VPN setup using 2 GL-MT3000 and a modem with a sim card

Routers VPN, DNS, Leaks
1

Hi,

I need to set up a VPN using Wireguard/OpenVPN that uses cellular data from a sim card that has to be physically left at home. In points, what I want to do:

  1. As an internet provider, I need to use cellular data from the sim card which is left at my home location.
  2. Internet can be shared via Modem/Router to VPN server which is setup by my GL-MT3000 device.
  3. Another client device (also GL-MT3000) can access the VPN outside my home location which ultimately uses the cellular data from the sim card.

Questions:

  1. Is that possible to setup in such a way?
  2. What requirements should the modem/router for the sim card have? I.e port forwarding option, something else? Any models that will do the job for sure?
  3. Are there any other differences in setting this up than when using normal ISP (e.g. normal home WiFi).

Thank you for help.

2

Cellular mobile providers normally do not give out dedicated public IP addresses, only CGNAT shared public IP addresses. In these cases, you would not be able to host a VPN server at home. You may be able to get around this CGNAT issue via AstroRelay astrorelay.com.

A “normal” ISP that gives a dedicated public IP address would be preferred and many ISP modem/routers have port forwarding capability.

I do not work for and I am not directly associated with GL.iNet

3

Tailscale or Zerotier (which are already available in the MT3000 interface) may be a better solution, especially due to the fact which wcs2228 mentioned about public IP addresses, especially on cellular. Astrorelay seems similar.

If you still needed a wireguard / openVPN connection specifically you could possibly set that up inside the other connection.

4

Hi, thank you for the reply.

My current setup is now:

  1. a SIM card with Alcatel HH40 4G router with port forwarding enable
  2. GL-MT3000 as a server vpn for wireguard with DDNS enabled
  3. Another GL-MT3000 as a client

I can’t connect my client to the server though. Is it perhaps because of that CGNAT issue that you mentioned? If I use dynamic DNS that is provided by MT3000 server, should that solve the issue that you mentioned?

5

Thanks! I will have a look at the Tailscale seems to be promising. Do you think it should work with my setup?

  1. a SIM card with Alcatel HH40 4G router
  2. GL-MT3000 as a server
  3. Another GL-MT3000 as a client

The outcome is that I want to be able to connect with client GL-MT3000 when I am outside my home location to the cellular internet provided by the SIM card which is left at my home location.

6

DDNS will not get around the CGNAT issue as long as there is no dedicated public IP address.

1 Like
7

My personal opinion is that AstroRelay is simpler for your basic use case.

8

Ok, thanks I will try that.

9

Hi, I’ve followed the tutorial step-by-step but I am getting a following error when I try to set it up on my GL-MT3000 client (latest firmware). Everything was correct until the last point, do you perhaps know why this might fail?

Zrzut ekranu 2023-10-19 163351
Zrzut ekranu 2023-10-19 1633511213Ă—525 27.7 KB

10

Have you set up the GL-MT3000 server using Astrorelay, Tailscale or Zerotier?

The log shows an error about json data and unknown operand that I do not know. Maybe GL.iNet can assist.

The mwan3 message may be a result of that.

11

Hi,
It seems there is something set incorrectly in configuration file.Could you post me the wireguard configuration file?

12

And what is the firmware version of your MT3000?Could you help to run “cat /etc/config/gl_block” if you are using v4.4.6?

13

Hi I replied to you with PM., thanks!

14

hi
I have tested the configuration file you provided, the result of capturing packets shows that the wireguard server didn’t response to wireguard client’s handshake request, maybe for server is offline or server IP is blocked by mobile providers,etc.I have PM you the screenshot of capturing packets.