Public Wi‑Fi vs Mobile Data: When It’s Safe (and When It’s Not)

29 Oct 2025

Public Wi‑Fi is everywhere: airports, cafés, hotels, trains and planes. It’s convenient and often free—but it also introduces real risks that most travellers don’t see. Attackers can spoof hotspots, tamper with logins via captive portals, or downgrade your secure connections. Meanwhile, your mobile data connection is generally encrypted end‑to‑end by your operator and harder to meddle with. This guide explains the practical trade‑offs so you can make quick, confident decisions on the road. You’ll learn how captive portals work, what SSL stripping looks like in 2025, how to spot fake hotspots, and the exact settings to toggle before you connect. We’ll finish with a simple decision tree and safer defaults using eSIM, so you stay online without gambling with your banking, email or client data. If “public wifi safety” is your concern, this is your one‑stop, traveller‑first checklist.

The quick answer: when to use mobile data vs public Wi‑Fi

Use this 30‑second decision tree.

Do you need to log in to banking, payments, email admin, cloud consoles, or handle work credentials?
Yes → Use mobile data/eSIM. Avoid public Wi‑Fi.
No → Continue.
Is the Wi‑Fi network name verified with staff or signage, and protected by a password (WPA2/WPA3)?
No → Use mobile data/eSIM.
Yes → Continue.
Are you forced through a captive portal (web page that asks you to accept terms, add email/room number)?
Yes → Connect only to accept terms, then immediately enable your VPN before doing anything sensitive—or prefer mobile data.
No → Continue.
Are you seeing any certificate warnings, HTTP-only pages, or “Not secure” indicators?
Yes → Disconnect and use mobile data/eSIM.
No → Low risk—proceed for casual browsing/streaming.

Pro tip: If you’re in any doubt, default to mobile data or an eSIM travel plan. It’s the safest baseline.

How public Wi‑Fi actually works (and where it breaks)

Captive portals: convenience with a catch

Most public networks use captive portals: you connect, your first web request is intercepted, and you’re redirected to a sign‑in/terms page. This interception happens before encryption to the wider internet starts. Risks: - Phishing: Fake portals mimicking a venue’s page to capture email, passwords or card details. - Tracking: Your device’s MAC address and browser fingerprint may be logged. - Forced insecure requests: Some portals push you through HTTP before you can enable a VPN.

What to do: Confirm the network name with staff, use a throwaway email if required, and switch on your VPN the moment the portal grants access.

SSL stripping and downgrade tricks

Modern sites use HTTPS with HSTS (HTTP Strict Transport Security). Attackers on open Wi‑Fi may attempt to: - Block HTTPS upgrades, keeping you on HTTP. - Inject a look‑alike page before a secure session starts. - Present bogus certificates hoping you’ll click “Continue”.

Your defence: Never ignore certificate warnings. Use a browser with HTTPS‑only mode. Prefer apps with certificate pinning (many banking apps do this and will refuse unsafe connections).

Fake hotspots (“evil twins”)

Attackers clone a network name like “Airport_Free_WiFi” and broadcast stronger signal. If your device auto‑joins based on name alone, you’re connected to them. They can see and tamper with unencrypted traffic, and attempt man‑in‑the‑middle on poorly configured apps.

Defence: Disable auto‑join for public networks, verify the exact SSID with staff, and “Forget” networks after use.

Public Wi‑Fi vs mobile data: the real‑world risk difference

Mobile data/eSIM: Your traffic rides an encrypted channel within the mobile network. While sophisticated threats (e.g., IMSI catchers) exist, they’re rare and targeted. For travellers, mobile data is significantly safer than open Wi‑Fi for logins and payments.
Public Wi‑Fi: Shared medium, easy to spoof, and often funnels you through captive portals where interception is simplest. Hotels and conferences are common targets.

Bottom line: Default to mobile data/eSIM for anything sensitive. Use public Wi‑Fi for low‑risk browsing and downloads only when you’ve verified the network and hardened your device.

Safer connectivity with eSIM when you travel

A local or regional eSIM gives you affordable mobile data without hunting for risky Wi‑Fi. With Simology, you can browse plans by country or region via Destinations. Popular picks: - USA city breaks and road trips: Esim United States or broader Esim North America - Euro adventures: Esim France, Esim Italy, Esim Spain or multi‑country Esim Western Europe

For teams, zero‑drama travel data beats hotel Wi‑Fi every time—see For Business. Travel suppliers and venues can explore safer guest connectivity via our Partner Hub.

Before you connect: a quick hardening checklist

Do these once, then you’re covered trip‑wide.

Turn on automatic updates for your OS, browser and key apps.
Enable HTTPS‑Only/Always‑On in your browser.
Install and configure a reputable VPN. Set “connect on untrusted Wi‑Fi.”
Disable auto‑join for open networks; remove old public SSIDs.
Turn off file sharing, printer sharing, and AirDrop/Nearby Share to “Contacts only” or Off.
Use a passcode/biometrics and full‑disk encryption (default on modern devices).
Prefer app‑based 2FA (not SMS) for important logins.

Pro tip: Add your eSIM before you travel so you land connected—no need to touch airport Wi‑Fi.

Connecting to public Wi‑Fi: step‑by‑step

Verify the exact network name and whether a password is required.
Turn off auto‑join for that network (so you connect consciously each time).
Connect and load the captive portal. Provide only minimal info—avoid reusing important passwords.
Once online, immediately enable your VPN before opening any other app or site.
Check your browser shows the padlock/HTTPS on sites you visit. If you see a warning, stop.
Keep sessions short. When you’re done, “Forget” the network.

Pro tip: If a venue offers a WPA2/WPA3 password, prefer it over truly open networks—there’s at least basic encryption between your device and the hotspot.

Spotting common attack patterns on public Wi‑Fi

Portal phishing: The sign‑in page asks for your email and password for a third‑party service (e.g., “Sign in with your email provider”). Don’t. Portals should never need those credentials.
SSL warnings: “Your connection is not private” pop‑ups. Never click through—disconnect.
Name games: Multiple similar SSIDs (FreeAirportWiFi, Airport_Free_WiFi, AirportWiFi‑Guest). Ask staff which is real.
Rogue DNS: You type a familiar address and land on an odd‑looking site. Quit immediately; recheck with mobile data.
Sudden certificate prompts in apps that never ask for them (email, messaging). Treat as a red flag.

When a VPN helps—and when it can’t

Helps with: Encrypting your traffic across the local Wi‑Fi so others can’t sniff it; bypassing rogue DNS; reducing hijacking risk.
Limitations: You usually must connect to the hotspot (and often its captive portal) before the VPN can start. A compromised device or phishing page can still trick you before the VPN is active.
Practical tip: Connect → complete the portal with minimal info → enable VPN immediately → proceed. If the VPN won’t connect or drops repeatedly, switch to mobile data.

Venue‑by‑venue: what to expect

Airports and trains: High‑volume, prime targets for spoofed SSIDs. Treat as untrusted; prefer mobile data.
Hotels: Portals tied to room numbers or surnames are common, but networks are shared across floors. Use VPN; avoid admin logins.
Cafés and bars: SSIDs frequently change; lots of clones around. Verify the name at the till.
Conferences: Attackers love events. Expect evil‑twin networks. Use mobile data for anything sensitive.
In‑flight Wi‑Fi: Often proxied and filtered. Fine for casual use, but not for banking or work admin.

Quick device hardening checklist (phones and laptops)

Disable Wi‑Fi when you’re not using it; rely on mobile data/eSIM.
Use a privacy‑focused DNS provider within your VPN, or set encrypted DNS (DoH/DoT) in system settings if supported.
Limit sensitive notifications on lock screen.
Use separate browser profiles: one for travel, one for personal.
Log out of sessions you don’t need; clear site data after public Wi‑Fi sessions.
For work devices, stick to your organisation’s managed VPN and policies.

Pro tip: If your work depends on reliable, safe connectivity, standardise on eSIM data and keep Wi‑Fi as a last resort.

Simple “safer by default” plan for travellers

Before you fly: Add a local or regional eSIM from Destinations.
On the ground: Use mobile data for logins, bookings and payments.
Only use public Wi‑Fi for downloads or streaming you don’t mind being interrupted.
Keep your VPN ready for those moments where Wi‑Fi is unavoidable.
Forget networks after use; don’t auto‑join anything public.

FAQ: Public Wi‑Fi vs mobile data

Is public Wi‑Fi safe if the site shows HTTPS?
Safer, but not safe by default. HTTPS protects the connection to that site, but portals, DNS tampering and fake certificates can still bite. Always heed warnings and prefer a VPN.
Is mobile data always safer?
For most travellers, yes. Mobile networks encrypt traffic at the radio layer and are harder to spoof casually. It’s the better choice for banking, email and bookings.
Should I use a VPN on public Wi‑Fi?
Yes. Use a reputable VPN and enable it immediately after the captive portal. If it won’t connect reliably, switch to mobile data.
Can I do mobile banking on hotel Wi‑Fi?
Best practice: use mobile data/eSIM for banking. If you must use Wi‑Fi, use your banking app (which likely pins certificates), turn on your VPN, and double‑check for any warnings.
How do I tell if a hotspot is fake?
Verify the exact network name with staff; beware multiple look‑alike names; check signal strength anomalies; avoid previously saved “free” SSIDs; and prefer password‑protected Wi‑Fi.
Do I need an eSIM if venues offer free Wi‑Fi?
If you value reliability and security, yes. An eSIM keeps you online for sensitive tasks without relying on unknown networks. Explore country and regional options via Esim United States, Esim France, Esim Italy, Esim Spain and Esim Western Europe, or go broader with Esim North America.

Next step: Choose a safe, local data plan before you travel—browse Destinations and add your eSIM in minutes.

