Using GL-MT3000 as Travel Router with Roku/Hulu

Is this even possible? I just bought the GL.iNet GL-MT3000 WiFi router (firmware v4.7.0) to solve a particular problem. While away from home I bring a Roku streaming stick to connect to the hotel TV so I can watch my Hulu + Live TV content including my local channels and recorded shows just like I can at home. Unfortunately, for some time now, Hulu will not allow me to see the content I pay for while I am on another WiFi network. Can I use the GT-MT3000 router to tunnel the Roku through my home network and present Hulu with my home IP address? I have tried various settings in the router, but cannot get this to work. I can connect the router to the hotel WiFi and connect all my devices to the router Wifi just fine, but they all still present the Hotel IP to the remote network. Am I missing something?

Yes, it can when the MT3000 connects to the Home via the VPN tunnel like WireGuard or OpenVPN, that the Internet access of the MT3000 clients present the home IP, and also able to access the local channels.

Did the router establish the VPN client tunnel with home server?

1 Like

Thanks for the reply. I have Tailscale activated, but I did not know I needed to configure Wireguard VPN. I can see it in the MT3000 GUI menu, but I do not know how to configure it. BTW, my home WAN has a static IP.

You don't mention what you have at home. I guess you have the standard ISP Router.

In order to make full utilization of the Wireguard VPN service on the MT3000, you will need to host a Wireguard Server at home for it to connect to. From experience, this can either be quite easy, or horrendously fiddly, and both resolve to mediocre performance results.

Do yourself a favour and concider the Flint-2 GL-MT6000 as your main home WiFi/firewall. This makes setting up VPN connections a breeze, and its Wireguard VPN performance is well revered.

In order to do this, you will need to place your main ISP modem in Passthrough mode, so its not interfering with the MT6000 network operations.

-edit- Or concider the new Flint 3 - there is very little detail on this though unfortunately, but assume its a much more performant beast.

What you are asking is if you can route via a VPN from the hotel's internet and basically tunnel all the data to and from your home connection.

I think the question of home router may be a start. Many offer VPN built in. Could create a virtual machine on some home computer if no other way.

I might consider a choice like Tailscale as it has some config features but one has to supply public credentials. That is the common complaint.

Think there is a video I watched on this at tailscale maybe where a user had a travel router for this task.

Hi,

Model: GL-MT3000 / Beryl AX - AX3000 WiFi 6 Router
Device ID: oefb500
S/N: d15d5c2aa5f0edc9
Purchase: Amazon 2/10/2025
Admin IP: 192.168.8.1

Well, I think I have a more serious problem now. The router is bricked. Here is the background...

Out of the box, I set the router up with WiFi and updated to the latest firmware. I then configured all the basics and customized my login and configured both 5G and 2.4G WiFi. I set the MT3000 Repeater to my home WiFi and everything worked fine - I was able to connect my other devices to either 2.4G or 5G and have Internet access. I then enabled Tailscale because I have a TailNet on my PC and mobile devices thinking that would provide that Roku IP spoofing I wanted, but that did not work, but I left Tailscale enabled. Everything else still worked fine.

So, then last night I tried to follow that Wireguard guide you sent me. I configured and started the Wireguard Server on the MT3000, generated a client config:

[Interface]
Address = 10.0.0.2/24
PrivateKey = uAVERJ5/G90IEobOkXpnCdIZMKCcREpvCrIXO4otBWk=
DNS = 64.6.64.6,10.0.0.1
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 63.231.98.102:51820
PersistentKeepalive = 25
PublicKey = r8QfraUbQcYi4VkTCs6Bx7EXYMyZ2lQScn9RjxiOLCw=

and loaded it. I was a bit confused about the relevance of the term "Client" and thought it pertained to each device I wanted to use to VPN through the Router. So, I named it "iPad Mini". I then set the Repeater in the MT3000 to my iPhone 14 Pro Max HotSpot. I can't remember now if it worked, but since then, every time I try to access the router admin page from my PC (which I had done dozens of times before), I would get "Connection timed out" error and the router's blue light would start flashing.

I first tried unplugging the router for 15 sec. then replug and the blue light would come on solid. When I tried to access the admin page from my PC - same problem.

