1- GL-X3000 that connects to a 5G network behing CG-NAT
2- GL-MT3000 that goes with me on my travels
I want to be able to connect to my home network (GL-X3000) and use my home connection to acess the internet.
What is the best way to achieve this?
My solution was:
1- create a zerotier ip on each router
2- setup a wireguard server on GL-X3000
3- setup a wireguard client on GL-MT3000 using the zerotier IP from GL-X3000.
It works but speeds are slow.
If I use a Raspberry Pi as the wireguard server speeds are higher.
Is this the best solution?
Are there other solutions to try?
Any setup that could improve the speeds?
I use a free Oracle cloud VPS to give me a public IP address, and have my AR300M router, which is behind a NAT, setup a Wireguard connection to the VPS when it boots. I then use iptables on the VPS to route the traffic from specific ports to my AR300M over the Wireguard link. The AR300M is setup with 3 VPN clients, OpenVPN, Wireguard and SoftEther, as some remote locations I use block one or more ports or VPN protocols. As the Oracle VPS can pass packets quickly, I get the full speed of the AR300M when using Wireguard. As I control the VPS, I have it do some pre-filtering of packets before it passes on the packets.
I originally set this up using GL iNet firmware on my AR300M, but I recently changed over to 23.05 OpenWrt as I don’t feel that GL iNet is going to support the AR300M firmware much longer, and I found it was easier to setup with the generic OpenWrt, as GL iNet does not support this type of setup. My main travel router is an AR750s.
This setup allows me to use a family members home IP address while on travel, without them ever needing to do anything on their end, other then plug the AR300M to their home router with a short Ethernet cable.
Could the slow speed related to a bug in Wireguard Server binary on GL? Can you try to htop while testing the speed? I am suspecting that the CPU is the bottleneck!
I had the same problem, since I wanted to be perceived “at home” while working my corporate job. The best answer I have found is Zerotier + Wireguard. ZeroTier is fine for getting past your ISP’s cgnat. However, you will want Wireguard layered on top specifically for its native IP protection capabilities. If your internet ever blips, you will NEED Wireguard’s native IP leakage protection to keep you from accidentally exposing your IP. I tried brewing up some scripts to accomplish the same thing using Zerotier only, but it was overly complicated. Basically, Zerotier will be needed to bypass cgnat, and Wireguard to ensure you don’t accidentally leak your IP. I didn’t notice any performance hit by layering the two technologies, and is fully supported by the native Glinet OS. Once you setup your Wireguard connection, you just flip the switch in the Glinet OS to “Block -NonVPN traffic”. Badda bing badda boom, you are good to go!
I use a free Oracle cloud VPS to give me a public IP address, and have my AR300M router, which is behind a NAT, setup a Wireguard connection to the VPS when it boots. I then use iptables on the VPS to route the traffic from specific ports to my AR300M over the Wireguard link. The AR300M is setup with 3 VPN clients, OpenVPN, Wireguard and SoftEther, as some remote locations I use block one or more ports or VPN protocols. As the Oracle VPS can pass packets quickly, I get the full speed of the AR300M when using Wireguard. As I control the VPS, I have it do some pre-filtering of packets before it passes on the packets.
Is it possible to write a detailed setup tutorial of this VPS option to get a public IP and correct setup of iptables or point me to a nice tutorial for noobs? I am kind of new on this but would like to try this option and see if it makes a difference in performance.
Could the slow speed related to a bug in Wireguard Server binary on GL? Can you try to htop while testing the speed? I am suspecting that the CPU is the bottleneck!
The CPU is not the bottleneck. Did a top on both and the load is ok in both routers.
Zerotier is to get access to the wireguard server that is not accessable through a public IP.
Wireguard is to behave like I am doind everything from that network.
Like @goldsteinadj issue.
I travel full time and just don’t have the time to write-up my setup, especially as I do this with OpenWrt and not GL iNet firmware. As a starting point, you can look at:
Which uses similar ideas to how I implemented my setup. Also do a Google search for: