Setting up home vpn with a travel router to connect from abroad using a second travel router

noobienetworking · 2022-06-09T14:07:11.117Z

hello all,

i’m trying to set up a home vpn so I can connect to my home ip when I’ll be working abroad but have no idea what I’m doing.

I have purchased 2 beryl travel routers for this purpose.

My current modem (non vpn) will be connected to one of my beryl travel routers (home vpn) and I will need to set up wireguard on it (somehow). I’ve read that I will need to port forward this to my modem (not sure how to do this) and plug the configurations into my second beryl travel router (one i’ll be using abroad).

Does anyone have a guide on how I can get this set up? I’m still learning the concept around this and would love some help

Thanks!

cafebug · 2022-06-09T14:25:03.650Z

How about this thread: Wireguard SiteToSite Vpn - Technical Support - GL.iNet (gl-inet.com)

elorimer · 2022-06-09T15:19:59.429Z

A couple of things to start with. First, let’s call the “modem” the box that your isp provides that converts the cable or optical signal to a wired ethernet connection. A router is the box that connects to that wired ethernet connection on its WAN side, and distributes the ethernet connection to devices on its LAN side. Often, the isp box is a combo modem and router, so the WAN side is internal to the box. Sometimes the router is a separate box, which you can swap out for the Beryl.

That WAN side has an IP address. That needs to be a public IP address, not a private address. (If it is a private address, you will have to do this an entirely different way.) You want that public IP address to be available to the WAN side of the first Beryl. If you have a standalone modem, that might happen automatically. If it is a combo box, you may have to put the box in “bridge mode”, so it just passes the address through to the WAN side of the router, or you may have to forward a port from the internal WAN side to the LAN side of the combo box.

So the threshold question is, can you connect the Beryl router to your “modem” and have devices connected to the Beryl reach the internet, and if you can, what is the address that the Beryl treats as its WAN address? That will determine how you proceed.

noobienetworking · 2022-06-10T06:24:32.279Z

elorimer:

If it is a combo box, you may have to put the box in “bridge mode”, so it just passes the address through to the WAN side of the router, or you may have to forward a port from the internal WAN side to the LAN side of the combo box.

My setup is the combo setup. Do i need to port forward from my primary router or the secondary vpn router?

LupusE · 2022-06-10T06:40:43.395Z

Maybe it is not a good idea to open your network (port forwarding), without knowing how it is working. Even if the goal is a much more secure solution (VPN).

In short:

You are ‘dial in’ at your provider, with given user/password.
Your provider assign an IP to your router.
The whole Internet should be able to reach your router via this IP.
But because of your router got no monitor/keyboard/mouse, there are other Systems behind.
The Router has one IP on WAN (assigned by Provider) and a Network (mostly 192.168.00/24) on the other side.
Because all possible 245 devices in the internal network has to share one IP, the router knows some magic: NAT (Network Address Translation).
If a device is connecting from the inside to the internet, the router knows 'ah, there is a established connection, i know from my NAT table who is the origin and where to route the answers.
But this ‘workaround’ can’t work from the outside. How should the router decide which device can answer services at port 1234?
Here comes the ‘port forwarding’.
One device in your network (f.ex. 192.168.0.224) is able to speak VPN on port 1234. But this port is only known in your internal network.
So the router needs to know 'if some device asking at WAN for xx.xx.xx.xx:1234 (WAN IP) forward this request to internal 192.168.0.224:1234. In this case the port is se same, but don’t need to be.
It is very important, that the internal network and the Beryl Network are not the same! The beryl can’t work, if you use 192.168.8.0/24 for your home network!

I really have no Idea, why I’ve used bullet points. But I am too lacy to remove them now. I hope this paints a clearer picture about what will happen.
Be aware EVERY system on the internet can reach your beryl via [WAN IP]:1234 … If there is a exploitable service is listening at this port, an attacker could get full access to your whole LAN!
This is the reason, why you should a. be aware what you are doing and b. know the risk at any time!

elorimer · 2022-06-10T07:58:20.833Z

noobienetworking:

My setup is the combo setup. Do i need to port forward from my primary router or the secondary vpn router?

We’re not there yet.

Run a cable from the LAN port of your combo box to the WAN port of the Beryl. Now connect a computer to the Beryl, either wifi or cable. You should be able to reach the internet from that computer. In a browser go to 192.168 8.1. What is the WAN address give to the Beryl?
If it is 10.xx.xx.xx or 192.168.xx.xx (or, very unusually, 172.I.forget.xx) we will have to take some other steps and you will need to be able to get to the admin page of the combo box.

noobienetworking · 2022-06-15T07:23:23.151Z

sorry been away for a while

just did this and the IP address for the beryl is 192.168.x.xxx but I’m in the admin panel of the secondary vpn router

elorimer · 2022-06-15T13:04:40.142Z

noobienetworking:

but I’m in the admin panel of the secondary vpn router

I don’t know what you mean by this.

But are in step #1, where the beryl WAN port is connected directly to the combo box LAN port, and this is the address given to the WAN side of the Beryl? Is so, this is strike one. Now you have to get into the admin page of the combo box and see if you can port forward.