Glinet router recommendation for VPN

Hello. I am traveling overseas from US to Europe - over 5k miles away. I’ve been using Tailscale but the latency is a bit too high. I am considering setting up RPi VPN or going with GLiNet routers. I want to connect to my home network based in US. I would mostly connect trough another home network but might also use a hotspot with mobile data and I want it to connect through my US home network as well. My internet speed is 1gig upload/download through Frontier. I have a dynamic IP.
Which routers would you recommend to get the most speed?
Could you also help with the best setup?
Is it possible to disconnect the GliNet VPN remotely from my home network if the speed is too low, so that I could switch back to tailgate?

I’m doing something similar. I have a Wireguard VPN server at my family’s house and they only have 40Mb/sec upload, so I use a GL-AR300m which handles this speed fine. If you want full 1Gb speed over Wireguard, you will probably have to look at something outside of GL iNet, as their Wireguard speeds top out around 500Mb/sec. That said, at least in my travels, not many places I stay gets close to 500Mb/sec. and I can easily do everything I need with about 5Mb/sec down, and 2Mb/sec up, so I stick to some older GL iNet products that are very stable. What speed do you really need? The GL iNet Flint and Slate AX are both suppose to run at around 500Mb/sec using Wireguard.

What are you running Tailscale on now? It will probably keep working in parallel with a new Wireguard VPN server.

Gl iNet router’s provide a DDNS service for free that will help handle your dynamic IP. You will need to make sure you can redirect a UDP port on your current home router to your new router to get Wireguard to work.

1 Like

Do you have size, weight, power limitations? How many devices wired or wireless? Do you want to run adguardhome, adblock?

1 Like

Thank you so much for the info.

All of the systems I work on are browser based, I am not required to use the company’s network.The only requirement is that I connect through my home office location. Although I have a dynamic IP but if I log in through a different network at other location, some portals ask me for verification which I want to avoid, maybe it’s location based(?). I just need a simple setup for my location and IP showing as if I’m connecting through my home office while I’m traveling overseas to my other home in Poland.

As far as the speed, I honestly think that 100Mbps would be more than enough but considering the distance which is 5-7k miles, I am afraid of the speed decreasing drastically.

I don’t have any limitation when it comes to space or power. I would use a laptop and tablet, maybe a phone sporadically. It would mostly be used in my home based in Poland but I might also need a portable hotspot connected to mobile data when I am leaving for a trip somewhere outside of that location.

My first setup was a basic remote desktop connection through TeamViewer, VNV or Anydesk but that did not work to good, it was laggy and often losing connection which required me to switch the software.
Then I switched to Tailscale, installed on a dedicated PC plugged to the router directly (old computer used for work a few years ago - Mini Asus PC with i3-4030U 1.90GHz, 8GB Ram, 120GB mSATA, Intel Dual Band Wireless-AC 7260, running Windows 10 Pro) used as an exit node. It worked fine and it’s very simple, worked with dynamic IP without additional ddns, could use the software on my laptop or an app on a tablet or smartphone. However for some reason the latency was sometimes very high and speed dropping drastically. I did not trust this option too much. Just to add, my router is a pretty old Tenda AC15 AC1900, mighy be a good idea to upgrade it too.

It might be better to just set up a VPN server. Just don’t know which route should I chose.

If you are thinking about updating your router, you may just want to install Wireguard directly on a new router, which would remove the need to do port forwarding, and reduce latency.

1 Like

With that option, will I be connecting through Wireguard with my home network as well or is it possible to set an additional connection bypassing Wireguard? Will I still be able to get the max speed?

Could you recommend any router that works with Wireguard?

I would appreciate if you could help me understand on how will I be able to connect to that router outside of my home? Do I still need to buy a portable router with installed Wireguard client?

The GL iNet routers will work for a home router and also will work as a Wireguard server, but I’m not sure that even the Flint or Slate AX supports full Gbit rate. I’m sure someone else on the forum have tested the speeds of the new GL iNet routers, but I’m running with their older gear, as it Just Works. With the GL iNet Wireguard server, you can connect to your home network and route through it. Being the Wireguard is done within the same router, it saves at least one hope and decreases latency.

On the client side, you can connect using the Wireguard client on your PC or phone, or you can use a travel router, and connect through it. I use a GL iNet AR750S as my travel router, as this allows me to setup this one device as my VPN client, and I do not have to change my other devices that connect through it. This works really well for things like my Kindle that does not support a VPN.

Having the Wireguard client on my Android phone has been very nice, as where I’m staying now has many free WiFi APs, and the Android Wireguard client works well and does not seem to draw much power, so I always leave it on when I walk around town. This insures that I always have a US IP address.

1 Like

You could probably get away with a GL-AR300M or a GL-SFT1200 opal as minimum, the opal is better. I would replace the home router with something that can run a Wiregaurd Server at the top end such as GL-AX1800 Flint or GL-AXT1800 Slate AX. To travel either the Slate AX or Slate Plus.

If you need easy Tether that changes things.

1 Like

Thank you!

So for home router I’ll replace mine with GL-AX1800 Flint.

For client I am considering the Slate Plus, I think 190Mbps through Wireguard would be enough. Unless it’s really worth going with the Slate AX.
Would I just plug it in to the router at the other location and connect to it via Wifi, OR connect it to the router via WiFi and plug my laptop to Slate?

For outside of other home located overseas, should I just use a Hotspot modem and use the Wireguard app/software?
Or is it better to get the Hotspot modem from Glinet as well, i.e. GL-E750 Mudi - insert a sim card to it and skip the Wireguard app?

Another question which comes to my mind. Would I connect the hotspot modem with the Flint (server) located in US or with Slate Plus (client) located in EU - acting as server at that time?

I sent a message to Glinet support and they advised to use GoodCloud. Is that the management system that I would use anyways or something different?

Sorry for newbie questions but I am still learning on how it all works.

I have been in that scenario too many times. I have a Brume GL-1000MV set up at home with Wireguard Server active, and when I travel I use the Beryl portable router to connect to it. For all purposes, I’m “working from home”. (Also have Frontier Gig plan)

I have a similar instance the ‘other way around’. At the remote location I set up a Raspberry Pi 4 with PiVPN acting as a wireguard and OpenVPN server, simultaneously, and back home I use the same Beryl, this time switching the VPN client profile to the one I need.

Raspberry needs a little more work, as you have to forward ports at the router level, and rely on the no-ip DDNS script to dynamically update the IP, which the ‘Brume’ does on it’s own since it’s ran at the router itself.

Also, if you are only connecting your laptop to the VPN, you really don’t need a router, as you can download wireguard client too

1 Like

The verification is probably based on the location of your IP address (not any specific IP address) because you do not get the verification with dynamic IP addresses at home that changes over time. The IP addresses would be at your ISP’s server location, not your home address anyway.

Do you get the verification when you connect through the wifi hotspot on your smartphone, or when you use a wifi hotspot at McDonald’s, Starbucks or other public locations around your city? If not, then you may be able to accomplish the same thing in Poland through a commercial VPN provider that has a server in/around your city. For example, NordVPN, ExpressVPN, SurfShark, PIA VPN, etc. have 1000’s of server locations in the U.S. and around the world that you can look up. If you do not already have a VPN subscription, many commercial VPN providers offer a money-back trial period that you can sign up for.

It would be pretty easy to try this out at little or no cost with their VPN app on your laptop or tablet, without having to buy and set up any new router or hardware. All of these VPN providers have high download/upload speeds and low latency across countries that should work well for browser-based access.

I do not work for and I am not directly associated with GL.iNet

1 Like

I haven’t logged in through public network for a while but as far as I remember I did not get the verification when used it in my area. However I was not able to log in when I’ve been in different states.

Actually, I have a lifetime subscription with TorGuard and PrivateVPN. I also have dedicated/static IP at TorGuard. However I have not tested it anywhere outside of US. Not sure how stable is it and what speeds would I get.

I’ve already ordered Flint and Slate Plus routers.
So I’ll have 3 options to choose from - GL.iNet, Tailscale on a dedicated PC and VPN service. Which of these would be the best?

If you were able to log in around your area, but not be able to log while in different states, then it suggests that there is geo-blocking going on. This area that is allowed and not blocked cannot be too tight because the ISP server locations of the IP addresses at your home and at public hotspots around your area may be spread out by significant distances, especially if rural. As an example, my home location is ~300 miles away from my IP’s server location of my IP address.

