Hello to all people.
Disclaimer : I have limited knowledge ,so any mistakes ,or unknown words , please bare in mind.
I want to connect to my house , from another country and take the specific IP and also share the connection for 1 more person to be able to login from his laptop ,over WIFI.
Steps so far that have been made:
Installed a mini-PC directly to my router , with Ubuntu 20.04 ,and PiVPN + Wireguard.
(Even though it breaks after a restart and needs MASQUERADE ,FORWARD, INPUT to be fixed with pivpn -d , but after that works).
Steps further ?
I have managed to create the configs profile , and went to another place / coffee shop ,and with wireguard client and importing the configs file, i was able to manage and login into the home server and take the IP from there.
(Happy about it).
Here is the tricky part, i want to share this connection and broadcast a new SSID , for another laptop to be able to login or phone, but so far didn’t find any solution.
So what router should i buy to do this job ,because i saw GLiNet routers support Wireguard. Will the “Opal (GL-SFT1200) Gigabit Wireless Router | AC1200 | OpenWrt | VPN | IPv6” do the job and be able to be used as a “Access point” that will connect straight to my home server even if i am in another country and be able to share the connection as well over Wifi for other machines to be able to login ?
(at home i have 1gbps upload and public ip , without cgnat or anything, so i am pretty sure that from upload i am covered)
By default w/ the GL GUI all connected devices on the Private LAN will use your WireGuard Client connection (per allowed_ips '0.0.0.0/0').
Multiple SSIDs aren’t supported in GL’s GUI by default so it would require some work in LuCI, the web based admin for OpenWrt. It may be far easier to simply allow the Guest SSID to use your WG Client connection as less settings with LuCI would be needed. Would that be sufficiant?
Either way you’ll probably have to install LuCI via GL GUI → System → Advanced Settings.
If you’re looking to maximize WG speed, hold tight until the Flint 2 (MT6000) hits the shelves. 900 Mbps WG. If you’re travelling, look @ the Slate AX (ATX1800) (550 Mbps) or Beryl AX (MT3000) (300 Mbps) if you only need one Ethernet port for the LAN.
First of all thank you so much for the detailed ,explanation . You did more than i asked for
Now, to provide even further details , company laptop is locked from everywhere , we cannot do anything to it ,only connect it to internet via WiFi, but it accepts only the IP of my house because it’s signed on me.
That’s why i want when i will work from another place,to put my router or whatever it’s needed with me, broadcast the wireguard connection of my house and then create a SSID for the “company laptop” to connec to , and have internet.
If you get what i mean ?
No, i just need a “router” that will connect to my home and broadcast a wifi , so 2 laptops can connect through it ,and gain the HOME IP.
Now, I haven’t finished my coffee quite yet but here’s what yer gonna need:
Home Base Device/Network
Ensure you’re not behind a CG-NAT (your ISP would know).
If your ISP provided modem features a ‘bridged mode’ to set the modem as just a modem (eg: no Wi-Fi capabilities), use it. Keep the modem as a modem as other supposed ‘features’ cause more trouble than they’re worth.
Open a port to forward incoming Internet requests to the default WG connectivity port of 51820 to whatever device IP is going to act as the WG Server.
Presuming the WG Server device is a GL router, set up
Dynamic DNS to map your possibly changing public/Internet IP
GL already provides this capability via GL GUI → Application → Dynamic DNS
Set up either WG Server → WG Client or WG LAN to LAN VPN (Site-2-Site)
Follow setup by using the defaults at this point.
I prefer the the former for simplicity while the latter may be just as useful.
The former can also allow more flexibility for routing specific devices thru the VPN via ‘VPN Polices’ but that’s a bit off topic at this point.
Remote Location Device
Ensure WG Client uses an endpoint address of the GL GUI’s DDNS and not a IP. You’ll see what I mean in the configuration settings for WG Client.
(At this point I realize I’m just summarizing what’s already in the docs so I’m going to stop. The coffee must be finally kicking in.)
Opal is fine if you’re looking for an inexpensive device. So is mango, probably. If you’re looking for more performance, Slate AX is never wrong, and Beryl AX is slightly more powerful but less versatile.
For WG the Slate AX outperforms Beryl AX (550 v 300 Mbps) per the advertised specs. A 2.5 Gb WAN port on the Beryl AX is pointless for a travel router & all the more less impressive now given the upcoming Flint 2 (MT6000)'s dual 2.5 Gb WAN/LAN ports… & 900 Mbps over WG.
I know where i get myself into ,and i am fully aware of it. I am not going to point fingers that someone helped me to do it. I need a solution temporary for it, until i will “do” what i have to do . So i am fully aware of it. Thanks for the comment either way .
Hey thanks for the comment man and the “suggestions” but i didn’t have time to login today , i already bought the “Slate Plus (GL-A1300)” which had a discount and free shipping in my country , so i am waiting for it
You made all this , just for me ,thanks a lot man .That’s the “strong” side of joining a community .So for sure i will support further the community .
I bought today ,this : Slate Plus (GL-A1300)
To tell you the truth i am not behing CG-NAT full public, and i have already done all the rest of the steps with VM just to try it out.
As i said in the 1st post , i managed to connect my phone and share the connection (data) from phone but with wireguard enabled and the company laptop took the IP of the home and NOT the data phone (cellular IP).
So for sure that way it works.
I don’t know with the router i have ordered if i will manage to put the router as a Client ,and then the router will share the wIFI with the laptop , so it can have the specific IP…i am in the middle of that because i still have problem with the pivpn -d that i cant figure out the command line…
So i will wait and post an update ,when i will receive the new router.
You shouldn’t have much trouble there. Your employer should ultimately see your ‘home base’ IP. That’s handled by your chosen ‘VPN Policy’ I alluded to.
Once you get your Slate Plus, there’ll be the option within the GL GUI → VPN Dashboard → VPN Client → Global Proxy to force all connected device MACs thru the VPN. Set a ‘kill switch’ via Global Options.
ipleak.net is a very handy website to test/confirm results.
I’d update the firmware before setup & deploying. See the bottom of the Slate Plus’s product page, firmware &/or GL GUI → System → Upgrade.
Okay , good to know as well. I didn’t know that i can force all connections to be from router itself.
About my employer and my IP that is the point, in the end i will be able to achieve with this employer or the next one the digital nomad, fully . But for now, i have some other troubles due to Summer, and not giving easily vacations not even for weekends, if you been there you will understand , so i just want to steam off a little bit … i am just doing a discussion now … I’m also sure that i’m not the only one out there as you said in the “remote work” .
I get it; you’re doing ‘recon’ right now. Heh; what you do w/ your tech is your business. That said be aware I’m not sure how the S2S HOW-TO preforms when it comes to VPN Policies. I’ve not used that particular guide as the WG Server → WG Client defaults are rather straightforward IMO.
I’d really keep an eye out for the the Flint 2 in your case though another Slate Plus as the WG Server wouldn’t be a bad choice. Out of the box these GL devices support ‘Multi-WAN’ (GL GUI → Network). You can set Failover or Load Balancing.
Granted you could probably do this all through your existing tech stack but I think you’ll first enjoy, then become spoiled by all the work GL did in their GL GUI… nevermind the raw power provided by OpenWrt Linux’s LuCI admin web interface & the CLI via SSH.
Yeah , i was just making an extra comment on the reason that i will use it for .Of course i understand what i am doing.
On the other hand, about what you said. I already saved the “Flint 2” just in case for future use But for the time being, i believe i am covered (as soon as i receive the router) and finally make it work
I managed to make it happen ,thank for you the tools instructions , discussions everything .It works like a charm tried it in many different places, even though i get really limited speed, at least my IP is shown as i 'm at home, and nothing is shown. All my devices are working and i can access them without any problem.
The only situation is that i have as i said Upload 1gbps , optic fibre, and whenever i am i can’t take more than 20-30mbps (download) even though my gl-inet router supports up to 170mbps (with ethernet cable plugged in the device) . (Wireguard also …) but the limit is really down in 20-30mbps (upload download).
Yes, i am tried all those.
No , the miniPC cannot be the bottleneck , because it’s too “good” for what it has to do , sole purpose to have the pivpn + ubuntu 20.04 , on a nvme 16gb ram etc.
Yes, itself alone , can get 1gbps down /1gbps up.
Yes, my ISP provides 1gbps down and 1gbps up as well.
To tell you the truth i don’t have any other service for vpn like nordvpn etc. that’s only it.
It doesn’t even make difference if i plug it via ethernet. i mean , ethernet cable > my router glient >and glinet router straight ethernet to wan port of another ISP router in another house. So even though it takes the IP and all good, the speed is really limited.
I opened a ticket with GL-INET and hope for the best.