Why a VPN here?
On unencrypted Wi-Fi (most hotels), any network client can see your requests in cleartext via a free Wireshark sniffer. Captive portals provide no security beyond authentication — once you're past it, traffic is plain. A VPN encrypts everything end-to-end and solves the problem.
Full procedure
- 1
Connect to the hotel Wi-Fi
Accept the captive portal. Internet must be working first.
- 2
Launch the VPN immediately
Before opening Gmail, WhatsApp or any banking site. The VPN must be active BEFORE any sensitive connection.
- 3
Check for DNS leaks
Open our DNS leak test tool — ensure your DNS is no longer the hotel's Wi-Fi DNS.
If the hotel doesn't offer WPA2/WPA3-encrypted Wi-Fi (just an open captive portal), treat it as a strict public network — a VPN isn't an option, it's mandatory.
NordVPN
Sans la langue de bois.
★ Audit Deloitte 2024 · ✓ Garantie 30 jours · 14M+ utilisateurs (source : NordVPN press)
Try NordVPN for this scenario30-day money-back guarantee→Frequently asked questions
Could the hotel Wi-Fi itself be malicious?
Rare but possible. More likely: another guest on the same hotel runs a MITM (Man-In-The-Middle) attack to intercept traffic. A VPN renders this useless: only ciphertext travels.
Isn't HTTPS enough without a VPN?
For content, yes (Gmail, banking). But metadata leaks: sites visited, duration, request sizes. On an open hotel Wi-Fi, these metadata build an exploitable profile. A VPN encrypts those too.
Does the captive portal work with a VPN?
Yes, in this order: connect to Wi-Fi → authenticate at the captive portal → enable VPN. If you launch the VPN before the captive, authentication fails.