Need help with setting up a VPN for my project

I have a LAN in a remote are that I need access to in order to view the live preview of a camera through its web interface. Which VPN server would be better suited for this task?

The camera’s network is, so is that what I need to set as the XE300’s lan? What about the IP of the VPN server? That is what confuses me because it defaults to Shouldn’t it be on the same network?

Also both the VPN server and the client devices use the cellular network, so I image they don’t have a public IP correct? How do I make this work if they both are like this?


Normally Cellular networks do not provide a public IP, but you will need a public IP to set up a VPN Server.
You can try renting a VPS to set up a VPN server, or you can use a data forwarding service such as AstroRelay.

I looked into that but between the instructions for setting up wire guard and astrorelay, you are looking at about 30 pages of instructions. 30 PAGES. I would imagine this would most likely have to be done to each device, and would probably have to be done all over again if the router gets reset, or the WAN IP changes, correct?

Can’t I just use a thin client or an old laptop to host my own VPN server and use the GL.INET to get internet over 4G?

AND?You only need to choose one.
You need to set up again when the router is reset, but not when the WAN IP is changed.
You can set up a VPN server with your own equipment, but it must have a public IP, which is the same as the VPS solution.

So how exactly does running a VPN server on a VPS work when using the 4G network? You said earlier that it was one of two solutions for creating a VPN server on a private IP (i.e. 4G network).

It’s not about creating a VPN server on a private IP. It’s all about forwarding data through a server with a public IP. You are running a VPN client on your router.

  1. VPS is to rent a cloud server with a public IP and set up a VPN server for data forwarding
  2. AstroRelay forwards data through a server we provide. It does not use a VPN

My objective here is to have remote access to a local area network from anywhere in the world. And then unplug the mifi device and connect to another network and have the same access, preferably without redoing any configs if possible. So are you saying that can all be done with the Astro Relay service and I don’t have to re do anything? I dont mind spending an hour setting it up if I never have to do it again…

Also lets say of I rent a VPS server running a VPN server. Then I confogure the xe300 as a VPN client and plug the xe300 lan into a switch with some cameras connected to them.

How would I be able to access those cameras using a laptop with an internet connection that is not in physical proximity of the xe300?

Unless you have upgraded the firmware by resetting or not maintaining the configuration, you can connect directly from anywhere without reconfiguration. And I think it does it in ten minutes or so.

Create a configuration VPN client file on your VPN Server and run it using your computer or another router.
This requires some technical knowledge. From your question, this may be difficult for you.

Tailscale + subnet routing would seem to be the easiest solution if you’re going to be on a cell network. That said, I’m not sure what the state of the stock Tailscale implementation is these days. It was hopelessly broken for a while, and I haven’t checked recently.

1 Like

So run a VPN server with a public IP, with the xe300 configured as a client on the Local network I am trying to have remote access to, and run a second client off my laptop and you are saying I would have lan access to the xe300? Also generating the config file Is the easiest part. I got stuck when trying to ssh into the xe300 and the password kept being incorrect when I copied and pasted it and used root for the username.

It’s not quite that simple, but in principle yes - you basically set something up where both your XE300 and laptop are connecting to the same server, and then the server passes traffic between them.

But again, you’d probably be better off using something like Tailscale, which also has the added benefit of being free.

With all due respect, this is not the hard part. If you can’t do this, it’s going to be very hard to do what you need.

Let me know when you retract your statement, smarty pants

root not Root

My larger point is that if you don’t know how to ssh into a linux box or what the root account is, you’re going to have a tough time setting this up.

And you know, look… you’re the one asking for help here. I’m the one who has a few dozen different setups on different VPN technologies who can actually help you come up with a workable solution. I can assure you that configuring things properly is more difficult than logging into the router. So I plan on standing by my statement that trying to ssh into the router is not the hard part. You may be having trouble with it, but it’s not the hard part.

If you don’t want my help… totally fine. Good luck.

1 Like

The instructions clearly say “Root”, with a capital R.

Yes lowercase “root” does let me log in, but how was I supposed to know that when the insctructions were wrong? This is a product marketed towards consumers, not IT smarty pants 165 IQ geniuses such as your self…

You are telling me basically to “F” off because I don’t know as much as you, because I wasn’t aware of this “inside knowledge” that linux based systems use lower case “root” for logins and I was expected to know to overide that part of the instructions based on this knowledge. See the problem here? This is just page 3. So you are in a way right about this is not the hardest part it seems.

This just further proves the legitimacy of my claim, that this solution involves way to much work, and its not difficult because it is 30 pages of work (26 pages for Astro Relay according to the print preview), but because the instructions are not word for word, there are gaps that require the inside knowledge and user’s discretion to fill those gaps.

Anyways, now that I was able to get to page 3 after a few days of debates and flame wars, I’ll let you know next time I need broken english clarified.

I didn’t write the instructions, and I’m not defending them. My initial statement was that, with respect, the steps after logging in are more complicated than getting logged in. It was a warning as much as anything else - basically agreeing with your entire claim that it’s not “simple” like a lot of people here make it out to be.

No, I’m telling you to “F” off because when I tried to help you told me to retract my statement and called me a smarty pants. I’m happy to help in general, but if the people you’re trying to help start calling you names, it substantially reduced my level of good will. See above also about “IT smarty pants 165 IQ geniuses”. No need for that.

Weird. It’s like I’ve maybe done this before, huh?

Cool. Next time I won’t bother pointing out where the instructions are wrong and you can either keep banging your head against the wall or rely on the goodwill of somebody you haven’t insulted.

I also won’t continue to suggest a solution that’s a lot easier.


Sorry, this is an input error. We will fix it.

@jdub has also very kindly pointed you earlier to consider a very workable solution (although you might have missed his wisdom in your moment of rage):
“Tailscale + subnet routing would seem to be the easiest solution if you’re going to be on a cell network.”

My moment of rage? Excuse me? All I was doing was defending myself from being basically called a dumbass, because I followed poorly written instructions to the letter.

BTW, your “trailscale” solution or whatever is actually also way to much work. TP-link sells a 4G router that has VPN technology built in, with no additional third party services required. So I am done arguing with fanboys here.