VPN with T-Mobile home 5G

Hello, I need to set up a VPN and I have T-Mobile home internet…Is this possible with GL-AXT1800. If so how do I accomplish this.

VPN client or server? The server will be difficult as T-Mobile home internet uses CGNAT. You’ll most likely need a vps as a middleman.

ok, I will use frontier and get rid of T-mobile…Im looking to set up this vpn so do I need to ask them for a public IP address? and is this something that cable companies will usually do? Thanks for the fast response

I’d call them and ask for a public IP.

The public IP allows connections in to the router but isn’t necessary for connections from the router to somewhere else. That’s why having a vps is suggested as a middleman, but there are other solutions. You can set up a free vps with Oracle.

It depends a little on what your speeds are, but sure, getting frontier fiber and symmetrical 1Gb is going to be better than T-mobile Home, if you need the speed.

ok so how do you set up the free Oracle vps ?

There are a bunch of guides at Oracle and other places on the infowebs, but basically you start a free tier on Oracle Cloud Infrastructure at one of their sites (I used Frankfurt), create an ARM instance, load the image with VPN, and connect into it on both sides. The free tier gives you 500 up/down, so more than enough for T-mobile Home.

I am doing this, as I have a router with a family member who is using a 5G internet connection, and it works great, BUT unless you understand firewalls, both on Linux and Oracle cloud, have some Linux admin skills from the CLI, and know a little about iptables, or have the time and desire to learn these things, it may be a difficult solutions.

actually my I’m going to use my brothers Frontier internet but trying to understand the public static address situation

Public IP address come as static or dynamic, where static IP addresses do not change, and dynamic IP addresses may change. I have never had a static IP address at any placed I have lived, and never needed one, as DDNS can change your DNS name to match your current IP address. It is included as part of the GL iNet firmware. Take a look at: Dynamic DNS - GL.iNet Router Docs 4

You mean, the opposite. Use the DNS name to find your current IP address. The IP changes, not the DNS name. Or maybe, DDNS replaces your DNS name with your current IP address.

So I don’t need a public IP address to set up a VPN server before I travel? the DDNS will take care of it. I trying to see why are they saying I need a public IP address to set up a VPN server.

You need a public IP address, but it can be static or dynamic. If it is dynamic, you need to use DDNS.

ok just out of curiosity why does it need to be public? Also is it normal for cable internet providers to provide this service?

To be able to reach your home VPN router externally (like from a hotel or coffee shop), it needs to have a public address. If you are behind something like a CGNAT (Carrier-Grade NAT), where your ISP does not give you a public IP address, there is no direct way to route from a remote locations your home VPN router.

Because the world is running out of IPv4 addresses, some ISPs use CGNAT, so that a single IP address can support many users to reach the internet, but as it is a shared resource, you cannon have external systems directly connect to VPN routers behind a CGNAT. Up until recently, I have always had my ISP give me a public, dynamic IP address, but now I have a VPN router that is behind a CGNAT at a family members house. To reach this VPN to router, I send my traffic though a VPS that has a public IP address, and I have my VPN router connect to this VPS, which enables it to receive my remote connection. Its tricky and networking is hard.


Tailscale and zerotier work over cgnat for connection into local lan services, not sure if they can be made to work for overall wan use as well

Hello what’s the best vps service that I can purchase monthly?

You need to define best. If you are looking for the cheapest that allows a lot of Internet data, Oracle Cloud free tier would be on top of that list. You need to setup your free tier account in an Oracle Cloud location that has available free tier VPSes, which is not always apparent. You are not allowed to move the location of your free tier account, so choose wisely. I have 4 VPSes setup on my Oracle Cloud account, running Ubuntu. All 4 work great, and all 4 have public IPv4 address. The first 2 were setup shortly after Larry Ellison announced the Oracle Cloud Free Tier in Sep 2019. No costs, great uptime, 10 TB of egress internet data per month, what more can you want?

If you are looking for cheap paid for VPS, take a look at:

They have a list of companies that charge around $1/month for a VPS that has enough resources to run both Wireguard and OpenVPN. I have VPSes running my VPNs fine with 1CPU and 1GB of RAM running Ubuntu as a server (NO GUI). Do not expect these VPSes to be perfect, as my experience is once or twice a year, they go offline for various issues for up to a day. I currently have a few of these systems, and they work fine, and cost me less then a Starbucks coffee per month. Best deals can be found around Black Friday.

Getting into more money, look at: IONOS, GoDaddy, DreamHost, Hostinger, Hostwinds, …
I don’t use any of these as I am cheap, and happy with what I have.