Setup OpenVPN or Wireguard

Jovan · 2020-03-11T08:28:59.379Z

PRODUCT: slate 750.

Hi expert,

Possible to setup above product with dynamic WAN IP either on OPENVPN or Wireguard?

Regards,
Jovan

limbot · 2020-03-11T09:07:22.129Z

Yes possible. Is the AR750 your primary ’ router or will it be on the “inside” of your network (attached to a primary router)?

In the end you’ll need to create a dynamic DNS entry for the WAN port of your external facing router, and then change the client on your devices to point towards the DDNS name of the router rather than a static IP address.

If your AR750 is inside you’ll need to do a port forward entry from your main router to the AR750.

Example below is using GL’s DDNS server and connecting directly to a Gl.Inet B1300 (WAN port DDNS ynxxx.glddns.com) running Wireguard server via the Android Wireguard client.

Or if I’ve read this wrong and you want to use the AR750S-EXT as a client, then again, need to change the client config file to point to the DDNS name of your Wireguard server.

Hope this helps.

Jovan · 2020-03-11T10:22:52.403Z

Hi Limbot,

Yes, not connected as a primary router.

Usually either inside of an network or USB tethering ( 4G)

And for client side,its internet connection will be either by 4G or premises internet (example, hotel wifi or hotel Lan)

Possible to setup VPN with the device, if this is my typical setup connection?

You quoted " If your AR750 is inside you’ll need to do a port forward entry from your main router to the AR750"

Usually, I have no control on the primary Router because the infrastructure of the premises is beyond my control.

Regards,
Jovan

limbot · 2020-03-11T10:28:13.363Z

@jovan

Hey mate.

Just some clarification, are you trying to use the Slate as a Wireguard Client or a Wireguard Server?

Jovan · 2020-03-11T10:55:34.952Z

Hi,

As a wireguard server, WAN connection is either 4G or premises network( my customer internet).

My background, my role is to install system to customer premises and sometime I would like to access after I left the premises and I don’t prefer to use Teamviewer.

Is for temporary setup. ( a week or two week)

Jovan · 2020-03-11T11:03:02.357Z

In short,

I would like to have a mobile VPN server and using a standard app for client to connect to this Mobile VPN server and access to its LAN.

AnonyOne · 2020-03-12T21:27:58.608Z

hi @Jovan
putting aside the technicalities of the matter,
what you are describing is basically creating an encrypted back door into your customer’s internal network. this is something which obviously requires a consent of the customer.
if such consent is provided, then they’d probably have no problem affording you a local fixed IP and a port forwarding rule in their main router/firewall.

Jovan · 2020-03-12T23:56:48.382Z

Hi @AnonyOne,

Thanks for your reply.

Usually, we use teamviewer which agreed by customer.

Hope this answered regards to any breaching matters.

As I mentioned, is temporary. Once everything is done, we leave the place. So I believe to implement/ asked for a fixed ip or getting access to the internal network will become complicated.

My aim is just don’t wish to depend on any 3rd party software to gain access to the system and is never convenient to remotely access a pc to another pc within a same pc.

Anyway, if my question posted here shown/lead to breaching any network security matter.

Administrator you may closed this thread.

Thanks.

Johnex · 2020-03-13T10:29:50.587Z

It’s up to each user to take care of their own security and matters, so don’t worry about asking technical info here about anything.

One thing you should know is that Teamviewer does reverse NAT back to their server to establish a connection. If you try to run something like Wireguard or OpenVPN on the 4G network you might have issues depending if the operator is using a double NAT aka shared IP’s, or if they are using dynamic IP allocation. With double NAT each user has a randomly allocated port on the ISP side, and there is no public IP you can connect to remotely.

If it’s dynamic IP then using the included GL DDNS service would be enough to connect back to the user. You will need to check that and test before.