Helpful Links Port Forwarding Help: ruclips.net/video/LzBa6KsfG9A/видео.html Captive Portal Tutorial: ruclips.net/video/46nG8mhm5og/видео.html Test DDNS: justinpruett.com/glinet-troubleshoot.php Update: Many cable routers seem to struggle with TCP, please select UDP only in the Port Forwarding rule instead of both. Update: The Beryl AX came out right after this video was published, it is a much better option than the Opal in a price range that balances price and performance. Need Support? I try to answer every email and comment for free. Please see my troubleshooting page for common issues and send me an email if necessary: justinpruett.com/glinet-troubleshoot.php Want 1 on 1 Support? GLiNet has partnered with RemoteToHome to provide complete remote setup and can even handle more advanced cases not covered in the video. RTH has provided me a 5% Discount Code as well: JustinRR5 remotetohome.io/
Just wanted to share that your videos took me from essentially 0 knowledge on VPNs to successfully working remotely in Thailand for the past 4 months with no issues. Using 2 Slate AX as my setup, thanks for the help!
Wow! Thank you for sharing! Thailand doesn't have the best Internet infrastructure according to WonderShare Latency data so it is good to hear it is working there! Thank you!
So nice to hear that it works in Thailand, could you possibly test and see how the latency/ping is and preferably in which city do you test this in Thailand? I am considering working from Thailand with softphone via VPN and am very dependent on a good latency :(
@@nizzar2003 I run my home server from the UK, in Koh Samui the ping has been around 200-300ms which is obviously quite bad but I was able to take calls, there was definitely some slight delay but it was manageable. Have done video calls with no issue also.
@Speatto Thanks for sharing, I think 200-300ms can be as you say manageable, I'm thinking of moving to Phuket or Bangkok depending on where the network is more stable and which allows me to carry out my work with customer service via softphone without a large latency/ ping. @Speatto Do you also have problems with a lot of power outages considering rainy seasons or what is it like in Koh Samui?
@@nizzar2003 power outages have happened yes, I’d say 2-3 times in the last 6 months. There are coworking spaces in al lot of areas (there will be many in Bangkok) which can be useful. I’d imagine the internet stability would be similar in the main areas such as Phuket/Bangkok. I was in Phuket for a few months last year and it’s great, I will move there soon. If you’re more of a city person then Bangkok is also a great place and probably the best for work/opportunity.
This is amazing! I was trying to find a step by step video and couldn’t find anything until this. This is perfect! Ty so much! The only reason I’m doing this is because my boyfriend is in a different state for 9 months and now I can be with him 💕
I just want to want to say MANY THANKS Justin! For your time and efforts you put together to make this video tutorial. I got my GL-INET routers talking to each other.
Thanks for this great tutorial. I purchased both of the items you used in your demo and the WireGuard service works perfectly. I have used it both domestically in the US and internationally with no problems. I updated the firmware on the home Opal device today, and was warned that the process would remove custom settings, so I had to reconfigure the WireGuard server. The update added a nice feature to the configuration process where you can choose to "Use DDNS Domain" so that it generates the script including the DDNS address, so you no longer need to cut and paste that information manually.
Thank you so much. I wanted to highlight one thing: I followed the whole video and still faced an error when I was trying to connect(turn on) the VPN client. The reason behind that was my second router was not connected to the internet. So, if you are facing an error when you turn on the client after configuration, make sure your device is connected to the internet (similar to how you connected the first device to your home internet). Thanks.
It worked!! It took a while but only because of 2 majors issues #1, I didn't set up port forwarding correctly which required a call to my ISP (really take your time with this one). #2 I inadvertently put both routers on the same Wifi SSID. but switching one of the router to the 5G network, it worked like a charm! Thank you so much for uploading this Justin!
Port Forwarding is tricky and most ISP routers make it even harder, some even give it a different name! Glad you were able to get it all working though! Thanks for the comment!
Thank you Justin. This has been a great help. I travel for work and have always wanted to setup a VPN with my home network. Got the same two routers and the system works great!
Glad to hear! Thank you for watching and commenting! If there are any other tech things you have been wanting to do, let me know, I might be able to make a video about it!
Hey Justin, just wanna say thank you. I can't imagine how much time this guide saved me. All up and running first go, who woulda thought?! You're a real chief!
Hi Justin! In the screen show in minute 5:31, I have a tab that says Profiles and has this text: Each client device that connects to the WireGuard server requires a unique peer configuration. You need to create a separate configuration for each client device; each configuration must specify a unique client IP. I am unsure what to do about this. It also has an option to Add a profile
From the Server Router you can generate a profile for each Client Travel Router. So if you had three routers and two were to be used as a Client, you would generate a new profile for each one. Never use the same configuration profile on more than one device since it contains unique routing information.
@@karimlonguar5826 - The Flint has a better processor, more memory, more ethernet ports, and 4 antennas, therefore it's faster and better for only $100 bucks. They just came out with the Flint-2 ($149) as an upgraded version.
Thanks Justin your videos! It looks like for your work remote set up you recommend using the Slate AX router along with a GL.iNet Opal Router. In this videos comments though you recommend using the Slate AX with the GL.iNet Beryl AX instead of the Opal. Another guy on RUclips who makes similar content/how to videos recommends using the Slate AX travel router with GL.iNet Flint 2 router. And another guy on RUclips recommends using 2 Slate AX routers; he says the Slate AX offers faster wireguard speeds than the Beryl. 1 thing is clear - you all recommend the GL.iNet Slate AX router as the 1 to travel with. But which is the best 1 to have at home? The 4 options you 3 guys recommend are a 2nd GL.iNet Slate AX or GL.iNet Opal or GL.iNet Beryl AX or GL.iNet Flint 2. The router modem currently at home is the Xfinity Gateway XB8 (for Xfinity Comcast internet)... What router would be best to use at home with XB8?
This video is more than a year old so as new routers come out the best option changes. Currently the Flint 2 would be the fastest option but if your budget is lower then the Beryl AX is an excellent ratio of price and performance. A full list is in the description. Let me know if you have any questions or run into any issues.
@@justinreviewsandrepairs5246 I have the Xfinity Gateway XB8 router modem combo at home with Xfinity Comcast internet. I have Xfinity Comcast's largest wifi plan, the Gigabit Extra, which has up to 1200 Mbps. I'm getting the Slate AX router to travel with but I'm not sure which to get for at home - the Flint 2 or another Slate AX router? I'm not sure how to compare them or know which is better for the at home router, can you advice? Thank you!
Hi Justin, thank you for the information! I am planning on buying this router, but I have a quick question. I need to travel to South America for three weeks, but my employer does not allow me to work from there, and my computer also has a VPN set up. Can I use this VPN router to set up a US location and connect to my work VPN from there? I am new to this information, so I am trying to understand how I can do it. Thank you!
Yes, the two routers basically make a bridge from wherever you are back to your house. However, there are some speed and latency issues with video calls or anything high bandwidth like that. Also, if your home Internet goes down while you are away, you are out of luck. So be sure to test as much as you can before you go. Safe travels and thanks for watching!
@@justinreviewsandrepairs5246this is the same question I had ! So even if I my work computer has its own company built in vpn…I can still by pass this by telling the vpn that my IP address is in my “ home address “ by following your instructions? Just wanted to double confirm this information !!! Please let me know !!! And thanks once again you are the best !!!
Hello Justin. Thank you for this very useful, step-by-step guide. I appreciate your style of teaching. With your help on the nuts and bolts of this operation, my wife won't feel like she's missing out on any of her favorite streaming things while we're visiting Europe.
Thank you! Yes, that is another use for the VPN! But I was pleasantly surprised by some of the shows available in other countries as well! Back at home you can also use it to share streaming service accounts by using one IP Address at two places.
@@justinreviewsandrepairs5246 Unfortunately, I'm running into the same issue as many of the other recent commenters. Unable to start the VPN client on the 1800. The log shows the same errors others are having. 🙄I'll have to call GL Support to see if they can help.
Feel free to email me at Support@JustinPruett.com if they are unable to help. The most common problem is the Port Forwarding step which is different for everyone based on who their Internet Service Provider is. The second most common problem is trying to test using the same Internet connection as the server, which is not possible since both devices are already on the home network.
Jason, you are the best! I have different routers but the way you explained this makes it simpler to follow for other setups. I must admit I watched the videos 50 times during the last week, read through every comment and I was about to email you when I had a last idea and worked! the dot is green now!! thank you
@@TitinaOF Hi! I am trying different ways to reach viewers from other countries on TikTok by changing the IP like this. What is your situation at the moment? What do you use that State AX and Opal setup for? What's your opinion? Could something like this that I am trying work with a setup like this?
@@jonyvillanueva I only did it once and did not get caught. I work for a different company now where it’s no issue where I work and they actually encourage work from anywhere for up to 4 weeks a year!
Yes, the Travel Router establishes its own VPN connection so you can continue to use your work computer as if you were home, including their VPN service.
Hi Justin, we did all the steps but we cant get the VPN client connected with Wireguard. The log file keeps telling us that is reloading firewall du to the IFUP of modem.
Someone else is having the same problem, I am going to check if new firmware is causing it. If it's not then I wonder if you both have the same ISP causing the problem. I will try to post an update soon.
@@justinreviewsandrepairs5246 We fixed the isuue with support from GL. Instead of choosing "both" in port forwarding, we needed to choose UDP and connect the 1800 in another network than the 1200. Thank you
@@nickkoutris4873 Hi Nick, I think I hit the same problem as you did. On my Client router, the yellow light is always on the "WireGuard® Client" sign of the admin website. Per your solution, is changing port forwarding from 'Both' to 'UDP' the only change you made to solve the problem?
@@nickkoutris4873 this worked for me! I switched the port forwarding from both to UDP. I also connected the repeater with the client wireguard to a different network than the network i was forwarding on (where i had my repeater with the wireguard server). I just used my hotspot to test.
Thanks for sharing! Do you have Fiber Optic Internet at home? The distance between the two locations introduces higher latency, so using the lowest latency Internet will provide the best results.
Hi @@justinreviewsandrepairs5246 ! I was able to create my own VPN at home, thanks again!! I wanted to ask you about this: I have a friend in Spain who set up a VPN using Open VPN, but on Linux. He shared an OVPN file (server), but it's not working on my Slate AX (client). Do you think it is possible to make it work?
@@b.n.y.a1599 i made a tutorial on my channel - how to set up a vpn server and vpn router. in that video towards the end, i show a button that ensures your connection stops working whenever the VPN stops working for whatever reason.
Hi Justin, I followed your tutorial to set up my glinet router, but I'm having trouble connecting. I'm not sure where I went wrong. Do you offer paid appointments to help with setup? Thanks!
Are you using a second Internet connection for the Client Travel Router you will be taking with you? You cannot test from the same connection. If you are it is likely a port forwarding problem. Feel free to email me at support@JustinPruett.com
Hi Justin! I got everything set up just like in this video. However, when I connect my client Slate AX to a public WiFi network outside the home (Starbucks, the library etc.) I get the message " The interface is connected, but the Internet can't be accessed with IPv4 protocol." It works perfectly when I use my mobile hotspot to connect to the client router. Is there something wrong with my configuration? I am worried because I have an out-of-state trip to go on in 2 days, and need this system up and running. Thank you so much for your help! Best regards, Jennifer
Hi Jennifer, sometimes public WiFi networks require you to accept terms of use and things like that, it makes the process a lot more time consuming but it can be done: docs.gl-inet.com/en/4/tutorials/connect_to_a_hotspot_with_captive_portal/
@@justinreviewsandrepairs5246 Thank you so much, I realized that this might be the case. For anyone else, I fixed it by updating my client router to version 4.2, which has a new feature that essentially lets you spoof your MAC address by using a custom mac address. I went through the login page on my iPhone and then went into settings, clicked the wifi network I connected to, and then copied down the "Wifi Address". Then I copied that MAC address into the router, and then the wifi connected to the router perfectly. I hope this is helpful for someone!
@@justinreviewsandrepairs5246 Hey Justin, I am having the same problem and do not quite understand what to do. I tried to follow the directions that you posted but I was still having issues. It no longer gave me the error message of the internet being accessed, and said that it was connected, however, it did not load any web pages. I also tried to get on my phone hot spot to try that out and it said it was connected but then again, wouldn't load web pages saying that it was not connected to the internet. Could you possibly make a video of you using this system to connect to a phone hotspot or a different wifi network? Just so I could see it visually? Or if not, do you have any guidance? I appreciate this video and your responses so much!! If I can get it working it will be the best thing in the world (and I won't lose my job lol)!
Hey Justin! I just got this setup working using the Slate AX for the client and Brume 2 as the server. Thanks for putting this together, of all the resources online this video was the most helpful. The biggest headache for me was actually getting the port forwarding to work on my ISP modem because apparently its software sucks lol. Anyways, I just wanted to say thanks for this super comprehensive video. If you ever need a testimonial or advice with anything data/software engineering related (that's what I do) don't hesitate to ask.
@@josieicaza7031 for me it was just crappy software in the modem. Make sure that you’re setting up port forwarding on the correct device. For example, I had a modem which was the internet gateway and a separate router for wifi, which meant I needed to set up port forwarding on the gateway modem and connect the gl.Uber to that. The other thing is try restarting whichever device is doing the port forwarding after you set it up and give it a few minutes. If that doesn’t work then do a factory reset (make sure you can recreate whatever configurations you had) and then try setting up the port forwarding again - also with a restart after. Hope you get it working!
I had a prior site to site VPN setup with my Flint as VPN home router, main Netgear router, and travel Slate AX router. Posted comments 7 months ago, everything went well, even worked abroad for over a few months and didn't have any issues. I got a new ISP for some fiber speeds, bought my own TP Link wifi 7 router (Archer BE800), and was curious if I could just cut out the Flint as the TP Link has its own VPN client/server support. I reset my travel router, and I did a quick wireguard configuration, vaguely following gl-inet forum instructions (which were for 2 gl routers and overlap with this vid) and....it works!! only took 5-10 minutes. I don't know if I did something wrong, as I didn't do any port forwarding (I think it may have automatically happen), etc.... but mobile network hotspot is showing as my ISP when VPN is enabled. I'll of course have to test it out more at another location, but I ran all the ip website checks and nothing was bleeding through.
Yes, you can use anything that supports WireGuard ®️ but you will likely find that the performance of the Flint is greater than the TP-Link. You can change the Flint Server to a different Port (and redo the Client configuration as well) so you can run both at the same time. Then you can do a proper speed comparison.
@@justinreviewsandrepairs5246 I don't know the full performance of the TP Link, but it's a fairly high end router, goes for $500-$600, got it $350 Black Friday. Model Tri-Band BE19000 WiFi 7 Router (Archer BE800). I would hope it competes with $100 Flint.
@@justinreviewsandrepairs5246 So far so good, I'll still need to test away from home to ensure the site to site still works. I got a wifi 7 TP link that normally goes for over $500, so I'm hoping it's not any worse than the Flint at being a VPN server.
So it does have WireGuard ®️? Their website does not even list it as having WireGuard ®️. I thought you were going to have to use the much older OpenVPN option.
First of all, wow thank you so much for this video! It’s taken me days to find something like this. Thank you for your responses to all questions asked as well. You’re awesome for doing this! I will be setting mine up the way you did it here and I’ll be back to let you know how it goes :)
Thank you so much for the instructions however, it looks like I am having an issue with my port forwarding setting and I call Comcast. They still are not able to do it correctly. I'll try to telenet command to see if my port was being forwarded. But it's not working.
Feel free to email me screenshots of what you have for Port Forwarding. For cable you will need to select UDP only instead of TCP or BOTH. Also, did you use a second Internet connection for the Client Travel Router? You cannot connect while already connected to the same Internet as the Server. Email: support@JustinPruett.com
Hola gorge, soy también colombiano y necesito hacer este puente, podrías ayudarme a hacer el set up de los routers, ta compre los dos pero no se como se instalan, cualquier ayuda le agradecería! Bendiciones, si algo nos comunicaremos por WhatsApp
Perdona q insista es q me urge ir a Colombia y mantener mi trabajo, cualquier ayuda y si hay algún cobro por el tutorialme hace saber, quedo atento. Thank you
Thanks Justin for the comment. Let me give it a try. I exchanged a few msgs with nord, but not getting anywhere with them. I will definitely look up the port forwarding for the xfinity router/modem.
Here is the video that shows how to get your IP Address or MAC Address from your travel router for port forwarding: ruclips.net/video/LzBa6KsfG9A/видео.htmlsi=bpljRVvc_0LTJpt8
Thank you thank you thank you! You made what was quite a complex challenge (for my low technical aptitude) so so easy to follow! I got hung up on setting the port forwarding for AT&T because I missed a step bit after that it worked like a charm
Justin Thank you very much for this video. I have zero knowledge on networking and it was difficult to understand initially, but after watching it few times I was able to set it up. This solved a major hurdle i was facing all these days. And this is the only video which clearly points out what to do. Thanks again for your effort.
Thank you! One major change since the video was made is the "Block Non-VPN Traffic" is no longer on by default in the newer firmware. I think it should be turned on for better security: docs.gl-inet.com/router/en/4/faq/block_no_vpn_traffic/
Hello Justin! So I think I’ve got most of it setup now, but I’m just really confused about a few things. So for my travel router, I wanted to make sure everything is a wired connection with my MacBook so I never need to turn WiFi on, but noticed I can’t access the admin portal unless I connect to the router via WiFi through my MacBook. So each time I want to connect to a network I would need to: connect to the slateAX via WiFi, tether to a network through the admin portal, then turn off WiFi and connect with Ethernet? Also confused about the MTU in the config that I pasted to the travel router, and an option to select, “services from gl.inet use vpn” Thank you for your wisdom
You should be able to connect from either connection, are you using the WAN port? You may have an IP Conflict preventing you from accessing the portal.
Thank you Justin for the informative video! GL-iNet is now version 4.5.16 and options are rearranged (a lot) but your video still hits all the major points. On your remote client router, Slate AX in your example, did I miss where you can specify a split router? In an ideal world what two GL-iNet routers would you recommend for 2024? Another question I can not find a definitive answer; I want my Client(s) to access location A and location B. I would like to be able to reach all devices in BOTH locations. If location A, HOME devices are 192.168.1.x/24, do devices on location B, OFFICE have to be on a different sub net 192.168.2.x/24 (NOT be the same as 192.168.1x/24)?
Thank you, I guess it is time to make an updated video. For your use case I would highly recommend considering the Ubiquiti UniFi UDM Pro to establish the site-to-site connection. They have some cheaper options as well, but in general Ubiquiti is very expensive because it makes that type of advanced network set up easy. The GLiNet routers are great but they are not intended for your use case. I will need to upgrade my firmware to see what you are seeing as far as the split "router", could you explain what you mean by that?
Hi Justin, Thank you I see you have replied to everyone. I do have a question ! just started working remotely but they give me a little cpu which I plan on taking with me, what should I look for on the computer that might jeopardize my plans to go ? are there tools they have to conclude that this CPU left the country? I feel pretty confident everything will work just fine but I just want to make sure Im good. Thanks man
If your company is spying on you, there is not much you can do. This method basically just makes it to where you don't raise red flags, but if they are actively trying to detect you there is nothing you can do since they own the hardware and have full access to the device. Definitely look out for GPS and Cellular Connectivity tracking, but it is still possible to track people using Bluetooth and WiFi. The same networks that help you find lost pets and keys can be used to track you! Despite all of this, only one person has emailed me saying that they got caught, and it was because they didn't turn the VPN on before connecting their laptop. Most people know when their company is spying on them because the company culture is already toxic and does things like making you keep your webcam on all day. Let me know if you have any more questions as a new comment since I don't always get notified of replies. Thank you
Hello Justin. You have helped me greatly in the past. Would you have any idea why suddenly port forwarding would just stop working, saying no internet? Here's a brief. The opal is at the house (Chicago) and the Slate is with me (St. Louis). When trying to port forward is says no internet. I switch the mode button and the internet works (but with the ip address in STL). I had this issue several weeks ago and I thought that the Opal went off line or there was an internet problem at home. When I got back to Chicago I tested the port forwarding using my cell phone as the internet provider and the port forwarding worked (ie showed my Chicago home IP, and when I switched the mode it showed the IP address of T-mobile in Chicago.) So, now when in STL the port forwarding does not work when using my phone as the provider or the home internet (100 mbs download and 10 mbs upload). I just get "no internet", but when I flip the mode I get internet, but with the local STL ip addresses. Any guidance would be most helpful. Thanks again, for putting up this type of content.
