Routers recommendation for NVR remote access

Hi there, I’m new and still a beginner to networking/VPN and GL.iNet product.

I’m hoping to get product recommendation for the following use case:

I have an NVR installed at a location that currently has no internet connection.
I don’t want the NVR to directly access the internet, but I want to be able to remotely access the NVR IP securely.
When I remote access, my device will have wifi or ethernet internet connection, could be trusted or untrusted (friends house or hotel network).
I’m in Canada.
Hoping for very reliable network that doesn’t require router reset every once in awhile.

I think I need the following:
Router with tethering or a 3/4G router connect to NVR. Disable NVR client IP/mac from internet
Setup Wireguard VPN server on router
Setup Wireguard VPN client on phone or desktop (or pair with a 2nd travel router with Wireguard VPN client enabled)
Remote access via NVR IP.

Does that sound correct? What’s the best router options for this setup? Do I need to have a public IP?

Thanks

On the connection running the wireguard server a public IP is required otherwise it will be pretty difficult to access that wireguard server. The question will therefore be: Will your 4G connection have that? Often 4G networks will have CarrierGrade-NAT, which means the IPs are shared and no incoming connection will be possible.

Besides that point, the idea itself will be possible with plenty of GL-routers. Basically you want a 4G router, which can run Wireguard and has a firewall (to block internet access for the NVR)
I believe you might be best off with something like a GL-AP1300LTE, because it has LTE modules available and also have a powerful enough SOC to reach decent wireguard speeds. A GL-A1300 would also be very decent, but will require a 4G USB dongle to use 4G.

1 Like

If you need LTE, maybe try X750.

In the client list, you can disable the NVR to access the Internet.

Then if you have wireguard, you can access the NVR via the Wireguard turnnel.

Pls note, a 4G network may not have a public IP, which means you may not be able to use the router as Wireguard server.

So, you may use www.astrorelay.com to relay the wireguard server. Or use a S2S solution managed by cloud.
Site-to-Site Network - GL.iNet