Best Router For OpenVPN Client With WiFi?


I am wondering if the following is possible with any of the GL routers.

When I travel, I like to stay in Airbnbs where the owner will provide me with the WiFi password to use while staying in their home. I would like to have a (portable) router that I can bring that will join this WiFi network and do 2 things:

a) Once I connect it to the WiFi, it will then connect to my OpenVPN server in my home.
b) Then, there is WiFi SSID on the router that is broadcasted where any device that connects to this SSID, will connect back to my OpenVPN server.

The router will need connect to my OpenVPN server as a TAP (not TUN).

Does anyone know if this is possible on any of the GL routers?

Thanks in advance!

You can use AR750S and MT1300 for this purpose. All works as Repeater and OpenVPN client.

For TAP, pls check this instructions

Great, thanks so much :+1: A couple of additional questions:

a) which is these has more RAM (OpenVPN is very heavy utilization on RAM)
b) do either of these have access to captive portal? To explain, I read something about these routers and captive portal. Sometimes I will use this in a hotel and will want / need to authorize this router on the hotel captive portal.

You can choose AR750S which has more RAM.

For portal pls refer to Connect to Captive Portal - GL.iNet Docs

Pls note some hotels prevent routers to connect

1 Like

Great…thank so much! I have ordered the AR750S.

Thanks for the captive portal link as well.

This is actually a normal use case. My Mango does fine in a small Airbnb or hotel room and is extremely portable (often, it can just be dongled off the back of the Airbnb router). I have the Beryl too, which is larger, requires its own plug, has more oomph and will serve a large Airbnb. Usually we set up a charging station off one plug, with the travel router and various charging cords fed off it.

Bear in mind that your limiting speed is likely to be either (i) the download speed of the Airbnb ISP (ii) your home upload speed or (iii) the wireless throughput, halved. We often see Airbnb’s with 25/1 connections, and our home is 200/25. In those cases it is the 25’s that provide the limit. A dual band travel router like the Slate or Beryl allow you to connect to the Airbnb on one channel and serve other devices on the other channel, getting around the halving of (iii). But we often find the Airbnb is only 2.4, while we need the greater area coverage of 2.4, so both are on the one channel.

I have yet to find a case where TAP is a good thing. Aside from the unnecessary traffic, it can be very tricky to manage addresses. Try to avoid this.

Thanks for this detailed reply… as far as speeds go over the VPN, for streaming video, all you need is between 5-7 Mbps for one stream and that is at the high end (it is in fact probably less).

The reason I am doing TAP is that I have 2 homes connected together via routers. I want to have a Wifi SSID in the second house where any device that connects to it, would pull an IP from the primary home where the OpenVPN server is located. If you look at the attached diagram, you can see why I’m doing TAP as when I researched this years ago on DDWRT, this is what I was informed I would need.


There wasn’t an attachment, but no matter. If it is working, great. I know a lot of older writeups recommend TAP because the assumption is that the OpenVPN server is on a machine behind the router. But for OpenWRT and other devices where the server is on the router itself TUN works fine and is a lot easier. At my primary home, my OpenVPN servers run on Asus routers. I have a plex server at my primary home, and it works fine to stream to a secondary home, an Airbnb, a hotel, etc, as well as to devices that can’t run TAP without rooting.

Great news… my new GL-AR750DS-Ext just arrived to my home early this afternoon. After upgrading the firmware to the latest, I am ready to begin the configuration.

If you look at the attached network diagram (DDWRT Diagram For Multiple Client Routers GLinet.jpg - Google Drive), you will see the existing solution in black font that uses DD-WRT and OpenVPN and has been working for a couple of years now. To your point on your last message, when I originally set this up, I wanted a WiFi signal in the vacation home where any device that connects to this router (Vacation Home router 2) would pull an IP from the Primary Home. I was told the ‘easiest’ way to do this was to add an additional router to each home (see Primary Home router2 & Vacation Home router2) which would then require you to use TAP (not sure if the IP addresses are up to date on the drawing, but I just wanted you to see the diagram).

If you look at the green text, it explains what I’m trying to do. The 2.4G radio will connect to the AirBnb Wifi and the 5G radio will be used for the CPE devices to connect to. I have gone into the OpenVPN Client section (I think you link a couple of messages back took me to the OpenVPN server instead). I have imported the ovpn, ca.crt, client.crt, and client.key which was in a ZIP file and look like it successfully imported it.

I guess the next step is to go to the ‘Internet’ tab and then under ‘Repeater’, click ‘Scan’ and then join a 2.4G network? I am not sure what the next step after that is?

Yowza. Your diagram is well beyond my understanding. If I follow, there are four high end routers in the mix; you have two DHCP servers at work at the primary home, and no dhcp server at the vacation home. I don’t follow how anything in the vacation home VPN router wireless connections get anything in the 2.x range if the LAN DHCP server is disabled there, or how they connect to anything. It also looks like nothing would work at the remote locations if the tunnel is down, even enough to diagnose the problem. But as I say, beyond my ken.

As a stab at it, you would set up a OpenVPN client on the Slate configured exactly in the same way as the vacation open VPN router client is set up, and set it to connect. Disable the DHCP server there. When you are at the Airbnb, under Repeater, click scan and join the wifi there. That gives the Slate an internet connection, and the client should then connect. If it works for the vacation home, then I guess the slate would work as well. You could also give the Slate different certificates (a different CN), and then the primary home VPN server could configure a different scheme if you needed it.

I would have done this with TUN: the primary home 1900 running DHCP for a network at 192.168.50.xx and a OpenVPN server configured for access to the LAN and DDNS; then a vacation home 1900 running DHCP for a network at 192.168.51.xx and an OpenVPN client configured to connect to the primary home; then the Slate running DHCP for a network at 192.168.8.xx and an OpenVPN client configured to connect to the primary home. Actually, this is exactly what I’ve done except with two Asus routers

At least then, if there is a problem you can have normal internet access anywhere and diagnose the problem. The vacation home and the slate could reach everything on the primary home LAN. You could use policy rules for certain devices to only connect over the LAN while others have split tunnels, and you don’t limit your speeds to the uplink at home.

Thanks for the quick reply! I will take a look at this a little later (or sometime tomorrow). :+1: