back to your home wireless router or access point, as shown below.

Using wireshark, it looks like devices send small UDP messages to the network every 60 seconds, as shown below. Anyfi says these keep-alive messages meant to keep the communication channel through the NAT open. The device in the below packet capture is and the mobility server is

Registration Packets

Registration Packets

I experienced inconsistent results remotely connecting my Windows 8 laptop and iPhone via In some tests, my laptop and iPhone immediately were able to connect to my home network. This is when the value of was apparent. I was able to connect to my home Wi-Fi network even though I wasn’t at home. I didn’t have to enter a new Wi-Fi password or pay to join a hotspot, I was online without any configurations on my part!

In other tests, my laptop and/or iPhone intermittently could not see my home SSID, and thus could not connect to my home network. I contacted about this issue, they reported it was likely a “NAT issue… ‘disappearing SSID’ is typically what happens when the visited AP fails to reach the home router.”

In other words, my inconsistent results were likely due to my home firewall. I had installed the TP-Link behind my home router (a Linksys WRT310N), so the TP-Link was sitting behind another NAT (network address translations) router. For a remote wireless router or access point to set up a tunnel to your home wireless router or access point, an end to end connection must be setup between the remote and home wireless router/access point. Thus, a firewall between two devices can interfere with the connection. Without a firewall between the remote and the TP-Link, I had consistent connectivity to my home network with both my laptop and iPhone.

Depending on how you deploy, a firewall may not be an issue. If you deploy an wireless router directly connected to the Internet, remote wireless routers or access points should have no problem connecting to it. On the other hand, if you deploy a wireless router or access point behind a firewall as I did, that firewall can interfere with connectivity. is working on a solution they call their “supernode feature” that routes Wi-Fi tunnel traffic through a server with a public IP, which can possibly overcome firewall issues.

Wi-Fi Tunnel

An interesting aspect of is the Wi-Fi tunnel to your home network. Your Wi-Fi device gets an IP address from your home network and you have access to everything on your home network. Essentially, it works like a VPN tunnel. The security isn’t as tight as an IPSec VPN tunnel, as it uses Wi-Fi encryption, but it is a simple means of connectivity to your home network.

I see pros and cons to this Wi-Fi tunnel. A pro is you have an easy tunnel to your home network without VPN hardware, software or configurations. Another pro is the remote network you are visiting stays secure. Remote networks allowing connections are safe from those visiting clients, as those visiting clients only have access to their Wi-Fi tunnel.

The biggest con I see to the Wi-Fi tunnel is bandwidth. When connected to your home network, all your traffic goes through the Wi-Fi tunnel to your home network. When surfing the Internet while visiting another network, your Internet traffic is going through the tunnel to your home network. That means the web pages you download are first being downloaded to your home network, then uploaded from your home network to the tunnel, then downloaded by your laptop, smartphone, or tablet. The bottom line is the fastest you’ll be able to surf while roaming is limited to the upload speed of your home network. In my case, I have DSL with 12 Mbps download and 600 Kbps upload. Thus, the fastest I am able to remotely surf via is about 600 Kbps.

If you’re deploying on an access point, there are configurable Quality of Service settings to minimum and maximum bandwidth limits from mobile users for access points, shown below. However, these QoS options don’t exist on wireless routers, which seems a bit odd. The TP-Link router I tested with software did not have these options.



Out of curiosity, I measured throughput over an Wi-Fi tunnel. I used my usual throughput measuring tool, iperf with default TCP settings. I ran iperf on two PCs running 64-bit Windows 7 with their software firewall disabled. My Wi-Fi tunnel was between the Ubiquiti AP and the TP-Link wireless router, both connected to the same wired LAN as shown in the diagram below.

Updated 9/2/2013 tunnel throughput test setup tunnel throughput test setup

The best TCP throughput I measured in this optimal condition was 2.47 Mbps in either direction, shown in the screenshot below. 2.47 Mbps is not great, but it is fine for general web surfing.



[Note, running a simple iperf throughput test between two PCs uses the command iperf -s on one PC and iperf -c (ip) on the other PC. Note also, the PC connected via Wi-Fi was about three feet from the AP.]

To put this measurement into perspective, I also ran a reference wireless performance check and measured around 22 Mbps from the wireless client to wired client on the LAN. Wired throughput between the two machines used when both were connected to the Gigabit Ethernet switch was 359 Mbps.

Referrence Wi-Fi throughput test setup

Referrence Wi-Fi throughput test setup


I had the benefit of communicating with Björn Smedman, the CEO and Co-founder of, who filled me in on’s security. supports Open, WPA, WPA2 and EAP/RADIUS Wi-Fi security. doesn’t support WEP because they feel it’s not sufficiently secure.

Open networks are allowed only on carrier tunnel termination gateways, not on normal wireless routers or access points. Encryption over the Wi-Fi tunnel utilizes the 802.11 AES (or TKIP) encryption, all the way from the mobile device to the home wireless router or access point.

Further,’s Mobility Control Server does not know your home Wi-Fi password, only your SSID and the MACs of devices that have already accessed your network. Thus, even if’s servers were compromised, there isn’t any information in them that has the password to your Wi-Fi network.


I have two concerns with related to the Wi-Fi tunnel. One, the issue with firewalls could be a concern if you’re using a wireless router or access point behind another NAT/firewall as the home Wi-Fi device. Based on my tests, I recommend that your home wireless router or access point(s) are not behind NAT/firewalls.

Two, performance through a Wi-Fi tunnel isn’t blazing fast. It can be sufficient for Internet surfing, but remember an Internet connection with a slow uplink can impact download performance. Anyfi says it has a solution for the uplink limiting problem for service providers. When they integrate software in residential gateways, the ISP can install a 1U rack mount box (the Optimizer) that can open Wi-Fi tunnels and break out Internet-bound traffic centrally.

There are multiple options on how to get a wireless router or access point with software. If you want to purchase a router preloaded with, Inteno offers the VG50 and DG301. is working with Inteno on including their software in more models and is in discussion with other Wi-Fi vendors to include welcomes other vendors to integrate their software as well. According to’s website, software is “available to all (wireless router and access point) vendors under a no-charge royalty-free license”. Vendors are invited to follow’s step-by-step integration guide at engineers are available to work with integration and licensing as needed. software is also integrated into CarrierWrt firmware. CarrierWrt bills itself as a stable version of OpenWrt firmware. The TP-Link wireless router I tested is an 802.11n Wi-Fi gateway router, loaded with CarrierWrt software based on OpenWrt 12.09. There are versions of CarrierWrt for other makes and models of wireless routers and access points available for free download on CarrierWrt’s download page.

Even with my two concerns stated above, I like’s notion of having your “home Wi-Fi everywhere.” I would love to not pay for both home Internet and a data plan on my smartphone. If can increase the availability of Wi-Fi and drive down the cost of Internet/data access, I’m all for it!

Related posts

BuffaloTech AirStation 54Mbps Broadband Router Review

Broadcom-based draft-802.11g router. Supports multipoint bridging and repeating

Rosewill RNX-360RT Reviewed

Rosewill's RNX-N360RT is a decent enough $40 2.4 GHz N300 router.

TRENDnet TEW-812DRU AC1750 Dual Band Wireless Router Reviewed

TRENDnet's TEW-812DRU is too little, too late to the AC1750 draft 802.11ac router game.