I then tried the 3-sec push on the reset button. The blue light would flash rapidly several times and would come on solid. When I tried to access the admin page from my PC - same problem.

I then tried the 10-sec push on the reset button for a factory reset. The blue light would flash rapidly several times and would come on solid. When I tried to access the admin page from my PC - same problem.

After leaving it unplugged overnight, I plugged it in and the blue light blinked twice then came on solid. When I tried to access the admin page from my PC - same problem!

What can I do now?

P.S., I forgot to mention my home router is a CenturyLink Make: Zyxel, Model: C3000Z
currently on DSL line and configured with 5 static IPs at 140 Mbps. Looming in the near future is FiberOptics GigaNet. They have it up our cul de sac, but not yet to the houses. So, I am loathe to replace my home router just now.

To be honest I doubt DSL will provide the speed you wish to watch any sort of video on the road.
Second is using tailscale with wireguard. Not sure you are supposed to use both.
Tailscale you set up on their site to match clients.

Now the travel router recovery method.
I might start with wired connection only to router from some computer. If you set to dhcp in the nic and reboot from cold boot to see what you might get for an ip address. Let us know if it's 169.x.x.x.

Use command line arp -a to see if anything on nic.
I say cold boot because if you have patch cable you may need cold boot to get it to act like a crossover.

You might want to read this Digital Nomad VPN Tutorial using Wireguard or Tailscale
Configuration exemple how to have an "exit" node to internet, at home using the home IP address, when travelling abroad.

Two GL-inet routers as tailscale clients should be enough. The Raspberry Pi in this link has yet another function. (The Tailscale network server function, which probably today is OK on some GL-inet routers)

Travel GL-inet router and home GL-inet router can both be Tailscale client function devices, where the home router is a Tailscale exit node.

Thanks. You guys and/or gals are just terrific. With the info you provided, I was able to get the MT3000 router back up running, configured (except for VPN) and functional on WiFi, both 2.4G and 5G. Odd thing though, although I can connect my various devices to the router WiFi and get Internet access with the router repeater set to my home WiFi and I can get to the router admin page with my iPad, when connected to either the MT300 2.4G or 5G WiFi. I can NOT get to it from my Windows 10 desktop PC, which used to work before I bricked and reset the router. I get connection timed out on 192.168.8.1. My PC is wired Ethernet to my home router and I also connected it via WiFi to either the 2.4G or 5G WiFi on the MT3000 - neither worked. BTW, my home router is a Zyxel C3000Z provided by CenturyLink with 5 static IP addresses on a 140Mbps DSL line.

I was also able to connect the MT3000 repeater to my iPhone 14 HotSpot on cellular only and get Internet acces over the MT3000 WiFi. I have not yet attempted the VPN in that config to simulate a hotel connection because, even reading the VPN doc you referred me to, I am a bit confused.

I have Tailscale installed on my devices and have successfully used it to do Windows RDP from my iPad to my PC. Should I use Tailscale on the MT3000 to achieve my goal of spoofing my home IP on the Roku? Since I have a static IP at home, how do I tell it my home IP address?

While you can certainly use Tailscale you do not need to with a public static IP address at your residence. My opinion would be to use "plain" WireGuard which has less overhead than Tailscale. But, if you future ISP does not offer a pubic static IP address then just stay with Tailscale.

Fully agree that "plain" Wireguard, or own Tailscale/Zerotier server is better than going via Tailscale/Zerotier services. (That said, Zerotier will automatically make the shortcut, if that can work with your setup (TUN replacing TURN))

Your static home address is seen with www.whatismyip.com or similar website.
With variing IP address (not fixed, usually changes every 24 hours) use DDNS.

Zeroscale and Tailscale make an overlay network, and your mobile and home devices will be seen in the services management web page, no need to enter their public IP address anywhere, as your devices initiate the connection in the service case.

There are many DDNS services possible , even GL.inet is providing one Dynamic DNS - GL.iNet Router Docs 4 (giddns.com), but there are also dedicated DDNS services like www.noip.com. DDNS can also be used with static IP addresses, for URL convenience.

