Use router as wireless client, operate as WAP, and use OpenVPN simultaneously

My ideal use case for this router is:

  1. Join the GL.inet router to another WiFi (which has Internet access) as a client. This could be a hotel WiFi or just a friend’s WiFi. Let’s call this WiFi “Hotel-WiFi”.
  2. Continue to use the GL.inet as a WAP (wireless access point) through which my client devices (phone, laptop, etc.) can connect. Let’s call the GL.inet WiFi “MyTravel-WiFi”.

Intended Result: The GL.inet router functions as a wireless bridge between a wireless network and my wireless devices. My devices which connect to “MyTravel-WiFi” effectively use the Internet on “Hotel-WiFi”.

  1. I also want to be able to use the OpenVPN function of the GL.inet router simultaneously. I already have my OpenVPN configuration working. I just need it to be able to work with the other two configurations as well.

Intended Final Result: As previously, my devices which connect to “MyTravel-WiFi” effectively use the Internet on “Hotel-WiFi”, but all traffic is then routed through the OpenVPN tunnel.

  • How can I accomplish this goal?

From research I’ve done in these forums, I believe it is possible for the GL.inet router to function as a client and as an AP, but I must either use different antennas (2.4GHz and 5GHz) for each function, or (less ideal from my perspective) use one antenna for both functions, but at half bandwidth for each function. From what I’ve read this can only be accomplished from an advanced configuration interface (LuCI) and not from the standard WebGUI. All I need is a point to the right direction for a tutorial on how to do this, and I can take it from there.

  • Will I still be able to use the OpenVPN to route all traffic while using the GL.inet router as both a Wireless Client and a Wireless AP?

My router for this use case is the GL-MT3000 / Beryl AX.

GL.iNet devices allow you to connect internet through the following

  1. Cellular
  2. Repeater
  3. Ethernet
  4. Tethering

So, in your case you connect your GL router as repeater to Hotel Wifi and at the same time you can connect to a openvpn/wireguard VPN server which will route all the traffic via VPN.

Your case easily achievable on GL.iNet routers. No advance luci configurations needed.

1 Like

As far as my knowledge of networking terminology, a Wireless Repeater works by retransmitting an existing WiFi, on the same frequency and using the same SSID. Because the same frequency is used this also halves your effective bandwidth.

In the example of my original post, a Wireless Repeater would simply receive the “Hotel-WiFi” broadcast, and then re-broadcast the same “Hotel-WiFi” signal.

Is that not how the Repeater function works on the GL.inet router?

GL.iNet terminology is not “standard”. By default, GL.iNet “Repeater” Internet access method is that it is a router with the WWAN wifi connected to an Internet connection, not the same as an extender that retransmits an existing wifi.

There are other GL.iNet “Network Mode” options:

OpenVPN or WireGuard only works in “Router” network mode, not the other network modes, so you will have double-NAT with both the GL.iNet router and the hotel/friend’s wifi router.

With the “Repeater” Internet access method, you can use different 2.4GHz/5GHz bands at full speed for WWAN/WLAN, or the same band at half speed for both. This is because 2.4GHz and 5GHz each only has 1 radio transceiver that is half-duplex and cannot receive and transmit at the same time, so has to take turns. You can try both configurations and decide what works best for you.

You can set up all of this through the GL.iNet Admin Panel UI without using the LuCI UI, by following the user guide:

I do not work for and I am not directly associated with GL.iNet


So if I understand you correctly,

  • I need to have the router in “router” mode for OpenVPN to work.
  • OpenVPN will not work in “non-router” mode.

But when I click on your link, none of the Internet connection choices are “router”. I assume “router” mode is independent of the type of Internet connection chosen.

So if I choose the “Repeater” function in the docs, it says:

Using Repeater means connecting the router to another existing wireless network, e.g. when you are using free Wi-Fi in a hotel or cafe.

It works in WISP (Wireless Internet Service Provider) mode by default, which means that the router will create its own subnet and act as a firewall to protect you from the public network.

That sounds like my use case (connecting to a hotel WiFi), and the router creating “its own subnet” and acting “as a firewall” sure sounds like a router doing NAT, even if it doesn’t say those words explicitly.

That would mean that the default “Repeater” configuration should work for my purposes?

I don’t see where I get to choose which radio is used for the client and which radio is used for the AP. Is it just a matter of turning off one WiFi frequency (e g. 2.4GHz) for “MyTravel-WiFi” in the Wireless configuration page and then connecting to “Hotel-WiFi” using that disabled frequency (e.g. 2.4GHz)?

By default, the GL-MT3000 will be in “Router” network mode (with firewall and NAT), which is what you should have, given that you were not aware of changing the network mode (which is not the same as Internet access method), as in the first link I provided:

Since you have been able to connect the GL-MT3000 to a hotel/friend’s wifi router, you already know how to choose 2.4GHz or 5GHz for the WWAN Repeater Internet access method.

You can configure the 2.4GHz and 5GHz WLAN access on the Admin Panel → Wireless webpage. You can leave both bands enabled, or set only one band enabled/other band disabled. If a user device connects to the same band as the Repeater WWAN, then it will have half speed.

Your current setup would probably work if you proceed to set up the OpenVPN client.

I initially tried to set this up by changing Network → Network Mode from Router to Extender. This is wrong.
Set the Network Mode to 'Router and use the Internet Tab to configure the wireless access point of the Network you want to connect to.

Rather obvious once you’ve done it the first time. :grin: