Best way to configure a GL.iNet device for full home network VPN access


I have an old router that doesnt support being a VPN server.

I have a Mango, which I would like to be an OpenVPN server, BUT i need to be able to access other devices on my main internet router that the Mango is plugged in to.

Whenever I try to setup a VPN server on the Mango, I am not able to access other devices outside of the Mango or the main host routers web panel for example.

Would I neeed to plug the Mango in via the LAN or WAN port?

I’m guessing I would need to play with the advanced backend firewalling too?

Think of my problem as one where im trying to extend an old ASUS router with the Mango.

That sounds like the following, just with using a different GL.iNet router model and OpenVPN instead of WireGuard, but the procedure should be the same:

For OpenVPN UDP, port forward UDP Port 1194. If it still does not work for you, please provide more details on the connections and IP addresses/subnets.

I do not work for and I do not have formal association with GL.iNet

Ahhhh yes I think the issue I’ve had before is the main router being on subnet and the mango being on

When I tried to change it in the mango to .1 range I had issues.

I also couldn’t see any of the main routers devices from the VPN.

Assuming Mango WAN port is connected to the main router LAN port, the main router LAN IP and Mango LAN IP should be on different IP subnets. This is actually the correct setup and you should not change the Mango to be the same as the main router, or routing will not work. The Mango WAN IP should be on 192.168.1.x subnet of the main router.

When you start up the Mango OpenVPN server, turn on Allow Remote Access LAN

With this setup and with OpenVPN connected, you should then be able to open the Mango admin portal at and the main router admin portal at If not, then please post the System Log from the Mango router. I ran a quick test of the setup on my routers and it was successful.

On firmware 4.2.1, the process is as described above and very simple and automatic. Great work by GL.iNet.

Works fine with DDNS by GL.iNet via MENU>Applications>Dynamic DNS>Enable DDNS>ON

Menu>VPN>OpenVPN Server has nothing to fix - leave as is.

Menu>VPN>VPN Dashboard>VPN Server>OpenVPN>Options is where the “Allow Remote Access LAN” switch is.

Wireguard is apparently preferred for about 4x performance. Setup was extremely simple.

Menu>VPN>Wireguard Server - configure and turn on. >Profile add a client. Configure client by download or QR code.
Menu>VPN>VPN Dashboard>VPN Server>WireGuard>Options is where the “Allow Remote Access LAN” switch is.
Download the WireGuard app on the remote device and configure it by file or QR code.

Detailed instructions here

FYI: These forums support Markdown. If you change ea. of your ‘>’ to a space, dash, then >, space, you’ll get an arrow. Eg:

GL GUI → VPN → VPN Dashboard

Here’s an example of some slightly more complex formatting: