Connect Two GL.net router abroad to home

Are you behind a Carrier-grade NAT or do you not have a static IP.

I don’t have static ip

The router supports DDNS. If you enable DDNS, it will give you a name in the format: xxxxxxx.glddns.com that will track any changes to your home router IP address.

I am sorry but can you explain last comment in plain english due to lack to technical knowledge in networking.

On my travel router i should connect to xxx.glddns.net ??

Without going into the technical details, if you enable DDNS on your router, it will provide a fixed name that you can use to connect to your home router. Just try turning on DDNS, and it will give you the exact name to use.

Once i enable that after that should i follow wireguard link you gave earlier or is this the solution for not having static/public ip ??

On your home based router, you will need to enable both DDNS and the Wireguard server. On your travel router, you will use the DDNS name as the IP address on your Wireguard client.

It is difficult to explain this without going technical, because it is.

You’ll need a VPN (Virtual Private Network). There are different solutions, like OpenVPN and WireGuard, and WireGuard is much simpler.
There is a server and a client. The Server needs to be reachable via Internet, all the time. For this Reason, you need two things

  1. A static IP, or a static Hostname, that is resolving to your IP (called DynDNS, DDNS,…)
  2. If the Flint is not the Main router, a Portforwarding from The Internet to the Flint.
  3. Two different Networks

At first you take a look around your network and check if any device is already have had a dynamic hostname. It is mainly used for remote access via App, from NAS devices, security cameras, smart fridge/washing machine/iron and so on. If there is no device, check the GoogdCloud way ([letters and numbers].glddns.com), as mentioned earlier.

Than check if your Flint is the main router, connected to the Internet, or if you need to forward the port. The last one depends on your router.

Now you can start to follow the given manual. First setup the ‘Wireguard Server’ on the Flint, than add a profile for the Beryl.

But before you can go live, you may need to change the IP address of the Beryl. If both ‘local networks’ are 192.168.8.1, the Tunnel (VPN) won’t work. You can change it to everything you want, maybe 192.168.9.1 …

As the server (Flint) will run permanent, and the client (Beryl) will search for the DDNS hostname, the connection will be possible from nearly everywhere, with internet.
For example: It won’t work, if the hotel WLAN only allow web (http) and Email traffic. But such issues are too depending on the specific situation, as it can be discussed here in general.

And I think you should not be able to build the VPN with the Beryl inside your net. If you’d like to test it, either try to tether the internet with your phone (mobile data plan, not WLAN!) or from your neighbors house.

Goodcloud should allow you to setup a node system that does the same thing.

Call me thick but I can’t see ENABLE DDNS in my FLINT router? I’m looking in the Control Panel - not Luci…

Help - am I missing something - I would like to try the glddns.com as I don;t have a fixed IP (I’m using 4G with a TP-Link 4G router feeding FLINT).

Whats the firmware? Should be under applications(4.2.0 firmware)

Actually in 3.16 is Remote Access.

Meanwhile I just upgraded - but only came across 4.1 - am I missing something here? I was on 3.2 - now 4.1 - and it occurred to me - am I flogging a dead horse here? I have 4g coming into a TP-link router and the LAN out from that goes into the FLINT WAN… am I going to have the issue of not having a public address or should I keep progressing this?? What I DID find out was that with multi-WAN I seem able to add the main 4G to the 4G hotspot on my phone and get a decent bump in speed… lots of things happening all in one night - WiFi 6 GL-iNET AX1800 (FLINT) Router - Scargill's Tech Blog - but I digress…

If you can clarify whether or not I’m wasting my time with DDNS or not on a 4G signal… and can I get that on 4.1 or do I need to somehow find 4.2?

Yes I did see it in remote access on 3.2 but the router griped I was behind something OR didn’t have a public address and I recall being told about public addresses and 4G some time ago… any clarification REALLY welcome…

4.2 is in Beta and snapshot on the GL.iNET firmware download page, NOT STABLE releases yet. From how I use it I have not had any issue with the 1-14-2023 snapshot or the 1-16-2023 snapshot.

DDNS is essentially giving the router a address it can always be found at. So 4G should work, who is the service provider? Also it depends on the cellular IP as well most don’t get assigned a routable address. If starts with 10...* or 100...* these are private and carrier grade NAT services. The newer 5g none mobile hotspots can be used. MWAN might be the issue with multiple 4G connections.
ZeroTier or Tailscale might be a better option.

1 Like

In general, you can’t have a simple wireguard/openvpn server gl-inet setup if you don’t have a public IP or are behind CGNAT.

You CAN use something like taiscale (based on WG) that does the CGNAT port opening but at this moment is more involved to setup, and support for it in gl-inet products it’s just starting to show up.

1 Like

Advice taken - stick with 4.1 for now…DDNS - understand the basic logic. I’ve always had a fixed IP in the past - now on 4G I don’t… Service provider is Spanish - XENET (who latch onto Orange I believe). No 5G here, only 4G and the router is 4G…
ERm, yes, starts with 10 - so that’s out then… getting Tailscale running - that’ll be the next challenge - I already have a Tailscale network - no idea how to add FLINT to it… Fire away if you know how to install TailScale on FLINT router…

Keep going - I’m all ears - see previous response :slight_smile:

You have to setup the Flint router as an exit node for tailscale. Tailscale will punch open the ports for you regardless of whatever your ISP is. Definitely should work on 4G GNAT Orange in Spain.

Then any tailscale device on the network will be able to use it to exit the internet. Performance should be the same as WG VPN (most of the time if you are not using tailscale proxy server). I frankly haven’t played with this myself ,but it’s totally doable. Either just touch the config files yourself on the router which will be tricky, or wait for gl-inet to add support for this. 4.2.x FW has tailscale but unsure what use cases do they support. The one I’m talking about is clearly the one they should support as this is the reason why virtually everyone is buying their routers (to peer traffic through your home inet)

Erm, how do you “set up the Flint router as an exit port for Tailscale” - I have Tailscale installed - and ran TAILSCALE UP… You’re assuming maybe a lot of openWrite experience?
I went into /etc/config (there is a file called tailscale in there) and entered “touch tailscale” - nothing happened - I thought touch simply updated the date on a file. Well, it’s done nothing as I still cannot get anything by entering the tailscale IP for FLINT into my phone browser. Am I missing something here? (your feedback is most welcome).

In flint - UCI - it definitely knows about the phone - I’ve not included the IP here… but there it is in the list in flint.
peters-s22-ultra peterscargill@ android idle, tx 92 rx 180