Read more blogs

Andes Highlights (3 Weeks): Peru–Bolivia–Chile–Argentina Connectivity

Planning a south america itinerary 3 weeks through the high Andes? This route stitches together Peru’s Sacred Valley, Bolivia’s La Paz and Salar de Uyuni, Chile’s Atacama Desert, and northern Argentina’s quebradas or Mendoza wine country—often by long-distance bus and a couple of short flights. Connectivity is different at altitude: coverage is strong in cities but drops in high passes and salt flats; bus Wi‑Fi is patchy; border towns can be blackspots. The smart move is an eSIM with multi‑country coverage, backed by offline maps, offline translations, and a simple routine for crossing borders by bus without losing service. Below you’ll find a practical, connectivity-first itinerary; checklists to prep your phone, apps and documents; and on-the-ground tips for staying online where it matters: booking transport, hailing taxis, backing up photos, and navigating when the signal disappears.If you’re transiting via Europe or North America, you can also add a layover eSIM to stay connected door-to-door. Start with our country list on Destinations, then follow the steps, and you won’t waste time chasing SIM shops at 3,500 metres.The 3‑week Andes route at a glanceWeek 1: Peru (Cusco, Sacred Valley, Machu Picchu) - Fly into Cusco (or Lima then connect). - Base in Cusco; day trips to Pisac/Chinchero/Maras–Moray. - Train to Aguas Calientes; Machu Picchu visit; return to Cusco or continue to Puno/Lake Titicaca.Week 2: Bolivia and Chile (La Paz, Uyuni, San Pedro de Atacama) - Bus/collectivo via Copacabana to La Paz. - Fly or overnight bus to Uyuni. - 3‑day Uyuni–altiplano tour ending in San Pedro de Atacama (Chile).Week 3: Chile and Argentina (Atacama to Salta or Mendoza/Buenos Aires) - Choose: - North: San Pedro to Salta/Jujuy by bus; fly to Buenos Aires. - Or South: San Pedro–Calama flight to Santiago; bus or flight to Mendoza; onward to Buenos Aires.Connectivity notes (quick): - Cities: generally strong 4G/4G+; 5G in major hubs (Santiago, Buenos Aires). - Altitude/rural: expect long no‑signal stretches (Uyuni, altiplano passes, Paso Jama). - Bus Wi‑Fi: often advertised, rarely reliable. Plan to be offline onboard. - Border regions: networks switch; a multi‑country eSIM avoids sudden loss.eSIM vs local SIMs for a 4‑country tripFor a route with multiple borders and remote legs, eSIM wins on time and reliability.What a multi‑country eSIM gets you: - One plan across Peru, Bolivia, Chile, Argentina (check coverage per country on Destinations). - No passport/SIM registration queues at kiosks. - Keep your home number active on the physical SIM for calls/SMS codes. - Instant top‑ups if you burn data on photos or navigation.When a local SIM still helps: - Long stay in one country with heavy data use (e.g., a month in Buenos Aires). - Dead zones where a different local network performs better (rarely worth the hassle on a 3‑week pace).Practical approach: - Use an eSIM as your primary data line across all four countries. - If you find a specific local network far better in one region, add a cheap local SIM and keep the eSIM as backup.Device readiness checklist (before you fly)1) Check eSIM compatibility and SIM‑lock status on your phone.2) Buy and install your eSIM while on home Wi‑Fi. Keep a PDF/printed copy of the QR code.3) Label lines clearly (e.g., “eSIM Andes Data”, “Home SIM”).4) Turn on data roaming for the eSIM; leave roaming off for your home SIM to avoid charges.5) Set up dual‑SIM rules: data on eSIM; calls/SMS default to home SIM if needed.6) Download offline: Google Maps/Organic Maps for all target regions; language packs (Spanish at minimum); bus/air tickets; hotel confirmations.7) Cloud backups: set to upload on Wi‑Fi only; pre‑create shared albums for travel companions.8) Test tethering/hotspot with your laptop/tablet.If you’re transiting popular hubs, consider a short layover eSIM: - USA connections: add an Esim United States or a broader Esim North America.- Europe connections: Madrid/Barcelona? Use an Esim Spain. Paris or Rome? See Esim France and Esim Italy. Multi‑country layovers? Try Esim Western Europe.City‑by‑city connectivity notesCusco & the Sacred Valley (Peru)Coverage: Good in Cusco city; variable in high villages (Maras/Moray) and along Inca Trail approaches.Tips: Download Sacred Valley maps offline; pin viewpoints and ruins. most taxis use WhatsApp—save your accommodation’s number.Machu Picchu/Aguas Calientes: Patchy to none at the citadel. Upload your photos later; don’t rely on live ticket retrieval.Lake Titicaca: Puno and CopacabanaPuno: Reasonable 4G; bus terminals crowded—screenshot QR tickets.Crossing to Copacabana: Expect a signal drop around the border; have directions saved offline.La Paz (Bolivia)Good urban 4G; the cable car network has decent signal but tunnels do not.Yungas/“Death Road” tours: Mountain valleys cause dead zones—share your emergency contacts with the operator, carry a charged power bank, and don’t plan remote calls.Uyuni and the Altiplano (Bolivia to Chile)Uyuni town: OK 4G; ATMs finicky—use Wi‑Fi for banking apps.Salt flats/lagunas: Assume offline for most of the 3‑day tour. Guides often carry satellite phones; agree a pickup time/place in San Pedro and preload your map route.San Pedro de Atacama (Chile)Town: Solid 4G; accommodations often have Wi‑Fi but speeds vary.Geysers, Valle de la Luna: Offline navigation essential; sunrise trips start before mobile networks wake up in some areas.Salta/Jujuy or Mendoza/Buenos Aires (Argentina)Salta/Jujuy: Good city coverage; quebradas have long no‑signal sections.Mendoza: City 4G/5G; vineyards outside town can be patchy.Buenos Aires: Strong 4G/5G; ideal for cloud backups and large downloads before you fly home.Border crossings by bus: step‑by‑stepThe big ones on this route: Peru–Bolivia (Puno/Copacabana), Bolivia–Chile (Uyuni–San Pedro via Hito Cajón), Chile–Argentina (Paso Jama to Salta or Los Libertadores to Mendoza).How to keep service and sanity:1) The day before:- Top up your eSIM data.- Confirm your plan includes both countries you’re entering/leaving.- Download offline maps for both sides of the border and your town of arrival.- Save bus company WhatsApp and terminal address offline.2) On departure morning:- Keep a paper copy or offline PDF of tickets, insurance, and accommodation proof.- Charge phone and power bank; pack a short cable in your daypack.3) On the bus:- Don’t count on bus Wi‑Fi. Keep your eSIM as primary, but expect drops near mountain passes.- If your phone supports it, enable “Wi‑Fi calling” for later when you reach accommodation Wi‑Fi.4) At the border posts:- Data may be unavailable. Keep QR codes and booking numbers offline.- After exiting one country and entering the next, toggle Airplane Mode off/on to re‑register on the new network.- If the eSIM doesn’t attach, manually select a network in Mobile Settings.5) Arrival:- Send your accommodation a quick WhatsApp when you’re back online.- Recheck your eSIM’s data roaming is on; confirm you’re on an in‑country network, not a weak roaming partner.Pro tips: - Dual profiles: If your eSIM allows, keep a secondary profile for a different network in the same country—helpful in border towns.- Cash buffer: Some border terminals don’t accept cards; download a currency converter for offline use.Offline survival kit (5‑minute setup)Maps: Download regions for Cusco, Sacred Valley, Puno, La Paz, Uyuni, San Pedro, Salta/Jujuy or Mendoza, and Buenos Aires.Translations: Download Spanish for offline use; add phrasebook favourites (bus tickets, directions, dietary needs).Documents: Save PDFs of passports, tickets, hotel addresses; star them for quick access.Rides: Screenshots of pickup points; pin bus terminals and hotel doors.Entertainment: Podcasts and playlists for long bus legs, set to download on Wi‑Fi only.Altitude and your tech: what changesCoverage gaps lengthen: Fewer towers at high altitude; valleys can block signal. Assume offline on remote excursions.Batteries drain faster in cold: Keep your phone warm and carry a power bank (10,000–20,000 mAh).Hotel Wi‑Fi may be congested: Schedule big uploads (photo backups, app updates) for big-city stays like Santiago or Buenos Aires.GPS still works offline: Your blue dot shows on offline maps without data—preload everything.Data budgeting for 3 weeksTypical traveller usage across this route: - Messaging/Maps/Bookings: 0.2–0.5 GB/day- Social and photo sharing: 0.3–0.7 GB/day- Occasional video calls/streaming: 0.5–1.0 GB/dayFor a mixed-use trip, plan 15–25 GB for 3 weeks. Heavy creators should double it and upload over hotel Wi‑Fi when possible. If you work remotely, consider a higher‑capacity plan and a backup eSIM; see our guidance on For Business.Practical route with transport and connectivity cuesDays 1–4 Cusco base: Strong city signal; day trips may be spotty—go offline-ready.Days 5–6 Machu Picchu: Expect no service at the ruins; sync tickets ahead.Days 7–8 Puno to La Paz via Copacabana: Border signal drop; re‑register networks after crossing.Days 9–11 Uyuni tour to San Pedro: Treat as offline; charge nightly; carry spare cables.Days 12–14 San Pedro: Stable in town; tours offline; top up data before Paso Jama.Days 15–17 Salta/Jujuy or Mendoza: Good urban 4G; rural patches are offline.Days 18–21 Buenos Aires: Strongest connectivity of the trip; clear your uploads and map downloads for the flight home.Partnering and stopover extrasHospitality and tour operators in the Andes: help your guests stay connected—explore co‑branded solutions via our Partner Hub.Transatlantic flyers: test your eSIM setup on a layover with an Esim United States or Esim Western Europe before hitting high-altitude blackspots.FAQs1) Do I need a local SIM in each country?No. A multi‑country eSIM covering Peru, Bolivia, Chile and Argentina is simpler and works well for a 3‑week pace. Consider a local SIM only if you’ll spend longer in one country and want the absolute best regional coverage.2) Will my WhatsApp number change with an eSIM?No. WhatsApp is tied to your registered number, not your data line. Keep your home SIM active for voice/SMS (roaming off if you wish), and use the eSIM for data—WhatsApp continues as normal.3) Can I hotspot to my laptop or camera?Yes. Enable tethering on your eSIM. Mind your data: cloud backups and OS updates can burn gigabytes—set them to Wi‑Fi only or schedule in big cities.4) What if there’s no signal on the Uyuni/Atacama legs?That’s expected. GPS still works offline. Pre-download maps and translations, carry a power bank, and sync plans with your tour operator before departure.5) Will I get roaming charges at borders?If you’re using a multi‑country eSIM with coverage in both countries, you won’t incur extra roaming fees from your home carrier. Keep roaming off on your home SIM to avoid accidental use.6) I’m connecting via Europe or the US—worth getting a layover eSIM?Yes. It’s an easy way to test your setup and stay reachable. Try Esim North America or country options like Esim Spain, Esim France, or Esim Italy for common hubs.Next step: Browse South America coverage options and build your plan on Destinations.