I think you are calling the VPN "port forwarding" but port forwarding is just one of the steps on the ISP router to allow traffic to the Opal. It sounds like your ISP router lost the setting or changed the local IP Address of the Opal. In either case it will need to be corrected. You may want to consider a UPS if a power outage (even a quick one) is to blame?
Hi Justin - My use case is working remotely from other countries (outside the US) while using my home IP address in LA. At home, I currently have Spectrum cable with a separate router and modem. What gear from Gl.Inet should I buy to ensure that my zoom video calls have no lag. A: 2 Ax Slates (1 at home, 1 away from home) B: 1 Slate at home, 1 Beryl AX away from home C: 1 Beryl Ax at home, 1 Slate at away from home D: 2 Beryl Ax (1 at home, 1 away from home) E: 1 Flint 2 at home, 1 Beryl Ax away from home F: 1 Flint 2 at home, 1 Ax Slate away from home Given that Spectrum provided me a specific router and modem, does that mean that options E and F (using a Flint 2 router) is off the table? Thanks!! This is extremely helpful!!
D would be your cheapest option, F would be your fastest option. All options will work. You will be limited by your cable connection which typically has low upload speeds and high latency. Upgrading to Fiber Optic Internet would be ideal to support video conferencing. For example, I have 500 download, 500 upload, and less than 4ms latency with Frontier Fiber and that allowed the Opal to achieve decent speeds for the price. The Beryl AX supports much higher speeds than the Opal.
@@justinreviewsandrepairs5246 Amazing! Thank you super helpful. I think I will go with F. just want to confirm my last question though: Given that Spectrum provided me a specific router and modem, does that mean that options E and F (using a Flint 2 router) is off the table?
The Spectrum Modem and Router combo unit can be changed to modem only so that all traffic will be handled by the Flint 2. I believe they call this Bridge mode on the Spectrum Modem Router Combo.
You can also just Port Forward to the Flint 2 as you would have done on the Beryl AX. The Flint 2 form factor may be different to provide better WiFi coverage but much of the setup is the same if you go the Port Forwarding route or the Router route.
Yes, but obviously the Brume 2 does not have WiFi so it will need to be plugged in which is the preferred method for the server anyways. Let me know if you run into any problems.
I'm thinking of going with the same setup as you...have you got it up and running? If so what kind of speeds are you getting? Also does your actual computer location show you actual location or the location where your home ISP is? Thx very much in advance!
@@justinreviewsandrepairs5246Thanks for your reply, I actually plan on getting the Beryl soon, but I can only afford the Opal for now. One more thing, can I connect it if I have already left my home country if I have someone back home to help with the setup?
Is this possible without access to the router to setup port forwarding e.g. using tailscale or zerotier? If so, can you also make a video showing steps on how to setup. Thanks.
You could setup ZeroTier ahead of time and then have the person you ship it to plug in power and Ethernet and be good to go. I hope to start on a ZeroTier video soon.
hi Justin. quick question. I also have frontier and looking to buy a GL-MT3000 / Beryl AX (for travel). I want to connect to my home IP in USA from Ecuador. Do I need to buy a second travel router like you have in the video (because you have the OPAL for home) I was looking at the GL-MT6000 / Flint 2 for home to "" what frontier provides. That is my question. can I simply replace the frontier one or do I need 2 routers at the home like you have the OPAL and the one from frontier? I appreciate the time and effort you put into breaking down step by step how to move forward with setting up wireGuard to connect to our home IP.
Frontier is great, it is Fiber Optic Internet so you can plug in any router to their ONT. So the Flint 2 would have a cable from the ONT to the WAN port of the Flint 2 and run your Server without the need to Port Forward. The Beryl AX would be your Client, but keep in mind you should still test your setup from a second Internet connection. In the video, I was actually port forwarding from the Frontier Router to an Ubiquiti UDM Pro router that was port forwarded to the Opal Travel Router that was running the Server. So there is a lot of flexibility with how you can set things up. Today, there are some other brands that offer WireGuard ®️ as well, so if you happen to have a supported Asus router or Ubiquiti UDM Pro, you could actually use that router as the Server. I used the Opal because it was the cheapest option that still provided decent speeds at the time. Today I would probably buy two Beryl AX for about the price of the Opal and Slate AX. The Flint 2 is designed for home use so it is larger, but it does provide the best WireGuard ®️ speeds you can get between the four routers we discussed.
If you have a Dynamic IP Address from your ISP, you must enable DDNS because your Public IP Address could change at any time. If you have a Static IP Address you can leave it off because your Public IP Address will never change. Most Residential ISP will have Dynamic Public IP Addresses so you will need to enable DDNS. The GLiNet DDNS service is provided for free so you might as well take advantage of it.
Just wanted to let you know your help here was instrumental in allowing us to access all our U.S. accounts while in Portugal. We were able to access everything in the U.S. as if we were there, at home. It worked flawlessly with the GLinet AX Slate and Opal routers. Took a little while to get it set up properly before we left, but with your help, it worked great in Portugal. We plan to head back there next year and this gear will be going with us again! Thank you.
Hello, Justin. Thank you for sharing this very informative video. I have the Slate (for travel) and the Opal (for home). ISSUE: When I copy/paste the manual configuration into the Slate router (under WireGuard Client), it will not allow me to save (i.e., Apply) the file. The input box turns red when clicking "Apply." Based on what I'm seeing, my copy/paste looks identical to yours (and the example on the GL-iNet page). Do you have any idea what I could possibly be doing wrong? Thanks.
@@justinreviewsandrepairs5246 MacOS Sonoma 14.5, not that it would matter since it was a simple copy/paste exercise. Oh, well. I'm glad I got passed this point. Hopefully someone experiencing a similar issue will do what I did. BTW... you replied to my comment within 6 minutes?! That's nuts! 😂 Awesome response time! 👍🏻
Macs do some interesting things sometimes, not sure if it was a factor here, but they have something called "Smart Quotes" and "Smart Dashes" which will change characters such as ' and -- to Mac style quotes and dashes.
Hey Justin!! Went out and bought the Gl.Inet Flint 2 and Slate AX 1800. Used you video as a guide to set up these two routers.(Also followed up on your comment from my last post using tail scale to tunnel into routers).Here is the deal tho.If my home router is connected to my home ISP(CGNAT-STARLINK) then the two routers dont get a handshake over VPN or Tail scale! (Port forwarded,DDNS confic file,everything setup the way you showed) But if i take my home router to a friends house with a fiber line and then test the two routers (both on two different networks) everything works perfect!! drives me insane! I have tried Zerotier and Tailscale with no luck. Any recommendations that i have missed? Got a flight this saturday worst case i just leave it at a buddies house THNX man
It sounds like the issue is Starlink or the Port Forwarding step. While Starlink is fast, it is not as fast as Fiber Optic Internet so you may want to consider paying your friend to host it. But let's take a look at your Port Forwarding settings. I replied to your email.
I saw some other videos mentioning that you need to turn off your work laptops Bluetooth/WIFI (in order not to reveal your location). Does that even make sense? Isn't the point of the portable router to be a WIFI access point for the laptop to connect?
The reason this is suggested is that the nearby WiFi access points could be used to determine your location. Think about "Hotel Barcelona" being the WiFi name... But in reality, unless there is a physical switch, WiFi scanning is typically available while it is off anyways. So if your company is using advanced tracking software, the risk is very high.
This was such a helpful video and I got my routers talking a few months ago! My routers somehow got disconnected 2 months ago, so I need to do the set up again. Will you be doing a refresh of the set up reflecting the new 4.7 upgrade UI?
Sorry to hear that, please check the Port Forwarding settings before resetting the routers. Some ISP routers have extra steps like setting a Reserved IP Address for the Travel Router so it will remember the Port Forwarding settings after a power outage. I do need to make an updated video, but I have been waiting for the TailScale update -- it's always around the corner but I need to give in and just make the updated video as is. Thank you!
Hello Justin, Do you have any information on setting this up using cloud management? I don't have a public IP address and I saw online that in that case I cant use ddns. I have the cloud management set up but do not know how to proceed in the process now that it is bound and active. in the video your next step was the wireguard server.
If you don't have a Public IP Address (You are likely behind a CGNAT) then you will need to use TailScale or ZeroTier which are both still in Beta. To complete the setup in Beta you will need to be comfortable with command line to set the Exit Node.
@@justinreviewsandrepairs5246Since i messaged two days ago I have returned my opal, bought a Beryl, got the Zerotail account and set up Beryl in the app. I am unsure on how to run a test or to proceed with connecting my slate(what I'm traveling with). Can you assist me further, I do not know what to do from here or what you mean by "command line to set exit node". I am willing to pay.
Tailscale or zerotier is slow and detected by most cyber security application , the solution is to use the cloud vps to make tunnel when you not have public ip address
The command line is where you would run raw commands on the router without a web dashboard. If your company allows it, using a commercial VPN Provider such as NordVPN or WindScribe would be much easier. Unfortunately using a commercial VPN provider will not allow you to use your Home IP Address, but you can choose a server that is in your city, state, or country. For many people the commercial VPN provider is also faster than you can run from a CGNAT Internet Service Provider like you have. In my area, most people have access to Fiber Optic Internet for $40/month which is ideal for running the VPN Server. If you are using Wireless or 5G/4G Internet then you will have higher latency which will negatively impact your speeds. For WindScribe you would generate the configuration file from this page after logging in: windscribe.com/getconfig/wireguard
Hi Justin, very easy to follow video thank you for this! I have one question though. I have two Gl.iNetSlate AX router's and it works perfectly with the example you showed in the video. But, with the Slate route (the one I plan to keep at home) when it is connected directly to my modem via Ethernet (and not Wifi) the VPN will not connect and it gets stuck on connecting (yellow dot) with some error messages in the logs. I checked the port that was forwarded and that did not seem to change. Any ideas? Thanks again.
Thank you! Did you change your port forwarding when switching to wired? It will be a different IP and/or MAC address as seen in this video ruclips.net/video/LzBa6KsfG9A/видео.html you can also email your logs to support@justinpruett.com if you would like me to take a look.
@@justinreviewsandrepairs5246 Thanks for the quick reply! That fixed it! One last question. I am getting around 500 mbps download speeds per second on my home modem and around 50 mbps on the travel slate router. Anything I can do about this? Thanks again for all the help
The Internet connection on both ends plays a role. With the VPN off, what are the speed test results of both connections? Upload, download, and latency.
