I’m going to be traveling a lot in Europe and wanted a way to always connect to my home so that it always looks like I’m connecting from my home IP. After reading up on VPNs and tunneling, etc, my head is spinning a little. I bought a GL-AX1800 Flint to plug into my ONT here at home to act as a home base/server, and I bought a GL-AXT1800 Slate AX to bring with me wherever I go. How can I make it so that the Slate connects to the Flint so that anything I plug into the Slate looks like it’s connecting to the internet from my home? Is this something that’s possible through a VPN, or some kind of direct connection?
You need to set up a VPN server on the Flint and create a VPN Profile that you install on the Slate that you’re traveling with. Wireguard Server/Client is the fastest and easiest way to go. You’ll need to download the profile you create from the Flint and Upload it to the Slate. Then, just make sure your VPN server is running on the Flint when you leave and that you connect to your home profile from your Slate when you’re traveling.
One trick with this is that you’ll either need your home IP to be static (not change) or you’ll need to use a dynamic DNS service and ensure that the Wireguard profile you download for your Slate points to your dynamic DNS domain. I believe GL.iNet has a dynamic DNS service you can use for this purpose.
This is really good to know, thank you! I’m working on the setup this weekend and didn’t know about the dDNS part.
When you configure your WireGuard server. Make sure you also remember to port forward UDP 51820 traffic to your Flint.
Yes, port forwarding is important if your Flint is sitting behind a different router. I also forgot to mention that you should test your configuration before relying on it when traveling. You don’t want to get to wherever you’re going and be unable to connect to your VPN.
You can also try the free ZeroTier network.
It creates a virtual secure tunnel and bypasses firewalls and can connect your PC, laptop, phone, etc. anywhere you are to your home nertwork, because it creates a direct network between your router at home and your devices anywhere very easily. And in Zerotier Central you can route your home network and reach home devices so that they are also accessible from outside very easily.
This router has IP 172.28.121.5 on the Zerotier network but actually at home it has IP 192.168.9.1 on my home network. Outside the home, with a device also connected to the zerotier network, I type 192.168.9.1 and I can see my router there or 192.168.9.2 I see my PC and with a remote VNC I can manage my PC as if I were at home.
But the Wireguard server is very easy to set up on your Flint at home and it’s also very easy to set up the Wireguard client on your Slate AX on the go.
ZeroTier is the way to go here since Wireguard is often blocked in Hotels.
I just wanted to thank you all for your help. As a test, I set up the Flint connected to my home ONT and port forwarded 51820 to the IP that the ONT gave me (192.168.x.x). I did enable the DDNS on the Flint to be safe. I downloaded the Wireguard app to my phone, turned off Wifi, and enabled the client using the QR Code generated by the Flint Wireguard server. Doing a quick “what is my ip?” on Google gives my phone the same exact IP as my home ONT. I assume that means the server setup was a success? If so, my next step is to set up the Slate by pasting the config file into the Client setup section. Since it was an option, I also set up GoodCloud, so I can adjust my Flint settings remotely.
Anything I’m forgetting so far?
Just a heads up, I wouldn’t be relying on GoodCloud. As it’s very flaky for some people and doesn’t work.
What is a better way to access this router directly over the internet then? I just tried putting in my ddns address that the router gave me, and it connects me to the ONT. Which is helpful, but it’s not the Slate router itself.
You’ll need to port forward 80 (HTTP) or 443 (HTTPS) to your Slate (make sure that has a static lease). See Dynamic DNS - GL.iNet Router Docs 4.
That did it! I wasn’t adding the :443 to the address (I was using https), just using the straight ddns address which put me to the ONT.
It’s bad practice to make your routers interface reachable from the internet. You should reconsider it.
Make sure that the config you used has the switch flipped to “Use DDNS Domain.”
I would also not make your router’s admin interface accessible from the internet. That is pretty dangerous and you will be attacked by people running automated scripts to try and access your router and network. It’s better to keep access to your router’s admin page restricted to your LAN.
Alright, noted on the admin access.
You can access the GL GUI or LuCI admin interfaces over a WG tunnel. That’s how I handle my remote endpoints. I don’t use GL DDNS or GoodCloud myself but the docs for what you’re looking to do are so straightforward, it’s near stupid:
Also agree on not exposing your router to the internet. I probably should have mentioned that during my advice.
If you have WireGuard set up correctly and a fallback such as Tailscale or ZeroTier. A fallback is suggested especially if WireGuard access is blocked. You should be good to go to acces your router safely remotely, without exposing it to the internet.
WG on :433 (TLS/SSL’s port) if not :53 (Unsecured DNS) should render that concern moot.
Fallbacks are always good, plus you don’t just want to have one path available. Whichever route you choose as your primary access, always good to have a backup. Things get blocked, services and servers can become inaccessible.