GL-MT300N as an ovpn gateway on eth0

Hi, I’ve bought a GL-MT300 to connect my main router to an ovpn provider. In my configuration I connected GL-MT300 wan port to the router and all works fine. Now I need to connect the GL-MT300 lan port to the wan2 port of the main router and make it get the ovpn ip released by the ovpn provider. Can anyone help?


I’m not following the topology you are trying to create.

If the Beryl is operating as an openvpn client, with its wan port connected to the lan side of your router, then everything connected on the lan side of the Beryl is being tunneled through the router and your isp to the openvpn VPN server. I’m assuming the wan side of your router is connected to your isp’s modem. If you have two wan ports in the router, then is it some kind of failover?

Anyway, if you were to connect the LAN port on the Beryl to the WAN2 port on the router, you would be going in a circle, wouldn’t you?

If you are trying to have the router’s LAN connected through the tunnel, then you might connect the Beryl’s WAN port to the ISP modem, then connect its LAN port to a LAN port on your main router, make the main router an access point and turn off its DHCP.

EDIT: oops. Misread the model so ignore references to Beryl.

Thankyou elorimer. This is my intent.
My ISP give me connection under NAT so I can’t reach my internal device. Untill now I use a PPTP connection to an VPN provider to obtain a reachable IP and handle it with my router NAT. Now PPTP connection are not any more supported by any VPN provider and my router doesn’t support OVPN protocol. Since I have gigabit connection to internet I don’t want connect GL-MT300 to ISP modem because this means giving up 1 Gb/s internet connection. Now my question is if there is a way to connect Gli router to my router WAN2 port so it will get an external reachable ip over ovpn.


If your main router has two WAN (e.g. WAN1 and WAN2), it should be able to connect to multiple wan connections. But this may not be the case. So you should check your main router’s config to understand how it manage WAN1 and WAN2. Is it failover or load balancing?

So, as @elorimer said, are you connecting a circle? MT1300 should have a different Internet resource, right? Otherwise, you are connecting wrong.

If you want to access your local network, you should just connect MT1300’s WAN to your main router’s LAN. Then set up vpn on MT1300 and you can access MT1300 from vpn. You can set up port forward to access client behind MT1300.

But Astrorelay is the best solution for you to access your local network without vpn.

I misled @alzhao a bit by referring to the Beryl. What you have is the original Mango, with the slower chip, yes?

I am assuming your ISP is 1gig/1gig symmetrical, you lucky dog. The best I can get here is 1gig/35mbps!

If I follow, you have a modem from your ISP that is connected to the WAN1 port on a router. I assume you cannot put the modem into bridge mode, which would pass the modem’s IP (possibly routable, but possibly private) to the router. I assume the router can handle the 1gig, and has 1gig ethernet ports. It might help to know the model of the router to see what config options it has (for example, whether it could run alternative firmware or can have routes set), but I’ll assume for the moment there are none. I assume you have a 1gig capable LAN on the LAN side of the router, which you now use for devices to connect to the internet. If I follow, you have one device (I am assuming one) like a NAS that you have been able to access by setting up a PPTP client on the router to a VPN provider that assigns you a public IP, and you have some sort of DDNS service going that allows you to connect from someplace in the world to access your LAN. You now need to replicate that. So, what are the options?

  1. I don’t know the pricing, but it looks like Astrorelay installed on a device on your network would be one. You can ask them about pricing and the throughput they can support.
  2. Putting the modem into bridge mode, if you can, set up ddns on the router and then port forwarding on the router to the NAS.
  3. Running openvpn or wireguard client on the NAS itself, or on another device, and figure out routing to the LAN.
  4. Making the Mango the device with the client (what you are asking about). Recognize the limitations: whatever traffic is going to go through the Mango is going to be limited by: the upload speed of your ISP connection; the speed of the VPN server connection; the 10/100mbps ports on the Mango; the processing power of the Mango (best case, 11mbps for openvpn and 45mbps for wireguard); and the wifi setup of the Mango, if you are inserting that in the connection). As you have figured out, even if policy rules bypass the tunnel for other devices on the LAN side of the Mango, you are nowhere close to 1gb in either direction. I love my v2 Mango as a travel router, but that is a lot to ask of it.
  5. Replace the router you have with something capable of an openvpn or wireguard client connection. I’m kind of surprised you have a router that is capable of running a 1gb connection and isn’t at least openvpn capable, but I think even high end consumer routers are going to top out at around 400mpbs on an openvpn connection. If your VPN provider can support more then you want to move to wireguard.

Anyway, those are some ideas, based on my assumptions. Please correct me!

1 Like