@@justinreviewsandrepairs5246 Seems it is around the same for both (VPN connected and not) around ~50MBPS download and ~5 MBPS for upload. Not sure how to check latency just running the google internet speed test
5mbps is very slow for an upload speed which will severely limit your overall VPN speeds. The google speed test displays Latency after the test is complete right above the Server line. It should be presented in milliseconds (3 ms is mine for reference)
Hi Justin, couple of question, 1) can someone set up the server in country A, and I set up the client in Country B ? (without leaking location, I have a VPN) or do I have to be in country A to set both up before leaving for country B 2) if we are on a work computer, wouldn't we still be getting internet from the local ISP ? hence that information can be available/retrieved
1. Yes, they can send you the configuration profile and you simply load it into your travel router. 2. I am not sure what you mean, yes the travel router needs Internet itself before it can connect to the Server Router back home.
2. If you are asking about the VPN, the VPN is on the Client Travel Router so no software is installed on the work device. The Travel Router basically creates a virtual cable back home.
Hi Justin. Great videos - they've brought me up to speed. But when I do the DDNS test I am getting the following error message: The IP address from DDNS domain resolution is not the same as the WAN IP of the device. You need an Internet Public IP address to use Dynamic DNS. Not sure what this is about.
Thank you. The warning message is there because your GLiNet router is behind another router and will require Port Forwarding. You can use the test on this page to confirm DDNS is working: justinpruett.com/glinet-troubleshoot.php
At 8:29 you mentioned our phone could also use my residential IP, would that be something manually we would have to do after changing the plain text? Would that also mean I could use my phone on my normal cellular data plan, but everything would look like it was coming from my home IP?
You can install the WireGuard ®️ Client on your phone, but it is not as full proof as using the router. Also, if you intend to use your phone as a HotSpot to share your Home IP, that was only briefly available in an older version of Android. play.google.com/store/apps/details?id=com.wireguard.android
Justin, good to know I was not rude. Ok, here is the quick scoop. Just arrived back home and used my phone's internet through the slate ax to see if it would talk to the opal. I got same thing "no internet". however, I unplugged the opal and plugged back in, waited a few minutes for it to cycle up (my term) and voila they found each other I have internet from "home ip address" where the opal sits. So, I guess the issue is leaving the opal on all the time without any traffic (my term again), it sort of goes to sleep/offline and not available for the slate to find. Going forward, I will leave it off until I travel. Do you know of any other way to wake it up besides physically unplugging it/turning off/on? It is a bummer that this is the case because it makes my logging into my work's network from my "home ip" while working remotely very difficult. Hope I made sense this time. As always, thank you for your guidance and expertise.
You shouldn't have to reboot it, I have been running my Opal for more than a year now without issue. Please reach out to GLiNet to see if they can do anything for you. Either way I would consider upgrading to the Beryl AX which is newer and more powerful than the Opal.
Hi Justin, After watching your video, I purchased both the GL routers to set up port forwarding and work from Canada, showing my home address in Dallas. However, I am unable to see the GL-MT 3000 device on my Xfinity network port forwarding devices 6:46 . Could you please help me with this issue as I am currently stuck? Thanks
Hi, the Xfinity routers use an uncommon IP Address range that happens to be the same as WireGuard ®️. You will have to change WireGuard ®️ so it has a unique address range. Please see "Local IP Address Conflicts" on this page: justinpruett.com/glinet-troubleshoot.php
@@justinreviewsandrepairs5246 I'm finding it a bit difficult with my current modem. Do you suggest I buy a new modem for my Xfinity internet provider? If so, which one would you recommend? Thank you!
Hi Justin great in depth video!! Just ordered two GL Slate 1800. One will stay in TX and im traveling to Africa in a month. Question 1) what is the best way to bypass (CGNAT) using this method some threads suggest Tailscale? My Isp is starlink unable to port forward.
Yes, TailScale and ZeroTier are two common methods. Setting the "Exit Node" from the GUI is not available in Beta yet, so it will require some manual command line setup to complete the install: docs.gl-inet.com/router/en/4/interface_guide/tailscale/
Justin - Thanks for this detailed step by step instruction. I am out of country at the moment, can my friend setup the server in his house in the US and can I order a separate router and set it up as a client remotely co-ordinating with him ? Will that work for the initial setup ?
Thank you! Yes, they can set up the server and send you the configuration profile. The small text file includes the connection information so all you do is load it in and connect.
My company has given me the green light to work remotely from anywhere in the world but with a huge wink that this isn’t officially agreed on and more so verbal. All they ask is that whenever I access something with my company provided laptop it looks like I’m in the US. Do I still need to do this 2 travel router setup or can I do a single travel router with a commercial vpn like your last video? I’m not too familiar with setting this all up so I’m watching the two videos to figure this out now. I see another one of your comments say you would recommend the flint 2 over the slate? And if budget is a concern to use the beryl? Does this 2 router setup primarily benefit if I need my ip address to show my home address at all times?
Congrats! Which method you use depends on your company and/or your preferences. The two router method works with any company while the commercial VPN method may not work with every company due to their security policies blocking commercial VPN Providers. If your company allows commercial VPNs the setup is easier and they provide VPN Servers across the country which could provide lower latency and better speed than your home server. You can start with 1 router and a VPN Service to see if your company allows it, and if not, you can get the second router.
The Flint 2 is the fastest option and the Beryl AX is the slowest option (but it is actually still very fast for the price). The description has a list of routers you can choose based on your budget.
@@justinreviewsandrepairs5246 i ended up getting a flint2 to be the main router and vpn server. i got the beryl to bring with me. i just finished setting it up today and i believe it is working. now i turned all the eeros in my home to access points with the main gateway as bridge mode very exciting stuff
Hey Justin! Great video. My home setup: Linksys router plugged into my cable modem. On my Linksys router I've enabled DDNS and it's working perfectly. I just ordered 2 AXT1800s. I'll configure one AXT1800 as the Wireguard server and plug it into my Linksys. I know how to set up port forwarding on the Linksys, so I'll do that for the Wireguard server. I'll configure the other AXT1800 as the Wireguard client, and this one will come on the road with me. Here's my question: since I have DDNS set up on my Linksys router, do I need to set it up again on the Wireguard server? Or will the Wireguard server just inherit the DDNS IP from the Linksys router? Additionally, if I don't have to set up DDNS on the Wireguard server, then I shouldn't have to override the IP address in the config file that Wireguard client uses, correct?
It won't hurt to turn on the GLiNet DDNS, you can run both. The one you choose to use should go in the configuration file for the client. The DDNS stays updated as your actual public IP Address changes, if you don't use DDNS then you will have to manually update your IP Address every time it changes.
@@justinreviewsandrepairs5246 Well, I followed your advice and I'm happy to report that I got it working the very first time! Easy peasy. You're a rockstar, Justin!
Thank you for this tutorial. I am interested in this setup, the choice of using the Opal as the receiving router. Was it chosen because there is no need to have two Slate routers for this setup and hence going with the lower priced Opal? I believe the Opal has a slower WireGuard speed does that effect the connection speed at all? Thank you
The Opal is the cheapest option (that still works for most tasks) while the Slate AX is the most expensive travel router (there are more expensive non-travel routers). You can choose any of the combinations of routers from the Description of the video or you can even use other brands such as Ubiquiti. For most people, the Beryl AX is a nice balance between performance and price. Your connection speed is limited by the routers you choose, the Internet connection on both ends, and the latency between those connections. For the Home Server, you should get Fiber Optic Internet for the best performance. Feel free to email me if you need any help. Thank you!
Hey mate could I use the brume2 for home and take the slate AX with me? Already own the slate AX just need to buy the home one and leaning towards brume2
Hi I want to run the same setup and wondered if yours is working? What kind of speeds you're getting? Does your laptop show the location where you actually are or show the location where the Brume 2 is?? TIA!
Suuuuper helpful video, thanks so much. Very new at this, so maybe this is a stupid question - is the second travel router left at home the most inexpensive way to do this? I have a netgear router which doesn't appear to support wireguard, just openVPN, so I suppose getting another gl.inet router is the cheapesr way to set up a wireguard server? Secondly, would plugging the home gl.inet router directly into the modem and bypassing the other home router obviate the need to set up port forwarding? Thank you!
If you don't need the VPN to be fast, you can use OpenVPN on your existing router. Otherwise GLiNet is a very affordable way to host a server. If you have old computers you could use those as a server, but it would need to be left on 24/7 so the electricity cost may be a factor to consider as well since the GLiNet router uses about as much as an LED light bulb whereas an old desktop computer is like running a TV.
Yes, if you plug a cable into your Modem (Or ONT if you have Fiber) and then the other end into the WAN port of the GLiNet router you can skip Port Forwarding. In this case, the Internet Page of the Dashboard should show your Public IP Address under the Ethernet connection instead of a Local IP. You can use ip.suzam.com/ to view your Public IP Address. Let me know if you have any other questions, Thanks
@justinreviewsandrepairs5246 Perfect, super helpful. Yeah the only pcs I have are electricity guzzling custom builds, so probably going to first try using openVPN with my existing g router, and then springing for another beryl ax to set up as a wireguard server if that proves too slow. Thanks so much, by far the most helpful video on the topic I could find!
Which combination is better: a Slate AX device for home use and a Beryl AX router for travel, or using two Beryl AX devices? My home internet speed is around 100 Mbps. Both options would cost around $180-200. Is there a more budget-friendly combination available? I would be satisfied with 40 Mbps. Thank you so much for your content and all the free advice; I really appreciate it!
TLDR: two Beryl AX. You could potentially save a few dollars getting the Brume 2 for home and the Beryl AX for travel. Set up is a little more complicated without WiFi, so I prefer to just spend the extra money and get WiFi even though I will only use it for the initial setup. The description has a list of devices at the bottom.
Before I buy two Beryl AX routers, can I still hide my location if position detection stays active? Unfortunately, it's a work laptop, so I can't turn off location services.
You need to make sure the device does not have other tracking methods such as GPS or 5G. If there are no other tracking methods the location should be based on your IP Address which you can lookup using www.revercell.com/ip.php
I set up the Server router on my home network as indicated in the video. When I set up the Client router at my home, the one that I will use for remote work, in set up do I also connect the Client router to the same home network? Or in order for the set up to occur correctly, the Server router is on the home network, and do I need to set up the Client router on a non home network or hotspot? Thanks!