31 Oct 2025

No Service After Installing an eSIM: 10 Checks to Do First

When your eSIM installs but your phone still shows “No Service”, it’s usually a setup detail, not a dead SIM. The good news: most fixes take minutes and don’t require support. This traveller-first checklist walks you through the 10 most common causes—coverage and plan activation, data line selection, roaming and network mode toggles, APN configuration, IMS (VoLTE) registration, and when to reissue a QR. Follow the steps in order; test after each change. If you’re roaming across borders, keep an eye on network selection and data roaming settings as you move. Finally, make sure you bought the right regional product (e.g. Esim North America vs a single-country plan). With a few precise tweaks, most “esim no service” cases go from offline to online in under 10 minutes.Pro tip: Do all installation and major changes over a stable Wi‑Fi connection, and keep your original QR or activation details handy.Before you start: quick basicsRestart your phone.Ensure Wi‑Fi is on and working.Update iOS/Android to the latest version.If you installed the eSIM abroad, toggle Airplane Mode on for 10 seconds, then off.The 10 checks (in order)1) Confirm coverage, plan activation, and date validityVerify your eSIM plan is active for today and includes the country you’re in.If you’re travelling cross-border, confirm your plan’s region (e.g. Esim Western Europe vs single-country options like Esim France, Esim Italy or Esim Spain).Check coverage for your destination via Destinations. Rural areas or islands can have patchy service.If your plan shows expired or out of data, you’ll often see “No Service” or “SOS only”—top up or activate a fresh plan.Pro tip: In the US, coverage varies by carrier. If you’re using a US plan like Esim United States, move to a spot with open sky or try manual network selection (see Check 7).2) Confirm device compatibility and unlock statusEnsure your phone supports eSIM and is network-unlocked.iPhone: iPhone XS/XR or newer support eSIM.Android: recent Google Pixel, Samsung Galaxy S/Note/Flip/Fold, and others support eSIM.Check it’s not carrier-locked:iPhone: Settings > General > About > Carrier Lock should say “No SIM restrictions”.Android: Insert a different physical SIM (if available) to verify it accepts other networks, or ask your original carrier.Make sure 4G/LTE (and 5G if applicable) are supported bands for your destination.Pro tip: If the phone is locked, you’ll likely see “No Service” on foreign eSIMs. Unlocking is required.3) Verify the eSIM line is installed, turned on, and set for dataiPhone:Settings > Mobile Data (Cellular) > tap your eSIM > ensure “Turn On This Line” is enabled.Set “Mobile Data” to your eSIM line. If you need your physical SIM for calls, keep “Default Voice Line” on physical and data on eSIM.Android (varies by brand):Settings > Network & Internet > SIMs > ensure the eSIM is enabled.Set “Mobile data” to the eSIM.Pro tip: If you see multiple eSIMs, rename them so you can select the correct one.4) Temporarily disable other SIMs to isolate the issueTurn off the physical SIM or other eSIMs for a minute so the phone focuses on the travel eSIM.Toggle Airplane Mode on for 10 seconds, then off.Check if service appears. If yes, re-enable your other SIM and set priorities:Data on the travel eSIM.Calls/SMS on your home SIM (if you need it).Pro tip: iPhone users—disable “Allow Mobile Data Switching” while testing.5) Enable Data Roaming and confirm network modeiPhone: Settings > Mobile Data > Data Roaming > On. Then Mobile Data Options > Voice & Data: select 4G or 5G (not 3G).Android: Settings > Network & Internet > Mobile network > Data roaming > On. Preferred network type: 4G/5G Auto.Turn off any “Data Saver/Low Data Mode” while testing.Why this matters: Most travel eSIMs are roaming profiles by design. If roaming is off, you’ll get “No Service”.6) Check APN settings (and add them manually if needed)Many eSIMs auto-configure the APN. If they don’t, data won’t start even if you have signal bars.Find the APN from your activation email or profile details.iPhone: Settings > Mobile Data > your eSIM > Mobile Data Network > enter APN exactly (leave username/password blank unless provided).Android: Settings > Network & Internet > Mobile network > Access Point Names > add APN. Save and select it.Toggle Airplane Mode after saving.If APN fields are locked: remove and reinstall the eSIM (see Check 10), or perform a Network Settings reset: - iPhone: Settings > General > Transfer or Reset > Reset > Reset Network Settings. - Android: Settings > System > Reset options > Reset Wi‑Fi, mobile & Bluetooth.Note: A network reset clears saved Wi‑Fi/Bluetooth—reconnect to Wi‑Fi afterwards.7) Switch between Automatic and Manual Network SelectionStart with Automatic. If it shows “No Service”, try Manual:iPhone: Settings > Mobile Data > Network Selection > turn off Automatic > wait for the list > tap a listed carrier > test.Android: Settings > Network & Internet > Mobile network > Network operators > Search networks > choose one.If multiple networks appear, test each. Give it up to 2 