VPN Client-Server configuration - Working remotely with company VPN

Hi guys!

I have just bought the GL.iNet GL-MT1300 (Beryl) router.

My main purpose is to use it as VPN client while I am working remotely from another country, mainly to connect to a VPN server in my home town so the IP shown is the one from home and not the one from where I am actually :slightly_smiling_face:

I am not very familiar with VPN setup and I still need to create the home VPN server: Would the GL BRUME MV-1000 router good choice to setup the VPN Server via Wireguard/Open VPN? Any other router with Wifi capability with good performance?

I usually work with my company laptop connecting via company VPN (Cisco AnyConnect software), would it be feasible to work with the compay VPN at the same time my laptop is connected to my home VPN server via Beryl router, so the IP shown is the one from my home town?

I really appreciate your help!

The Brume-W is solid but the wifi is not the best - limited to single-channel 2.4ghz.

I’d look into the Flint, it has great WireGuard performance (up to double as much bandwidth as the Brume-W… thought it won’t matter, they can both handle the maximum that Beryl can) and supports dual-band wifi.

The setup you want will work exactly as you describe. Setup a WireGuard server at home, generate a client config, then copy it over to the Beryl. Connect using your Beryl and when you connect to your office VPN it will show them your home IP.

suggestion

The GL-MV1000 Brume should give good speed of 100+Mbps for remote work over Wireguard, with the GL-MT1300 Berry being the limiting factor. As a home VPN server, it is best to use an Ethernet cable to connect its WAN port to your ISP device. If the ISP device is a router, then you will have to configure port forwarding on it to the Brume.

If you also want to add 2.4GHz/5GHz wifi to the Brume for home use, then you can plug in a wifi USB adapter. I have a TP-Link T2U Plus for $10-$15 plugged into my GL-MV1000W that gives me 5GHz wifi in addition to the built-in 2.4GHz wifi.

I do not work for and I do not have formal association with GL.iNet

You don’t agree that the Flint would be better in this scenario? I have both and kind of feel that the Flint (though not perfect) has superseded the Brume.

Thanks both for your detail explanation. That will definitely help me to setup my Wireguard server. I think I’ll look into the Flint router.

One additional concern:
As I understood, I have to connect the Flint to my current ISP router via WAN port and configure the port forwarding on ISP router to the Flint. Regarding the IP adress provided by my ISP which I think is dynamic and not static, should I be worried about this? Should I configure anything to make the Wireguard server work with dynamic IP?

Thank you again!

Double NAT isn’t the greatest so hopefully you won’t need your ISP router or at worst can change it to bridged mode. Though it may be possible to use the Flint as a network client - never tested this myself.

Some ISP router+modem combos allow you to login and change the device to modem only (bridge mode), but if it’s only a router then it’s more likely the whole device can be swapped for the Flint.

The Flint (and all GL-iNet products) have a dynamic DNS service and you will connect to the dynamic name instead of a fixed address in the WireGuard config.

Hey guys. I hope some of you see this. I have the same problem and goal. I want to connect to my companies cisco anyconnect vpn while working abroad.

I have just been looking at it. So I know very little.

What if I dont use the wifeguard home server and only connect via slate/opal router through one vpn wifeguard client which I will take with me.

Would that be ineffective to hide my location? And not using home server would make my connection better maybe?

And how do we do the port forwarding confg.? I couldnt find anything about it?

Thank you.

Hey! I am not any expert on this but I have finally managed to build a VPN wireguard network using one Flint router as “wireguard server” installed at my home location and one Beryl router as “wireguard client” at my remote place. I can confirm that my vpn company cisco anyconnect is working pretty good at the same time vpn wireguard is connected and showing the IP from my home location.

I guess you will need either to build a wireguard home server (this will show your home IP) or to use a commercial vpn like Mullvad (this will show an IP from any datacenter from the chosen location). Preferably use the first one and have the second as backup.

I had to open port 51820 on the router I have at home (behind the Flint router) and put it in “bridge mode”. I also enabled the ddns on the Flint router (Applications → remote access → Dynamic dns).

Let’s see if some experts in the room can give you some advice on this :slight_smile:

It is some kind of another topic, so you should start a new thread with a more specific question. So far:

When you take your one router with your, what will be the endpoint for the VPN? You can’t just start Wireguard and magical “be at another place”.
But as said before there are professional services, where you can login. I prefer my own hosted infrastructure, so I don’t have any experience in this field.

This depends on your router/ISP/connection/…There is no one for all manual.
A good start for many routers is: https://portforward.com/

But configure networks without understanding it is never a good idea. You’re about to break the security GL-iNet is providing.

I will connect through one of the vpn services provided and only use one travel router which I will take with me. There wont be any home server connected to my wifi modem at home. Since connecting through vpn servers, I shouldn’t be needing one home server with brume or flint etc. Right?

Thats the one point Im confused, setting up home server is to make my IP look like its coming from home to make it more solid? Or is it a necessity with doing this kind of location hiding.

And I have vodafone Dsl modem at home, does that mean I have to configure port forwarding?

And laslty, what do you mean by breaking the security GL-INet providing?

Hey @oscargp! I am not very familiar with VPN setup, I would appreciate if you can answer some of my questions. Any ressources will be useful :blush:

1- How did you manage to build the VPN wireguard network using the Flint router? Ps: I bought the GL-AX1800

2- How did you open port 51820 on the router, put it in “bridge mode”, and enable the ddns on the Flint router?

3- Is your set up still working perfectly? How long has it been now? Any issue faced? If yes, how did you resolve it?

Thank you!

Hi Charl,

Sorry for my delay in my answer. I will try to summarize what I did, however I am not an expert on this matter, so any comment on this from anyone is welcome :slight_smile:

1.- I have my GL-AX1800 behind my home router (+modem) provided by my ISP. I installed VPN wireguard on my GL-AX1800 router by going simply to admin panel → VPN->Wireguard server-> initialize wireguard server

2.- I think you have here different options depending whether you use an ISP router behind your GLinet router. You should go to the admin panel of your ISP router, and here you should: a) activate the “bridge mode” if available, if not I think another option is to activate DMZ for your GL-AX1800 by making the ip of your Flint “accesible” from you ISP router and b) open port 51820
To enable ddns on the GL-AX1800 you can go to your GL-AX1800 admin panel → applications → remote access → enable ddns

3.- It is working awesome, for at least 6 months now. No maior issues so far, working fast and smoothly.

I hope this may help. Cheers!

1 Like