Okay, I am trying to use my iPhone 14 Pro Max to simulate a hotel WiFi connection using my new MT3000 router. I have WiFi shut off on the iPhone so it only has Internet access via the cell service. I can connect to the iPhone hotspot from my iPad reliably every time, but NOT the MT3000. It sees the hotspot when I select Switch Networks under Repeater, but sometimes it is not green showing available. If it is green, sometimes it connects to the hotspot, but often it does not, and I get repeated timeout messages. BTW, all devices are in the same room and it does not seem to matter if I have Maximize Compatibility on or off under Personal Hotspot on the phone. Why is it so unreliable? Am I dong something wrong?

It seems that the repeater connection of the MT3000 to iPhone is not very stable.
Please export syslog and PM me to check the repeater issue.

Bruce, thanks for the reply. Two questions: 1. How do I PM you? and 2. I\On the Log page I clicked on Refresh then Export, I got a popup that said "Do you want to download logread.tar?", I clicked yes, where is the exported log?

The download path is related to your browser or you manually choose, please check it


Please PM me the issue syslog which the MT3000 connect to phone hotspot by repeater.

Bruce,

I think I just sent you two PMs. One with a message and my fist attempt to upload the logs zip and a second with a successful upload. Did you get them.

Hello,

Received the syslog and checked.

I saw that there were many error packets of wireless interfaces in the log timeout, which was caused by too many packet errors in the repeater interface.

  1. Try restarting MT3000 and reconnecting to iPhone by the repeater again

  2. Test whether the MT3000 connects to others AP normally by the repeater

  3. Try manually upgrading to 4.7.0-op24 firmware
    GL.iNet download center

Sync the PM to public thread:

JoeRL:

Hi Bruce,

Thanks for taking the time to review my MT3000 logs and sending your suggestions:

1. Try restarting MT3000 and reconnecting to iPhone by the repeater again
        I have reset the router many, many times with both the reset button and power off/on,    with no change in behavior

2. Test whether the MT3000 connects to others AP normally by the repeater
        Yes, it connects just fine to my Office 2.4G and 5G (ISP Modem/Router) and my Family Room 2.4G and 5G (Ubiquiti UniFi AP AC Lite)
        BTW, my iPad always connects to the iPhone HotSpot just fine.  See attached screenshots of SpeedTests 

3. Try manually upgrading to 4.7.0-op24 firmware
    GL.iNet download center
    I am already at Firmware v4.7.0 release3.  Is 4.7.0-op24 different?

I did some more testing today. I suspected that maybe all the other electronic equipment in my office (where I had been testing up until now) might be interfering with the RF signal between the router and the iPhone. But, why does my iPad connect just fine to the iPhone HotSpot (see attached screenshots of SpeedTests) but not the router? So, I went to a room on the upper floor on the other side of the house which has no other electronics with all 3 devices - iPad, iPhone, MT3000. The results were the same - my IPad connects to iPhone HotSpot with GREAT stable connection (see attached SpeedTest screenshots), but the Router Repeater recognizes the iPhone from previous connections, but does not even see a signal, and this test was of course after power off/on of the router to move it to another room. Also the Router Repeater connected fine to my Office 2.4G and 5G as usual.

Also attached is the Router logread.tar file.

Regards,
Joe R. Luciano


Bruce:

Hello,

Thanks for you detailed testing.

Let's continue to communicate in the public thread, except the log files, no longer need to communicate via PM.
Since if we communicate on the thread, it can let R&D or relevant personnel see the results simultaneously.

Btw, if you want to connect the router to the hotspot of iPhone, (including the Windows PC or Android, non-apple devices), you need to turn on the screen on your iPhone > Settings > Personal Hotspot > enable "Allow Others to Join", and wait for the router repeater to connect to the iPhone before the iPhone turns off the screen.

Is this how your repeater connection process operated?

Since if the iPhone screen is off, its hotspot is not broadcasting/displaying, it just maintains the currently connected device.

Since MT3000 connects to WiFi of other devices is normal, it means there is no problem with MT3000 repeater.

I have also tried to reproduce it locally: MT3000 connects to my iPhone hotspot and follow the above operation, without issue, the connection is normal and stable.

The 4.7.0-op24 firmware driver is open-source, compared with 4.7.0 rc3 is a closed-source driver.
Some network environments have better open-source driver compatibility, while some network environments have better closed-source drivers, so this test is mentioned.

Thank you.