minutes after selection.If only 2G/3G options appear, stick with 4G if available. Many modern travel eSIMs don’t support 3G/2G for data.Cross-border tip: Switching countries on a regional plan (e.g. Esim Western Europe) may require a brief manual selection to latch onto a partner, then you can go back to Automatic.8) Confirm IMS registration (VoLTE/4G Calling)IMS handles 4G voice (VoLTE) and Wi‑Fi Calling. Some networks require VoLTE for full registration.iPhone: Settings > Mobile Data > your eSIM > Voice & Data > ensure 4G/5G with VoLTE is on.Samsung: Settings > Connections > Mobile networks > VoLTE calls: On.Google Pixel: Settings > Network & Internet > SIMs > eSIM > Enable 4G Calling/VoLTE.Advanced (Android): You can view IMS status via Phone app > dial ##4636## > Phone information > IMS registration: Registered. If not registered, toggle VoLTE off/on, reselect the network (Check 7), or reboot.Note: Data can work without IMS, but some carriers require IMS before allowing any service. If IMS won’t register where 4G signal exists, move outdoors or try another partner network.9) Update carrier settings, system software, time, and regioniPhone: Settings > General > About—if a Carrier Settings Update prompt appears, accept it.Android: Check for system updates and any vendor-specific carrier configuration updates.Ensure time/date are set to Automatic and the correct time zone—wrong time can block authentication on some networks.If you installed the eSIM in one country and powered on in another, a second reboot often helps the device request fresh network parameters.10) Reinstall or request a QR reissue (clean install)If you’ve tried everything above:Remove the eSIM profile:iPhone: Settings > Mobile Data > your eSIM > Remove eSIM.Android: Settings > Network & Internet > SIMs > your eSIM > Delete.Reinstall over strong Wi‑Fi. Use the original QR or activation code. Do not scan the same QR multiple times on different phones.If the QR has been consumed or the install failed mid‑way, request a reissue. Resellers can do this in the Partner Hub. Team admins can coordinate via For Business.After reinstall: repeat Checks 3–8 quickly (enable Data Roaming, set the eSIM as the data line, confirm APN/VoLTE, try manual network select).Pro tip: If you move from the US to Canada/Mexico on a regional plan like Esim North America, expect a brief delay while the SIM registers on the new partner. A manual network nudge (Check 7) speeds this up.Extra things to verify if you’re still offlineYou’re indoors with poor coverage: step outside or move near a window.You used all data: top up or switch plan.VPN or private DNS is interfering: disable while testing.Power-saving mode is limiting connectivity: turn off temporarily.IMEI restrictions: very rare, but if the device IMEI is blocked in-country, you may see persistent “No Service”.When to contact support (and what to include)If “No Service” persists after all 10 checks, contact support with:Device make/model and OS version.Country/city, and whether you’re indoors/outdoors.eSIM ICCID (and EID if requested).Screenshots of:SIM status page,APN screen,Network operators list,IMS registration status (if on Android).A brief list of which checks you’ve completed.This speeds up resolution significantly.FAQs1) Why does my eSIM show Installed but still says “No Service”? - The line may be off, data roaming disabled, APN missing, or the phone is still prioritising another SIM. Work through Checks 3–7 first—those resolve most cases.2) Do I need Data Roaming enabled for a travel eSIM? - Yes. Travel eSIMs are typically roaming profiles. Keep Data Roaming on, and set the preferred network to 4G/5G.3) Will voice calls work on my travel eSIM? - Many data-only eSIMs provide data only. Use apps (WhatsApp, FaceTime, etc.) for calling. If your plan includes voice/SMS, ensure VoLTE/IMS is enabled (Check 8) and select a supported network manually if needed (Check 7).4) My APN field is blank or locked—what do I do? - Reinstall the eSIM to refresh carrier settings (Check 10). If manual entry is allowed, use the APN provided in your activation email. A Network Settings reset can also unlock APN editing.5) Can I keep my physical SIM active while using the eSIM for data? - Yes. Set the eSIM as the Mobile Data line and keep your physical SIM for calls/SMS. If there’s conflict, disable the physical SIM briefly to let the eSIM register, then re-enable and set correct priorities.6) I’m crossing borders in Europe. Do I need a new eSIM? - Not if you chose a regional plan like Esim Western Europe. As you cross borders, the SIM will roam to partner networks. If it hesitates, toggle Airplane Mode or try manual network selection once per new country.Pick the right plan before you flyChoosing a plan matched to your route prevents most “No Service” surprises. See coverage and options for your trip in Destinations, or go straight to regional picks like Esim North America and Esim Western Europe, or country plans such as Esim United States, Esim France, Esim Italy and Esim Spain.Next step: Check coverage and pick the right plan for your itinerary via Destinations.

30 Oct 2025

Work Laptop on the Road: VPN, Split Tunneling & Compliance Basics

Travelling with a corporate laptop is a balancing act between security, performance and convenience. Your company VPN protects sensitive traffic, but it can slow things down, drain battery and block local services. Split tunnelling promises relief by sending only work apps through the VPN and letting everything else use the local connection. Used wrongly, it can leak data or breach policy. Used correctly, it’s a smart way to stay productive on hotel Wi‑Fi, airport lounges and 4G/5G hotspots. This guide explains what split tunnelling is, when to use it, how to prepare before you fly, and the battery/compliance trade‑offs to watch. It’s written for travellers first, while staying friendly to IT policies and tooling. We’ll also cover practical connectivity choices, from personal hotspots to regional eSIMs such as Esim North America and Esim Western Europe, so you aren’t left fighting captive portals when a meeting starts.What is split tunnelling?When you connect to a corporate VPN, you typically get one of two modes:Full tunnel: All traffic goes through the VPN. Maximum control and security. Greater latency, bandwidth overhead and battery use.Split tunnel: Only defined apps or destinations go through the VPN. Everything else goes out locally to the internet. Better performance and battery. Increased exposure if misconfigured.There are two common flavours of split tunnelling:Per‑app: Only specific applications (e.g., Outlook, Teams, SAP) use the VPN. Others (e.g., Spotify, personal browser tabs) bypass it.Per‑destination: Traffic to corporate domains, subnets or IP ranges uses the VPN; everything else goes direct.Key risks to understand:Data leakage: If an app that handles company data is not routed via the VPN, logs and content may leak to local networks.Policy breach: Many organisations disable or tightly control split tunnelling to enforce monitoring, DLP and compliance.Captive portals: Some networks block or throttle VPNs. Split tunnelling can help you authenticate to the network, but policies still govern what’s allowed.If your search intent is “vpn split tunneling travel,” the core takeaway is: it’s useful on the road, but only when your company explicitly allows and configures it.Should you use split tunnelling on the road?Pros (when permitted by IT): - Faster access to local/cloud services (video calls, maps, local content). - Better battery life due to reduced encryption overhead and lower round‑trip times. - Fewer geolocation issues for non‑work apps (streaming, public cloud buckets in‑region). - Smoother captive portal logins on hotel and airport Wi‑Fi.Cons: - Increased risk surface on untrusted networks; misrouted traffic could expose metadata or content. - Harder for IT to enforce uniform controls and logs across all traffic. - Some collaboration tools may behave unpredictably when half inside, half outside the tunnel.Bottom line: Use split tunnelling only if your IT policy allows it, ideally with centrally managed per‑app rules. If your device is managed (MDM/EDR), let IT push the profile. Avoid ad‑hoc, user‑side tweaks unless you have explicit approval.Prepare your work laptop before you travelUse this checklist one week before departure:Confirm policy - Ask IT whether split tunnelling is allowed on corporate devices. - Clarify which apps must be forced through VPN and which can bypass. - Request written guidance for your destination(s).Update and test - Patch your OS, VPN client and browser. - Test the VPN on at least two networks (home and a mobile hotspot). - Confirm you can reach key services (email, intranet, storage, CRM) with and without split tunnelling (if permitted).MFA and recovery - Add backup MFA methods (TOTP app, phone, hardware key). - Generate one‑time recovery codes in case SMS is unavailable. - Ensure your device time zone and clock auto‑sync (MFA can fail with time drift).Profiles and policies - Have IT push the correct VPN profile(s) and DNS split rules for your region. - Check that Always‑On VPN behaviour matches policy (e.g., blocks traffic until tunnel up). - Verify the kill switch is enabled if required.Connectivity plan - Prefer mobile data over insecure public Wi‑Fi when possible. Load an eSIM for your route: see Destinations, or choose a regional plan like Esim North America or Esim Western Europe. Country options include Esim United States, Esim France, Esim Italy and Esim Spain. - Set up your phone’s personal hotspot as a backup. - Save hotel Wi‑Fi details offline, but avoid auto‑connect on unknown networks.Contacts and contingencies - Save IT helpdesk contacts and escalation hours in your calendar (local time). - Request an alternative protocol/port (e.g., TLS/443) profile if your main VPN is blocked. - Ask for safe split tunnelling defaults if you’ll be presenting or streaming.Pro tips: - Download offline installers for the VPN client and MFA app. - Cache the latest company root certificates in case the device can’t reach internal distribution points. - If travelling to higher‑risk regions, ask about a “clean laptop” policy and temporary accounts.Configure split tunnelling safely (with IT approval)Your corporate image may lock these settings; if so, use IT‑pushed profiles instead. If user‑config is permitted:Windows 11/10 (generic steps)Open your corporate VPN client. Look for “Split tunnelling,” “Per‑app VPN” or “Exclude local networks.”Choose the mode approved by IT:Per‑app include list: Add only work apps to the VPN list.Per‑app exclude list: Keep all apps in VPN except those explicitly excluded (safer default).Per‑destination: Add corporate subnets (e.g., 10.0.0.0/8), domains or DNS suffixes.Ensure DNS for corporate domains resolves via the VPN (check “Use VPN DNS for internal domains”).Enable the kill switch if required, and verify that non‑VPN traffic is blocked when the tunnel is down (for non‑split apps).Apply and test:Open a corporate app (should route via VPN).Open a public website (should route directly if excluded).Confirm IP paths with “whoami” sites or tracert; check DNS with nslookup against internal names.macOS (generic steps)In your managed VPN app or Network settings profile, locate split tunnelling controls.Use per‑app or per‑domain routing as defined by IT; avoid wildcards that could capture personal traffic.Verify “Send all traffic over VPN” is disabled only if split tunnelling is explicitly allowed.Check DNS suffix search and internal resolver settings are applied when the tunnel is up.Test with Activity Monitor’s per‑process network view or a browser extension that shows current egress IP.Pro tips: - Don’t exclude your browser if you access SaaS tools that handle company data—keep it on the VPN unless IT says otherwise. - Avoid excluding update services; patching over untrusted networks is sensitive and may be blocked by your company anyway. - If performance is poor, ask IT about protocol options (e.g., IKEv2 vs TLS) rather than changing encryption settings yourself.Network choices on the roadOrder of preference for reliability and safety:Mobile data via eSIM on your laptop/tablet or phone hotspot.Known, password‑protected networks you control (MiFi, travel router with your SIM/eSIM).Enterprise‑grade public networks (airline lounges).Hotel or café Wi‑Fi (last resort).Why eSIMs help: - Stable IPs and lower contention than crowded hotel networks. - Fewer captive portals that break VPN handshakes. - Predictable costs and usage alerts.Plan ahead with Destinations and pick a regional or country plan to match your itinerary: Esim North America, Esim Western Europe, Esim United States, Esim France, Esim Italy or Esim Spain. If you’re managing a team, centralise purchasing and support via For Business. Partners and MSPs can streamline provisioning through the Partner Hub.Captive portal tip: - Most portals block VPNs until you accept terms. Temporarily disconnect the VPN, join the Wi‑Fi, complete the portal, then reconnect. If policy enforces Always‑On VPN, use mobile data to complete sign‑in or ask IT for a captive‑portal profile.Battery and performance trade‑offsVPNs consume CPU to encrypt/decrypt traffic and can keep radios active, increasing battery use. Practical steps:Prefer modern, efficient protocols approved by IT. IKEv2 and WireGuard‑based options are generally lighter than older SSL/TLS stacks, but only switch if your organisation supports them.Use split tunnelling (if allowed) for heavy, non‑sensitive traffic like video conferencing to reduce packets through the tunnel.Avoid marginal Wi‑Fi. Weak signals force higher transmit power and retries. A good eSIM or hotspot can use less energy overall.Close background sync and heavy downloads before joining a meeting. Cloud drive re‑indexing can saturate the tunnel.Reduce resolution/frame rate in video calls if bandwidth is tight.Let your device sleep between tasks; some VPN clients keep sockets alive—enable power‑friendly settings if IT permits.Keep your device cool. Thermal throttling increases energy per task and can worsen VPN performance.Compliance essentials (don’t break policy)Respect MDM/EDR controls. Don’t install personal VPNs or proxies alongside corporate VPN clients.Don’t modify encryption, DNS or split rules beyond what IT has approved.Treat public cloud/SaaS as “work data” unless explicitly personal. If you use a browser for both, keep that browser within the VPN.In restricted or high‑risk countries, consult IT about export controls, device searches and data minimisation. Ask whether a loaner device is required.If your VPN is blocked regionally, use the IT‑approved fallback profile. Avoid consumer workarounds that could violate policy.Troubleshooting on the road: quick fixesIf the VPN won’t connect: - Try another network (switch to your eSIM or hotspot). - Check time/date and time zone; re‑sync if MFA fails. - Complete captive portal sign‑in before reconnecting. - Toggle a secondary protocol/port profile (e.g., TLS/443) if provided. - Reboot the device; network stacks and drivers often recover on restart.If split tunnelling misroutes traffic: - Flush DNS cache and retry. - Ensure corporate domains are on the “include” list. - Remove risky exclusions (e.g., your browser) and test again.If calls are choppy: - Move the conferencing app to bypass VPN (only if IT allows). - Drop video quality or switch to audio‑only. - Swap to mobile data; hotel Wi‑Fi uplinks are often the bottleneck.If you can’t reach internal sites: - Verify the VPN is up and that DNS suffix search is applied. - Try the short hostname and the FQDN. - Ask IT whether the site is geo‑restricted or requires a different profile.Pro tips: - Keep offline copies of key docs for read‑only access if the VPN drops. - Save your helpdesk’s “known issues” page for quick self‑diagnosis.FAQWhat is split tunnelling in a VPN? Split tunnelling routes only selected apps or destinations through the VPN, with other traffic using the local internet. It improves performance and battery life, but must be configured and approved by IT to avoid data leakage.Is it safe to use split tunnelling on hotel Wi‑Fi? Only if your company allows it and has defined which traffic must stay inside the tunnel. Use mobile data where possible, and keep work apps (email, browsers used for SaaS, storage clients) inside the VPN.Will a VPN slow my connection? Yes, some. Encryption and longer routes add latency and reduce throughput. Efficient protocols and split tunnelling (if permitted) mitigate this. A good eSIM or hotspot often outperforms congested Wi‑Fi.Can I watch streaming services while connected to my corporate VPN? Often your company blocks or discourages this. Even if it works, streaming through the VPN can waste bandwidth and trigger policy issues. If allowed, keep streaming outside the tunnel with split tunnelling, and only on personal time.My VPN breaks at captive portals. What should I do? Disconnect the VPN, complete the portal login, then reconnect. If your device enforces Always‑On VPN, connect via mobile data first or use an IT‑approved captive‑portal profile.Should I tether from my phone or use hotel Wi‑Fi? Tethering via a regional eSIM is typically safer and more reliable. See Destinations for travel options, including Esim North America and Esim Western Europe.Next step: If you’re equipping a team for secure travel, centralise data plans and support with For Business.

30 Oct 2025