Personally, I would test out connecting to TorGuard and PrivateVPN server locations in your area, which would not cost anything anyway. If it works, then that would be the first option I would take in Poland. Ideally, before you leave for Poland, you would do a test while in a different state, but that may not be practical.

As the second backup option, I would buy and set up the GL.iNet routers. Again, you should do a test while in a different state because it “should” be the same as the commercial VPN provider method. Hopefully, you can make use of the GL.iNet routers at home anyway.

Tailscale could be the third backup option since you already have that working.

In all cases, a dedicated PC would be ideal. I hope you still have sufficient time before your trip to assemble and test out everything.

1 Like

I really appreciate it!

My TorGuard dedicated IP is in Miami which is pretty far from my area however I just checked that my internet provider’s Public IP has a server in Miami as well, so it should be fine right?

I just received the Flint router and set ip up. I changed the IP address to the one which my old router had, as I hhave security cameras and would need to assign a new IP for everything which is a bit hassle, I hope it’s okay to change the GliNet’s default IP.

I confirmed with Frontier that they assign a Public IP by default. I set up the Wireguard Server on the router and connected my smartphone as a client. Unfortunately the speeds that I’m getting while connected to Wireguard are 2Mbps download, when I disconnect from Wireguard and just use the mobile data I am getting 200Mbps.
Is that normal?
Or is it that the speedtest won’t show correct info while using a VPN?

Also, I have a dynamic IP and not sure if I have to set the DDNS. If so, should I get a 3rd party DDNS or should use the default one that Glinet provides?
With the default one, do I need to change the clients config file IP to DDNS or leave it as is?

I will try to convert from residential to a business account so that I would get a static IP but I’m leaving in a week so won’t be able to do it now :frowning:

You don’t really need a business account nor a static IP (You are already getting a static IP with Torguard in miami, correct?). So that takes care of the issue.

By ‘home office location’ do you mean “from your home”, or from your home state?. If from the former, you are right to set up your own wireguard server at your Frontier address. Don’t switch to a business account, DDNS on GL.iNet router will take care of it, you only need to connect to your DDNS domain.

If it’s the latter case… you don’t even need to set up a VPN server at home. Use your Torguard static IP service. Load the Wireguard config file into your travel router and be sure to turn on the kill-switch, so there are no leaks. . Then, connect your laptop to that network.

Again, if all your stuff is browser-based, and you don’t connect to a VPN from your work computer (Cisco Anyconnect, etc)… then it’s even easier, you don’t even need to buy a router… just use the TorGuard client on that computer.

A bit late to the party, but you can get ~80-90mbps using tailscale with the AXT1800 (and presumably the AX1800). Unfortunately you’re looking at <20mbps with the MT1300.

Wireguard can be ok, but it’s harder with dynamic IPs. If you’re only needing to access your home network, you might also consider Nebula, which tends to be a bit more performant in my experience than Tailscale, though the packages are not as plug-and-play in OpenWRT (though still easy to get working).

A separate (and maybe better) alternative would be to run a pfSense box at home which has lots of DDNS options built in and can support Tailscale, Wireguard or OpenVPN (and IPsec, obviously). Cheap pfs boxes can be had for ~200 bucks and they’ll smoke the performance you’ll get out of a MIPS/ARM based router.

It sounds promising that both Frontier and TorGuard servers are in Miami, as long as your company websites is only blocking by the location of IP addresses.

Regarding the slow WireGuard speed, the best test is to go to a public hotspot with your Slate Plus WireGuard client and try it there. At least you now know that the Flint WireGuard server works.

The GL.iNet free DDNS service is fine to use, like a number of people on this forum, and you have to make sure the WireGuard client config file has the correct DDNS domain name for the peer endpoint. If you want a backup, you can add a 3rd-party DDNS, either free (e.g., freedns.afraid.org, dynu.com) or paid (e.g., noip.com), but you have to set that up yourself manually. If you really want to be “super safe”, you can pay for a business account to get a static public IP.

It would be ideal if you know a family member, friend or someone on this forum who could test connecting to a VPN server in Miami and try accessing your company websites to see if the verification shows up, even without actually logging in. You do not have much time to have everything ready before you leave.