VPN Client-Server configuration - Working remotely with company VPN

Hi guys!

I have just bought the GL.iNet GL-MT1300 (Beryl) router.

My main purpose is to use it as VPN client while I am working remotely from another country, mainly to connect to a VPN server in my home town so the IP shown is the one from home and not the one from where I am actually :slightly_smiling_face:

I am not very familiar with VPN setup and I still need to create the home VPN server: Would the GL BRUME MV-1000 router good choice to setup the VPN Server via Wireguard/Open VPN? Any other router with Wifi capability with good performance?

I usually work with my company laptop connecting via company VPN (Cisco AnyConnect software), would it be feasible to work with the compay VPN at the same time my laptop is connected to my home VPN server via Beryl router, so the IP shown is the one from my home town?

I really appreciate your help!

The Brume-W is solid but the wifi is not the best - limited to single-channel 2.4ghz.

I’d look into the Flint, it has great WireGuard performance (up to double as much bandwidth as the Brume-W… thought it won’t matter, they can both handle the maximum that Beryl can) and supports dual-band wifi.

The setup you want will work exactly as you describe. Setup a WireGuard server at home, generate a client config, then copy it over to the Beryl. Connect using your Beryl and when you connect to your office VPN it will show them your home IP.


The GL-MV1000 Brume should give good speed of 100+Mbps for remote work over Wireguard, with the GL-MT1300 Berry being the limiting factor. As a home VPN server, it is best to use an Ethernet cable to connect its WAN port to your ISP device. If the ISP device is a router, then you will have to configure port forwarding on it to the Brume.

If you also want to add 2.4GHz/5GHz wifi to the Brume for home use, then you can plug in a wifi USB adapter. I have a TP-Link T2U Plus for $10-$15 plugged into my GL-MV1000W that gives me 5GHz wifi in addition to the built-in 2.4GHz wifi.

I do not work for and I do not have formal association with GL.iNet

You don’t agree that the Flint would be better in this scenario? I have both and kind of feel that the Flint (though not perfect) has superseded the Brume.

Thanks both for your detail explanation. That will definitely help me to setup my Wireguard server. I think I’ll look into the Flint router.

One additional concern:
As I understood, I have to connect the Flint to my current ISP router via WAN port and configure the port forwarding on ISP router to the Flint. Regarding the IP adress provided by my ISP which I think is dynamic and not static, should I be worried about this? Should I configure anything to make the Wireguard server work with dynamic IP?

Thank you again!

Double NAT isn’t the greatest so hopefully you won’t need your ISP router or at worst can change it to bridged mode. Though it may be possible to use the Flint as a network client - never tested this myself.

Some ISP router+modem combos allow you to login and change the device to modem only (bridge mode), but if it’s only a router then it’s more likely the whole device can be swapped for the Flint.

The Flint (and all GL-iNet products) have a dynamic DNS service and you will connect to the dynamic name instead of a fixed address in the WireGuard config.

Hey guys. I hope some of you see this. I have the same problem and goal. I want to connect to my companies cisco anyconnect vpn while working abroad.

I have just been looking at it. So I know very little.

What if I dont use the wifeguard home server and only connect via slate/opal router through one vpn wifeguard client which I will take with me.

Would that be ineffective to hide my location? And not using home server would make my connection better maybe?

And how do we do the port forwarding confg.? I couldnt find anything about it?

Thank you.

Hey! I am not any expert on this but I have finally managed to build a VPN wireguard network using one Flint router as “wireguard server” installed at my home location and one Beryl router as “wireguard client” at my remote place. I can confirm that my vpn company cisco anyconnect is working pretty good at the same time vpn wireguard is connected and showing the IP from my home location.

I guess you will need either to build a wireguard home server (this will show your home IP) or to use a commercial vpn like Mullvad (this will show an IP from any datacenter from the chosen location). Preferably use the first one and have the second as backup.

I had to open port 51820 on the router I have at home (behind the Flint router) and put it in “bridge mode”. I also enabled the ddns on the Flint router (Applications → remote access → Dynamic dns).

Let’s see if some experts in the room can give you some advice on this :slight_smile:

It is some kind of another topic, so you should start a new thread with a more specific question. So far:

When you take your one router with your, what will be the endpoint for the VPN? You can’t just start Wireguard and magical “be at another place”.
But as said before there are professional services, where you can login. I prefer my own hosted infrastructure, so I don’t have any experience in this field.

This depends on your router/ISP/connection/…There is no one for all manual.
A good start for many routers is: https://portforward.com/

But configure networks without understanding it is never a good idea. You’re about to break the security GL-iNet is providing.

I will connect through one of the vpn services provided and only use one travel router which I will take with me. There wont be any home server connected to my wifi modem at home. Since connecting through vpn servers, I shouldn’t be needing one home server with brume or flint etc. Right?

Thats the one point Im confused, setting up home server is to make my IP look like its coming from home to make it more solid? Or is it a necessity with doing this kind of location hiding.

And I have vodafone Dsl modem at home, does that mean I have to configure port forwarding?

And laslty, what do you mean by breaking the security GL-INet providing?

Hey @oscargp! I am not very familiar with VPN setup, I would appreciate if you can answer some of my questions. Any ressources will be useful :blush:

1- How did you manage to build the VPN wireguard network using the Flint router? Ps: I bought the GL-AX1800

2- How did you open port 51820 on the router, put it in “bridge mode”, and enable the ddns on the Flint router?

3- Is your set up still working perfectly? How long has it been now? Any issue faced? If yes, how did you resolve it?

Thank you!

Hi Charl,

Sorry for my delay in my answer. I will try to summarize what I did, however I am not an expert on this matter, so any comment on this from anyone is welcome :slight_smile:

1.- I have my GL-AX1800 behind my home router (+modem) provided by my ISP. I installed VPN wireguard on my GL-AX1800 router by going simply to admin panel → VPN->Wireguard server-> initialize wireguard server

2.- I think you have here different options depending whether you use an ISP router behind your GLinet router. You should go to the admin panel of your ISP router, and here you should: a) activate the “bridge mode” if available, if not I think another option is to activate DMZ for your GL-AX1800 by making the ip of your Flint “accesible” from you ISP router and b) open port 51820
To enable ddns on the GL-AX1800 you can go to your GL-AX1800 admin panel → applications → remote access → enable ddns

3.- It is working awesome, for at least 6 months now. No maior issues so far, working fast and smoothly.

I hope this may help. Cheers!


Can you tell me. My ISP is connected to a netgear router, i have to connect my GL-ax1800 to that router.
I can put wire between the a netgear port to the Gl-ax1800. Should I put it in the WAN port on the Gl-ax1800 or a LAN port.

I want to start up a wireguard server on that setup and a wireguard client on my berly.

Can you tell me what else I need to do to the netgear router so I can do that?

Pls use this setup

ISP modem → (wan port) Netgear router (lan port) → (wan port) AX1800

You should set up port forward on your Netgear, 51820 to AX1800

I did what you asked. Tried to check port but no luck. Below is what my router looks like after setting up port forwarding. when test i get tghe following error
Closed Port 51820 is closed on 1xx.xxx.x.xx.

here is my router setup…

Port Forwarding Portmap Table

Service Name External Port External IP Address Internal Port Internal IP Address

1 glpass TCP/UDP: 51820 Any TCP/UDP: 51820 1xx.xxx.x.xx

Does access controll need to be turned on? This is a route function , under attched devices on route menu.

Apply Cancel
[You can use Access Control to allow or block computers or electronic devices from accessing your network.](javascript:loadhelp(‘AccessControl’,‘enable_acc_control’))
[Turn on Access Control](javascript:loadhelp(‘AccessControl’,‘enable_acc_control’))
[Access Rule:](javascript:loadhelp(‘AccessControl’,‘access_rule’)) This is a general rule. You can also allow or block individual devices.
Allow all new devices to connect
Block all new devices from connecting

Allow Block Edit Refresh
Status Device Name IP Address MAC Address Connection Type

Allowed ESP-8Cxxxx 1xx.xxx.x.xx Wired

The “Access Control” is on your netgear, right?

You can post the screenshot of settings you have done on your Netgear. Otherwise I have no idea.

How can I override geolocation from the router by VPN? Because when I install VPN on my glinet router, it changes only IP and IP location. I can’t turn off my work laptop geolocation nor I can’t install the VPN app on my laptop. How can I adjust the overriding geo-location with VPN service from the direct router?

Hi guys, total newbie to VPNs and learning from here and youtube. I think I have the same query as everyone else so no need to create a new thread? Instead if possible, please can I ask if an expert can point out where I’ve probably gone wrong, especially bullet point (3) as still trying to digest the info. Thank you!

  1. Setup from vvv’s diagram: my home router/modem → GL home router (wireguard server) → GL travel router (wireguard client) → laptop.

  2. Laptop options - We work 99% from Google Suite and 1% from another SaaS so the options are (a) Work laptop + cisco vpn (b) Own laptop which would only be used for work (but possibly no access to the SaaS which I’ll test tomorrow, but this is not business critical to my role). Mostly I’m on Google Meets calls, gmail, google sheets and google slides.

  3. Current home router/modem doesn’t offer static IP but found these links - do they make sense and if I follow them will it work? Port forwarding/bridge query: a) Answer 6: Port Forwarding - NOW Community AND b) Port mapping/redirecting - NOW Community

(4) Other handy tips given by users: Need to go the kill switch option. Make sure wifi & bluetooth is off. Time zone manually selected. Use ethernet cables. Use phone 2FA on airplane mode. Test before going anywhere new.

Thanks again for any feedback!

If you have an android phone, and are using an account on your phone logs into your work Google Suite account, you can never take your phone out of airplane mode, and even that may not be enough, as Google also use WIFI Access Point data to pin point your location. Hiding a computer is much easier than hiding a phone.

Google is really good at finding out where you are at in the world.

1 Like