Hey Justin! Me and my GF bought 2 Beryl AX's and are trying to follow your tutorial. Everything is setup but we get this in the log when trying to connect to the vpn from the second Beryl router: "user.notice firewall: Reloading firewall due to ifdown of wgclient ()". I am kind of clueless right now and would greatly appreciate any advice you can give us :(
Are you using a second Internet connection for the Second Travel Router? You cannot connect while already connected to the same Internet as the Server Travel Router. I have some additional common issues listed here as well as my email: justinpruett.com/glinet-troubleshoot.php
@@justinreviewsandrepairs5246 thank you so very much! We got it working after reading through your troubleshooting guide and are now planning a trip! You are a godsend, truly truly such a kind human being for putting all this content and help out there for people. Thank you !!!
Hello Justin, I’m just kind of confused about a few things: So I’ve setup the wireguard VPN on my Flint, and tunnel is successful through my Slate. I’m just trying to figure out how to make everything a wired connection since I’m afraid to turn the WiFi on my MacBook. So when I’m in a new airbnb, how would I be able to establish the tunnel (turn on wire guard through admin panel) without using WiFi? Just wanted to make sure VPN is up and running when using my work laptop. And if I have to connect the router directly to the router in the airbnb via WAN, wouldn’t there be issues with port forwarding every time I’m in a new airbnb? Just a bit confused because I know I can just connect to the Slate via WiFi, and start tethering to the airbnb network, but would it be safe enough to do it that way? I just need to make sure the device doesn’t know my true location. Does the slate AX automatically load my setting and run wire guard tunneling each time? Or do I have to activate it each time? And when connecting to the Slate, would I be connecting my MacBook to it though the LAN port, if the router is tethering to the airbnb router via WiFi? Also a bit confused about the “MTU” I have to paste to the config on my travel router. I can see in your video that it didn’t contain a MTU to paste. There’s also an option to select "Services from GL.inet use VPN" when I was activating the kill switch (Block Non-VPN Traffic) do I also need to activate the other option? I’m sorry if this sounded confusing, I don’t really know anything about networking. But stumbling upon your video motivated me to take the leap and start traveling the world while working remotely. I really appreciate any knowledge you can provide me with!
At each new AirBNB you would need to connect the travel router via WAN or connect via WiFi using another device such as your phone. No port forwarding is needed for the client.
Hi Justin thank you so much for all of the service that you're doing. I read your comment about them just wanting to make sure you have a secure connection, I agree I think most IT people don't have the time to dig any further really unless you give them a reason. I was wondering do you think if I buy the slate AX and install a residential VPN on it here at my home and then Ethernet into it, that would generally speaking be enough?
A residential VPN from a third party service or running the server yourself? Not many third party services offer residential IP Addresses but there are some.
Hi Justin! Thanks so much for the super helpful guide. I have followed the same steps exactly and was successful in connecting, however, I ran into a couple of issues. The first one is, the travel router (AX) would not connect to my Home IP VPN if the AX is connected to my home Wifi, it only connected when it was connected to an external network (my iPhone as a hot spot or external Wifi network), is this normal? Or is something wrong? The other issue is, the speeds are very slow, I mean given network speeds of about 100Mbps to 150 Mbps, I got speeds of about 5Mbps to 15Mbps with bad latency (about 60ms) when connected to Home IP VPN, please let me know if this speed reduction is normal or if there is something I can try to help with this. The Opal is connected via Ethernet by the way.
Yes, the Slate AX should be on a different network than the Opal that stays home. Increasing speed is tricky, using WireGuard®️ is the faster option so then you can try using Ethernet cables instead of wireless and make sure your upload and download speeds from your Internet provider are fast.
Hi Justin - thanks for your video. We followed your instructions and they worked out fine on the latest (2024) firmware of the opal (home) and beryl ax (travel). So I was excited to bring the beryl on my trip. It worked quite well on my first week or so in Beijing - speeds are not super fast but decent. Then the wireguard client just suddenly turned yellow and I can’t get it to work anymore. The opal back in the US seems to be fine - pls help. I really need to get the beryl back up again. Thanks
hi Justin - we managed to make this work and even if i were getting speeds that are less than half of what i have in my home network, it was still useful for my purpose. After I returned from travel last week though, my speeds dropped quite significantly - it was ranging fm .01 to .08 mbps only. I already updated both my home and travel router to the latest firmware and tried to open new ports to use. But the speed has not improved at all it is now practically useless. Pls help - we’re out of options now. Thanks in advance
Hi Justin. my Asus home router (ASUS RT-AX5400) has Wireguard built in and I set up both Open VPN and Wireguard with my travel router ( Beryl AX ). A question, do I need to turn on Dynamic DNS on Asus router? or/and Beryl AX router? and If yes, do I need to edit configuration file from Asus router the same way you did before I use it for Beryl AX client?......btw you were absolutely correct, Wireguard is 4 times faster than OpenVPN :)
Yes, unless you have a Static IP Address from your Internet Service Provider (ISP), you will need to turn on Dynamic DNS so your Client Travel Router can connect using the DDNS name which will update automatically every time your Public IP Address changes. Otherwise you would have to change the address manually in the configuration every time it changed. Yes, OpenVPN is fast enough while still within the same Country, but every bit of speed helps when you are overseas. Latency is extremely difficult to manage over great distances.
Thanks for the reply. My DDNS on Asus router was actually on. I am going to be traveling soon to Brazil and will test it there. OpenVPN didn't work consistently in Costa Rica. In one place where internet was 100MB , I had 3mb download, but then another place where there was a fiber internet and speed was 300MB, I had less than 1mb. Strange@@justinreviewsandrepairs5246
Hi Justin, I have two quick questions. Is it possible to do the exact same setup on two Opals for both at home and traveling as it's cheaper? Or do we really need the slate ax as our travel router? Second question is, do we need to connect the travel router to a hotel wifi via ethernet or wifi to get internet? Even if we plug our laptop to the travel router via ethernet? If so, how do we do that? I don't think you covered that in the video. Thank you!
Hello, 1. You can, but it would be slow, the Beryl AX would be a better option that is in the middle as far as price. 2. Yes, you must provide Internet Service, preferably Fiber Optic if available. If the Hotel requires a login, you will need to bypass the captive portal using these steps: docs.gl-inet.com/router/en/4/faq/connect_to_a_hotspot_with_captive_portal/
@@justinreviewsandrepairs5246 Thank you for the response. Just for more info, what do you mean by it would be slow for having a second opal as a travel router? Do you mean the internet speed? Is it bad just for regular browsing that doesn't include any video streaming? As for the second question, is there an option to just use the travel router as wifi repeater? Does that option exist in the opal as well? If I were to use it as a wifi repeater, how would I do that? I just got the opal today and I have the slate as well but I'm thinking of returning the slate in favor of getting another opal. Sorry for the long questions and thank you again!
The Opal has less features, a slower processor, and older WiFi technology. As far as the features you listed, they should be available on the Opal. When I made the video, the Beryl AX was not released, now that it is, getting the Beryl AX is a good mix of features and price.
Hey Justin thank you for this amazing video! Most detailed out of everything I looked up. I watched multiple times now and sorry for some dumb questions if you don’t mind. 1. With port forwarding between home router and travel router, do we need a VPN subscription like NordVPN? Cuz I looked up NordVPN and they dont allow port forwarding, and also I didn’t see you logging in to anything. 2. What is your Frontier router’s role in this? I saw that you are leaving Opal at home and traveling with Slate AX but didn’t get why you’re adding in Frontier. Thank you!
Thank you! 1. In this video you are basically running your own VPN Service, you do not need Nord for this video. There is another video that covers using Nord. 2. Frontier is my Internet Service Provider, they provide me with a router and instead of replacing theirs I added the Opal. If you have Fiber Optic Internet you can probably get the Flint 2 router and replace the ISP router completely. If you have cable, you must use a modem which typically is bundled with a router these days. So unless the GLiNet router is the main router you will have to do the Port Forwarding step. Please let me know if you have any other questions Thank you - Justin
@@justinreviewsandrepairs5246 hey Justin, thank you so so so much for explaining. The set up worked out perfect for me. The two things that did the trick was first only enable UDP on the home router port forwarding and second change the default IP address 10.0.0.1 to 10.1.0.1 on the stay at home server router. Hope this helps others too. Again thank you!
Do you have Xfinity? For some reason their routers use the same IP Address range as WireGuard ®️ which is why you had to change it. Glad you got everything working! Thanks for sharing!
@@justinreviewsandrepairs5246 exactly I use Xfinity! Don’t mind this extra step and I noticed traceroute that it takes 1 step in my home city before routing to the next steps.
Hey Justin! This is a great video. Though I am not a software expert I was able to set my routers up. But I have been facing a problem and was looking if you could help me. I have configured a flint as my home router and beryl ax as my travel router. When I set the wire guard server up they both connected well and all was fine but as soon as I took my beryl remote with me it wasn’t connecting to the wire guard but again when I got it home it would connect to the flint. Is there something that I am Missing here?
Usually people have the opposite problem 😆 It is likely that your configuration file is using your local IP Address instead of your DDNS address on the "Endpoint" line. Please double check that you see a domain instead of an IP Address on that line. If you prefer, you can email your configuration to support@JustinPruett.com
Another quick question: Besides enabling the “Block Non-VPN traffic” option on the client, what else do you recommend for preventing DNS leaks and location tracking? Is it a good idea to enable Encrypted DNS with “DNS over HTTPS” on the client? How about enabling the AdGuard Home feature and checking WebRTC stuff on the browser?
Those are all good suggestions, but also be sure to never share an account on your phone with the computer. If you are logged into an account on both it might share your GPS coordinates!
Just switched to a new ISP and they don't provide a router. I'm using flint 2 for it and I have my slate ax for the trave router. How do I set up the port forwarding in this case?
That is the preferred way to do it! You can skip the Port Forwarding step since the router is already capable of receiving connections from the Internet when you enable the VPN Server.
Thank you so much! 🙏 "Block Non-VPN Traffic" is no longer on by default in the newer firmware, I recommend turning it on: docs.gl-inet.com/router/en/4/faq/block_no_vpn_traffic/ reach out any time if you have questions.
I am unable to use port forwarding on T-Mobile Home Internet Router. Have you or are you planning to make a video with ZeroTier (which you mentioned on your notes) and two supported Gl.lnet routers? I have the Beryl Ax and planning to buy another one.
I have been waiting for ZeroTier or TailScale to exit beta since the Exit Node portion is not supported by the GUI. TailScale might be closer to being complete so I might feature that one first in an upcoming video.
Hello! A few questions I hope you can help with: 1. I just got a WiFi6 Router and I'm trying to figure out how to connect to my ISP-provided modem or router. Do I connect my WiFi6 router to the ISP-provided modem or router? The ISP-provided modem only has one ethernet port, and the router has one internet and 3 ethernet ports. If I use this router, should I remove the ISP-provided router? 2. Also, should I use the LAN or WAN ports on the WiFi6 router? 3. On the travel router, how would I connect the ethernet cables? From the ISP-provided destination modem to the travel router? Or ISP-provided destination router to the travel router? 4. Not sure if you know the answer to this, I connected to the WiFi6 router for the first time, and now every internet webpage says "Internet connection is not secure." How would I be able to fix this issue? 5. Lastly, would it make sense to get a static IP address? I ask since how would you know if a dynamic IP addresss changes when you're traveling? Thank you!!!!
1. Which model GLinet router did you get? The Flint 2 has longer antennas so it could replace your existing router, otherwise you may want to plug the GLINet router into your existing router and do the Port Forwarding step.
2. You give Internet to the GLiNet router using the WAN port so a cable would go from the GLiNet WAN port to the Modem/ONT or a LAN port of the ISP router. You can plug devices into the GLiNet router such as laptops using the LAN ports.
4. Based on your previous questions, please start by making sure the router is connected properly. Then you can send me a screenshot of what you are seeing to support@JustinPruett.com
5. The GLiNet router has DDNS built in which updates when your IP Address changes so there is no need to pay for a static IP Address. In some cases, mostly apartments, you do have to pay for a static address to allow Port Forwarding because otherwise you are sharing 1 IP Address with your entire apartment complex.
Good evening from Virginia! Could I just buy two of the opal, leave one at home and travel with the other? Or do I need two different ones? Thank you for your response in advance!
You could, but the Opal is the slowest option. If you can afford two Beryl AX that would give you significant performance boost plus you will have the latest features from Firmware 4.
You need one to run the Server and another to be the Client. If you have an existing router or another device that can run the Server you could use that, but few ISP routers have that feature.
Hi Justin! Thanks so much for this video. I'm currently in Puerto Rico, but want to sent this up with a router in Florida and then have a travel router. Is it possible to set this up without me being in the location where the main router is going to be? What's the best way to do that? Also, given that this video is a couple years ago is your rec to go with Flint 2 for home and slate AX for travel?
Yes, someone can set up the server in Florida and send you the "profile" configuration to load into your Client Travel Router. Yes, the Flint 2 and Slate AX would be a great choice and they are both on sale for Prime Day today. If your remote location is your second home or something like that, you could also get a second Flint 2 for a more permanent installation. Let me know if you have any questions, - Justin
@@justinreviewsandrepairs5246 Thanks Justin. I went for two Flint 2's since my other location is my permanent location. Would the process for setting it up to be more permanent be the same process as you have in the youtube video or would you do something different? Thanks!
It would be the same, but you will likely want to set up Good Cloud on both routers for Remote Management. This isn't part of the video and is not required, but it is a nice tool when both routers are staying connected for long periods of time so you can do a firmware upgrade or change settings from anywhere.
Hi Justin, thank you for sharing this. According to your videos I bought 2 these modems, Opal and Slate. I am a beginner and I have few short questions. As I understood we don''t need VPN service with two of these? Could you just explain do we need to fix as you did im the first video related to DNS, which means to put Enceypted DNS, DNS over TLS and Cloudflare? Must we use Cloudflare or it can be Next DNS, does that mean that business data go through some server of the manufacturer? Or is it slower with that? Thank you in advance.
Thank you. Can my employer discover CloudFlare or other dns servis if I have it on the modem that I take wirh me as described? Company's VPN on the computer is Cisco anyconnect. Thank you.
Since the employer has full control of your device, they could potentially, the general idea is to stay under the radar so they don't gain full control of your device and start snooping.
I chose the Opal because I was too cheap to get another Slate AX 😭 but now the Beryl AX is the best budget option. The description has a full list of routers sorted by performance
Justin, thanks for the reply. i am using these two travel routers in the video to do just that port forward my chicago ip address to wherever i am using the internet (ie making it look like I am using my chicago ip) i thought maybe something was reset as well. but i checked the setup and it was the same. i then used my phone as the isp and then connected slate to laptop to test (while in chicago) and it worked showing my ip address as my home address and to make sure i was not on home wifi i then switch the mode on the slate and check the ip address and it shows the ip of the t-mobile tower. could it be the distance somehow? it just doesn't make sense. and now while in st. louis neither the phone or house internet can locate the opal in Chicago...i just get "no internet", but then flip the mode switch and get the local stl ip addresses. i am not using any type of vpn. if this clarifies for you to think of another possible issue i would welcome the feedback. other than that, i would not know what to fix since the settings/setup has not changed.
Hi, I am looking to try this setup tomorrow with the Opal and Beryl. This video seems great and straightforward. I just have one question. Should I disable WiFi and Bluetooth on my laptop? I just want to make sure the company can’t track my location. Is there anything else I should be cautious of with tracking or location?
Yes, also cover the webcam. If you are going to a different time zone you may need to set the time zone on the router to your home time zone depending on the computer.
@@justinreviewsandrepairs5246Thank you! This worked like a charm when i tested it! I am curious of what extra steps I could take to not raise suspicion. Whenever I do a traceroute command I can see the glinet domain as the first point of contact. I don’t think my employer will notice but I’m curious if there’s ways to hide that I’m using a glinet router. Maybe getting a second router from a non suspicious company and connecting it to the glinet travel router?
You could do that or you can dive into the advanced settings of the GLiNet router since underneath is OpenWRT. GLiNet makes home routers so it is not completely uncommon to have a GLiNet Router.
Hey Justin! Thanks for everything you did with this setup. I do have a question though. Everything was working inside my home network. Yesterday, I went to a dealership for a maintenance and I decided to bring my wireguard client Beryl AX with me to test it out outside of my home network. I left my wireguard server Berly at home basically. There was no issue with connecting to the dealership's wifi via my wireguard client, didn't have to deal with a captive portal or anything like that. The issue I had started when it came to enabling my wireguard client on the dealerships wifi. It kept stuck at the status saying "the client is starting please wait". When I checked the logs I saw an error something like this "user.notice firewall : reloading firewall due to ifdown of wgclient". Do you have any idea what causes this issue by any chance? Should I add the every IP address of the network I am in to my router first and then enable wireguard client? Or is it something else? Thanks!
If it works from another network such as a hotspot or friends network, then it may have been the dealership blocking traffic because it was not http traffic on port 80 or 443. If you are in the United States I have been having decent results from Dish's Project Genesis 5g hotspot for just $20/month
Thanks Justin. Yeah, I think I need to try this at my friend's house first. This might be related to the dealership only like you said. I will try again and let you know! Thanks again! And yes, my phone hotspot just works fine with wireguard client enabled.
I have 2 questions and would appreciate your help. 1: I work as a Cloud Engineer and need to be able to SSH into AWS/GCP services while using a company VPN(FortiClient). Is it possible to use this setup and then still be able to use Company VPN? 2: The Slate AX device would still need to be connected to local wifi/service to connect it to Beryl AX back home? Does it need to be ethernet or a wifi device from a local service provider would work? Thanks!
1. The VPN is running on the travel router so you can continue to use your company VPN as normal. 2. Yes, the Slate AX will need Internet. Ethernet is preferred but the Slate AX has WiFi 6 which is very fast if the router you are connecting to also provides fast WiFi.
Hi Justin, thank you for this video! I have come across many other travel remote videos but did not realize that I would need to purchase 2 routers. I was under the impression based on previous videos I have watched that I could use my home/residence router and a router for travel. I have purchased the GL.iNet Slate AX1800 Router but it seems as if this will not be enough to mask my location. Is my interpretation correct? Any additional insight or advance would be greatly appreciated. Lastly, do you know how far or the range the GL.iNet routers cover abroad? Meaning, do you know if they work in most countries or not? And to double check, all configurations need to be made before I travel correct?
If your existing router supports WireGuard®️ such as a Ubiquiti UDM router, or if you have a device such as a QNAP Nas that supports it, you can connect to those. Many people do not, so a second router is necessary. If your company allows it, you could also use a commercial VPN provider such as NordVPN or WindScribe then you wouldn't need a second router but you wouldn't be using your actual home IP Address in that scenario. That will be completely dependent on the Interference where you stay. If your room has lead paint, that will severely decrease range or if there are lots of other signals causing congestion. In general it works great because it has WiFi 6.
Thank you so much for such a thorough response. I will be attempting to try this on my own this weekend. Will me luck lol. I will check back with you and the comments if more questions arise.@@justinreviewsandrepairs5246
Hello, it's me again lol! I am running into a few roadblocks and I think it might be due to the router I am trying to connect to. I have the grey slate router that is featured in the video. Upon further investigation, I see that my home router which is a Netgear Nighthawk AC1750 Model: R6700v3 supports VPN / port forwarding. However, I am having trouble trying to connect the two. I want to use WiredGaurd, but I do not see it as an option. If I add a VPN to this router and take my slate router with me for travel instead of buying the second one featured in the video, would I be able to connect to my home internet seamlessly from abroad? I have NordVPN as well. I hope this makes sense. Thank you so much indance for taking the time to respond to my inquiries! It means a lot.
@@aten6656 make sure you have the latest firmware on both devices. If your Netgear supports WireGuard ®️ you can use it as the server. Otherwise I believe Netgear supports the older and slower OpenVPN.
It is unfortunately still in Beta. TailScale is also in Beta but at least one person was able to set it up manually. The easiest option right now is to use TailScale on a computer that stays home to be your exit node then you can use TailScale on the Travel Router to have a similar setup as WireGuard ®️ without Port Forwarding.
You should set up the GLiNet GoodCloud service for remote management since you would lose access if you were managing the Server directly in some situations.
It's honestly not easy, but it is possible. Cloning the MAC Address is typically the fastest way and is listed as the second option in this guide: docs.gl-inet.com/router/en/4/tutorials/connect_to_a_hotspot_with_captive_portal/
Can I use two of the same routers for the home device and travel device? Or do I need both of these two routers? Can I just connect to my home router without an additional travel router?
Yes, you can use any combination of routers that support WireGuard ®️. A list is in the description of many GLiNet options. If your home router supports WireGuard ®️ you only need a travel router. Most ISP routers do not support WireGuard ®️.
Hi Justin, First, I want to thank you so much for the detailed step by step tutorial. Like most people here I happen to encounter the most common issue - I can’t start the VPN WireGuard Client on the travel router despite setting up the server/port forwarding. Some background, I have Verizon and even after setting up port forwarding, I run the DDNS Test I still have 2 different IP Address and the same warning - from DDNS Domain Resolution is the same as my ISP Public IP, but the WAN Interface Ethernet is still the same one it was assigned initially. Look forward to hearing from you and thanks once again! Edit: Turned out I changed from TCP to Both in the process of Port Forwarding set up and everything started to pick up and worked out fine now.
@@justinreviewsandrepairs5246 Just a follow up question - I expect a big drop in connection speed but what would you estimate the speed to be if I were to be in very long distance (thinking US-Asia Pacific)?
@khanhly-courtleveltennis how were you able to set the port forwarding in Verizon? I'm also using both in the process of port forwarding but it doesn't seem to work .... did you call verizon?
Thank you for the video I want to ask you if I enabled DDNS on the GL.iNet router, do I still need to enable it on the first router, for example, by taking the DDNS address and putting it somewhere in the first router's menu . Note that my ist router has a dynamic ip
Hello Justine, Thanks for this video , I've recently purchased a GL-MT3000 / Beryl AX router and I'm attempting to configure it as a travel router. My current setup includes an ISP router that provides internet access. Is it feasible to set up the GL-MT3000 / Beryl AX as a travel router in this scenario? Or is it necessary to have two routers, with one being the home router working alongside the ISP router?
@@justinreviewsandrepairs5246 Thank you for your prompt reply. I've ordered the GL-AXT1800 (Slate AX) to use as a travel router and plan to configure the GL-MT3000 / Beryl AX as my home router, following your suggestion in the video. I'll provide an update here once I receive my order from Amazon. I'll let you know if this setup works well. Thanks again!
Despite implementing the suggestions provided, including port forwarding on my ISP router and experimenting with "UDP", "both" options, and trying various combinations of IP configurations across two different internet connections, the setup still did not work for me, as I continued to encounter a JSON parser issue.
Please email me a screenshot of your ISP router Port forward page and the Server Travel Router Internet page that shows the IP Address of your connection locally. support@JustinPruett.com I suspect your home router might be on the 10.0.0.x network which would cause a collision with the default WireGuard ®️ setup. The solution would be to change the WireGuard ®️ default network address range.
Helpful Links
Port Forwarding Help: ruclips.net/video/LzBa6KsfG9A/видео.html
Captive Portal Tutorial: ruclips.net/video/46nG8mhm5og/видео.html
Test DDNS: justinpruett.com/glinet-troubleshoot.php
Update: Many cable routers seem to struggle with TCP, please select UDP only in the Port Forwarding rule instead of both.
Update: The Beryl AX came out right after this video was published, it is a much better option than the Opal in a price range that balances price and performance.
Need Support?
I try to answer every email and comment for free. Please see my troubleshooting page for common issues and send me an email if necessary: justinpruett.com/glinet-troubleshoot.php
Want 1 on 1 Support?
GLiNet has partnered with RemoteToHome to provide complete remote setup and can even handle more advanced cases not covered in the video.
RTH has provided me a 5% Discount Code as well: JustinRR5
remotetohome.io/
What do you do once you're in your new location to test and connect? Can you make a video about this
This did the trick!!! I didn't match isp assigned ip! YOU WERE EXCELLENT!! APPRECIATE YOU AGAIN!💯💪🏿🙏🏿
If my home internet has a static ip, what steps would I use? Thanks
@@russhewett514good question.
@@russhewett514 you simply don't use Dynamic DNS. Everything else is the same.
I want to comment how Justin is very responsive and kind to answer questions. From all of us, Thank You
Thank you, I appreciate your support! 🙏
110% He's Awesome!!!
Just wanted to share that your videos took me from essentially 0 knowledge on VPNs to successfully working remotely in Thailand for the past 4 months with no issues.
Using 2 Slate AX as my setup, thanks for the help!
Wow! Thank you for sharing! Thailand doesn't have the best Internet infrastructure according to WonderShare Latency data so it is good to hear it is working there! Thank you!
So nice to hear that it works in Thailand, could you possibly test and see how the latency/ping is and preferably in which city do you test this in Thailand? I am considering working from Thailand with softphone via VPN and am very dependent on a good latency :(
@@nizzar2003 I run my home server from the UK, in Koh Samui the ping has been around 200-300ms which is obviously quite bad but I was able to take calls, there was definitely some slight delay but it was manageable. Have done video calls with no issue also.
@Speatto Thanks for sharing, I think 200-300ms can be as you say manageable, I'm thinking of moving to Phuket or Bangkok depending on where the network is more stable and which allows me to carry out my work with customer service via softphone without a large latency/ ping. @Speatto Do you also have problems with a lot of power outages considering rainy seasons or what is it like in Koh Samui?
@@nizzar2003 power outages have happened yes, I’d say 2-3 times in the last 6 months. There are coworking spaces in al lot of areas (there will be many in Bangkok) which can be useful.
I’d imagine the internet stability would be similar in the main areas such as Phuket/Bangkok. I was in Phuket for a few months last year and it’s great, I will move there soon. If you’re more of a city person then Bangkok is also a great place and probably the best for work/opportunity.
This is amazing! I was trying to find a step by step video and couldn’t find anything until this. This is perfect! Ty so much! The only reason I’m doing this is because my boyfriend is in a different state for 9 months and now I can be with him 💕
Glad it helped! Thank you!
I just want to want to say MANY THANKS Justin! For your time and efforts you put together to make this video tutorial. I got my GL-INET routers talking to each other.
Great to hear! Thank you for the comment! Comments like this keep me going!
Thanks for this great tutorial. I purchased both of the items you used in your demo and the WireGuard service works perfectly. I have used it both domestically in the US and internationally with no problems. I updated the firmware on the home Opal device today, and was warned that the process would remove custom settings, so I had to reconfigure the WireGuard server. The update added a nice feature to the configuration process where you can choose to "Use DDNS Domain" so that it generates the script including the DDNS address, so you no longer need to cut and paste that information manually.
That's great to hear! GLiNet does a great job making things easier to use! Thanks for sharing!
Thank you so much.
I wanted to highlight one thing: I followed the whole video and still faced an error when I was trying to connect(turn on) the VPN client. The reason behind that was my second router was not connected to the internet. So, if you are facing an error when you turn on the client after configuration, make sure your device is connected to the internet (similar to how you connected the first device to your home internet).
Thanks.
facing the same problem do we connect the slate AX to our laptops or an actual ethernet router??
It worked!! It took a while but only because of 2 majors issues #1, I didn't set up port forwarding correctly which required a call to my ISP (really take your time with this one). #2 I inadvertently put both routers on the same Wifi SSID. but switching one of the router to the 5G network, it worked like a charm! Thank you so much for uploading this Justin!
Port Forwarding is tricky and most ISP routers make it even harder, some even give it a different name! Glad you were able to get it all working though! Thanks for the comment!
Hey ugomma, any chance you can show me how you tackled the 5g issue? I may be having the same issue. Can’t seem to run the client
What do you mean set port forwarding up correctly?how do i know if im doing it correctly?
Thanks a million, this is the only video that I found that made sense and was actually helpful with no added long talking.
Thank you!
Thank you Justin. This has been a great help. I travel for work and have always wanted to setup a VPN with my home network. Got the same two routers and the system works great!
Glad to hear! Thank you for watching and commenting! If there are any other tech things you have been wanting to do, let me know, I might be able to make a video about it!
Hey Justin, just wanna say thank you. I can't imagine how much time this guide saved me. All up and running first go, who woulda thought?! You're a real chief!
Thank you! Comments like yours keep me motivated!
Could you please share how you got the public IP address?
Hi Justin!
In the screen show in minute 5:31, I have a tab that says Profiles and has this text:
Each client device that connects to the WireGuard server requires a unique peer configuration. You need to create a separate configuration for each client device; each configuration must specify a unique client IP.
I am unsure what to do about this. It also has an option to Add a profile
From the Server Router you can generate a profile for each Client Travel Router. So if you had three routers and two were to be used as a Client, you would generate a new profile for each one. Never use the same configuration profile on more than one device since it contains unique routing information.
I used Brume 2 for Wireguard Server and Beryl AX for travel router, works like a charm. Like others said here - use UDP instead of TCP/UDP, just UDP.
Thank you for sharing!
I have the same setup. Can you access the Brume Admin page while being connected to the berry client? Because I don't know how to make that work
Hello Thanks for sharing.. how about your work phone? Any ideas of how to use your work phone ?
This video is great. I use the Flint as my home router and Beryl AX as my travel router. Following your instructions made setup super easy.
Glad it helped!
Why did you use Flint?
How many travel routers can connect to flint?
@@karimlonguar5826 - The Flint has a better processor, more memory, more ethernet ports, and 4 antennas, therefore it's faster and better for only $100 bucks. They just came out with the Flint-2 ($149) as an upgraded version.
Hey I have those same router and would needs some additional help with mines
Thanks Justin your videos! It looks like for your work remote set up you recommend using the Slate AX router along with a GL.iNet Opal Router. In this videos comments though you recommend using the Slate AX with the GL.iNet Beryl AX instead of the Opal. Another guy on RUclips who makes similar content/how to videos recommends using the Slate AX travel router with GL.iNet Flint 2 router. And another guy on RUclips recommends using 2 Slate AX routers; he says the Slate AX offers faster wireguard speeds than the Beryl. 1 thing is clear - you all recommend the GL.iNet Slate AX router as the 1 to travel with. But which is the best 1 to have at home? The 4 options you 3 guys recommend are a 2nd GL.iNet Slate AX or GL.iNet Opal or GL.iNet Beryl AX or GL.iNet Flint 2. The router modem currently at home is the Xfinity Gateway XB8 (for Xfinity Comcast internet)... What router would be best to use at home with XB8?
This video is more than a year old so as new routers come out the best option changes. Currently the Flint 2 would be the fastest option but if your budget is lower then the Beryl AX is an excellent ratio of price and performance. A full list is in the description. Let me know if you have any questions or run into any issues.
@@justinreviewsandrepairs5246 I have the Xfinity Gateway XB8 router modem combo at home with Xfinity Comcast internet. I have Xfinity Comcast's largest wifi plan, the Gigabit Extra, which has up to 1200 Mbps. I'm getting the Slate AX router to travel with but I'm not sure which to get for at home - the Flint 2 or another Slate AX router? I'm not sure how to compare them or know which is better for the at home router, can you advice? Thank you!
Hi Justin, thank you for the information! I am planning on buying this router, but I have a quick question.
I need to travel to South America for three weeks, but my employer does not allow me to work from there, and my computer also has a VPN set up.
Can I use this VPN router to set up a US location and connect to my work VPN from there?
I am new to this information, so I am trying to understand how I can do it.
Thank you!
Yes, the two routers basically make a bridge from wherever you are back to your house. However, there are some speed and latency issues with video calls or anything high bandwidth like that. Also, if your home Internet goes down while you are away, you are out of luck. So be sure to test as much as you can before you go. Safe travels and thanks for watching!
@@justinreviewsandrepairs5246this is the same question I had ! So even if I my work computer has its own company built in vpn…I can still by pass this by telling the vpn that my IP address is in my “ home address “ by following your instructions? Just wanted to double confirm this information !!! Please let me know !!! And thanks once again you are the best !!!
@@ratimes8k yes, you can bypass it this way.
@@zahscr aye how can I set up the vpn using a web link from the hotel I am staying at…for some reason I can’t get it done any help
Is there a Killswitch to stop internet if it isn't pulling the residential IP?
Yes, on the Client go to Global Options and enable "Block Non-VPN Traffic"
@@justinreviewsandrepairs5246 thank you so much! You sincerely don't understand how helpful this is thank you so much!
Glad it helped! Thank you! 🙏
Hello Justin. Thank you for this very useful, step-by-step guide. I appreciate your style of teaching. With your help on the nuts and bolts of this operation, my wife won't feel like she's missing out on any of her favorite streaming things while we're visiting Europe.
Thank you! Yes, that is another use for the VPN! But I was pleasantly surprised by some of the shows available in other countries as well! Back at home you can also use it to share streaming service accounts by using one IP Address at two places.
@@justinreviewsandrepairs5246 Unfortunately, I'm running into the same issue as many of the other recent commenters. Unable to start the VPN client on the 1800. The log shows the same errors others are having. 🙄I'll have to call GL Support to see if they can help.
Feel free to email me at Support@JustinPruett.com if they are unable to help. The most common problem is the Port Forwarding step which is different for everyone based on who their Internet Service Provider is. The second most common problem is trying to test using the same Internet connection as the server, which is not possible since both devices are already on the home network.
Thank you so much!! This method is amazinggg! So I just wanna confirm with this method there is no need for a VPN provider like Nord right?
@@Yld.Thigertz I did not use any 3rd party VPN. Only the WireGuard VPN built into the Slate AX and Opel devices.
Jason, you are the best! I have different routers but the way you explained this makes it simpler to follow for other setups. I must admit I watched the videos 50 times during the last week, read through every comment and I was about to email you when I had a last idea and worked! the dot is green now!! thank you
Thank you! And thank you for increasing my view count! 😄 Feel free to comment or email if you do run into any problems!
How is everything working?
Really good. Not a problem at all. I have not had to do anything else after I set it up the first time
@@TitinaOF Hi! I am trying different ways to reach viewers from other countries on TikTok by changing the IP like this. What is your situation at the moment? What do you use that State AX and Opal setup for? What's your opinion? Could something like this that I am trying work with a setup like this?
Just re-watched and can't thank you enough! Got everything setup so now I can work on the go ;)
Any updates? How did it go?
@@jonyvillanueva I only did it once and did not get caught. I work for a different company now where it’s no issue where I work and they actually encourage work from anywhere for up to 4 weeks a year!
Thank you so much for this, because of you I’m able to spend time with my girlfriend abroad where otherwise we would’ve been apart for months
Glad it helped! Feel free to name your children after me! 😜
You deserve an award for this video because you have steps that others leave out. Thanks!
Thank you!
Does this work even if my work needs me to sign into one of their VPN?
Yes, the Travel Router establishes its own VPN connection so you can continue to use your work computer as if you were home, including their VPN service.
Hi Justin, we did all the steps but we cant get the VPN client connected with Wireguard. The log file keeps telling us that is reloading firewall du to the IFUP of modem.
Someone else is having the same problem, I am going to check if new firmware is causing it. If it's not then I wonder if you both have the same ISP causing the problem. I will try to post an update soon.
@@justinreviewsandrepairs5246 We fixed the isuue with support from GL. Instead of choosing "both" in port forwarding, we needed to choose UDP and connect the 1800 in another network than the 1200. Thank you
@@nickkoutris4873 Hi Nick, I think I hit the same problem as you did. On my Client router, the yellow light is always on the "WireGuard® Client" sign of the admin website. Per your solution, is changing port forwarding from 'Both' to 'UDP' the only change you made to solve the problem?
@@nickkoutris4873 this worked for me! I switched the port forwarding from both to UDP. I also connected the repeater with the client wireguard to a different network than the network i was forwarding on (where i had my repeater with the wireguard server). I just used my hotspot to test.
@@chyfsam Any update on this? I'm having the same issue and changing from 'both' to 'UDP' didn't fix the issue
Work in Vietnam and use my home in americas ip address with this method. Speed is lower but it works
Thanks for sharing! Do you have Fiber Optic Internet at home? The distance between the two locations introduces higher latency, so using the lowest latency Internet will provide the best results.
@ I have spectrum
The most useful video on internet! thank you so much Justin!! I'm going to order Slate AX X2. Saludos desde Argentina!
Glad it was helpful! Thank you!
Hi @@justinreviewsandrepairs5246 ! I was able to create my own VPN at home, thanks again!! I wanted to ask you about this: I have a friend in Spain who set up a VPN using Open VPN, but on Linux. He shared an OVPN file (server), but it's not working on my Slate AX (client). Do you think it is possible to make it work?
Lograste hacerlo , yo no he podido
@@TheDicampo Sí, lo tengo funcionando
this is how we work from NorthAmerica while living in Thailand
How is it working for you buddy all.smooth
How the internet speed?
Internet speed sucks when having two router hotspot
@@b.n.y.a1599 i made a tutorial on my channel - how to set up a vpn server and vpn router.
in that video towards the end, i show a button that ensures your connection stops working whenever the VPN stops working for whatever reason.
Do you work from your own computer or one provided by your employer?
Hi Justin, I followed your tutorial to set up my glinet router, but I'm having trouble connecting. I'm not sure where I went wrong. Do you offer paid appointments to help with setup? Thanks!
Are you using a second Internet connection for the Client Travel Router you will be taking with you? You cannot test from the same connection. If you are it is likely a port forwarding problem. Feel free to email me at support@JustinPruett.com
Will shoot you an email. Thanks so much!@@justinreviewsandrepairs5246
Hi Justin! I got everything set up just like in this video. However, when I connect my client Slate AX to a public WiFi network outside the home (Starbucks, the library etc.) I get the message " The interface is connected, but the Internet can't be accessed with IPv4 protocol." It works perfectly when I use my mobile hotspot to connect to the client router. Is there something wrong with my configuration? I am worried because I have an out-of-state trip to go on in 2 days, and need this system up and running. Thank you so much for your help!
Best regards,
Jennifer
Hi Jennifer, sometimes public WiFi networks require you to accept terms of use and things like that, it makes the process a lot more time consuming but it can be done: docs.gl-inet.com/en/4/tutorials/connect_to_a_hotspot_with_captive_portal/
@@justinreviewsandrepairs5246 Thank you so much, I realized that this might be the case. For anyone else, I fixed it by updating my client router to version 4.2, which has a new feature that essentially lets you spoof your MAC address by using a custom mac address. I went through the login page on my iPhone and then went into settings, clicked the wifi network I connected to, and then copied down the "Wifi Address". Then I copied that MAC address into the router, and then the wifi connected to the router perfectly. I hope this is helpful for someone!
Thank you for sharing!
@@justinreviewsandrepairs5246 Hey Justin, I am having the same problem and do not quite understand what to do. I tried to follow the directions that you posted but I was still having issues. It no longer gave me the error message of the internet being accessed, and said that it was connected, however, it did not load any web pages. I also tried to get on my phone hot spot to try that out and it said it was connected but then again, wouldn't load web pages saying that it was not connected to the internet. Could you possibly make a video of you using this system to connect to a phone hotspot or a different wifi network? Just so I could see it visually? Or if not, do you have any guidance? I appreciate this video and your responses so much!! If I can get it working it will be the best thing in the world (and I won't lose my job lol)!
Hey Justin! I just got this setup working using the Slate AX for the client and Brume 2 as the server. Thanks for putting this together, of all the resources online this video was the most helpful. The biggest headache for me was actually getting the port forwarding to work on my ISP modem because apparently its software sucks lol. Anyways, I just wanted to say thanks for this super comprehensive video. If you ever need a testimonial or advice with anything data/software engineering related (that's what I do) don't hesitate to ask.
Thank you! I am a software engineer too! Email me your discord or Google Hangouts if you want to talk shop, I am full stack. Work@JustinPruett.com
Hey @ZahScr , any tips for getting the port forwarding to work?
@@josieicaza7031 for me it was just crappy software in the modem. Make sure that you’re setting up port forwarding on the correct device. For example, I had a modem which was the internet gateway and a separate router for wifi, which meant I needed to set up port forwarding on the gateway modem and connect the gl.Uber to that.
The other thing is try restarting whichever device is doing the port forwarding after you set it up and give it a few minutes. If that doesn’t work then do a factory reset (make sure you can recreate whatever configurations you had) and then try setting up the port forwarding again - also with a restart after.
Hope you get it working!
Thank you!!
@@zahscr did it need a public Ip ? Thanks
I had a prior site to site VPN setup with my Flint as VPN home router, main Netgear router, and travel Slate AX router. Posted comments 7 months ago, everything went well, even worked abroad for over a few months and didn't have any issues. I got a new ISP for some fiber speeds, bought my own TP Link wifi 7 router (Archer BE800), and was curious if I could just cut out the Flint as the TP Link has its own VPN client/server support. I reset my travel router, and I did a quick wireguard configuration, vaguely following gl-inet forum instructions (which were for 2 gl routers and overlap with this vid) and....it works!! only took 5-10 minutes. I don't know if I did something wrong, as I didn't do any port forwarding (I think it may have automatically happen), etc.... but mobile network hotspot is showing as my ISP when VPN is enabled. I'll of course have to test it out more at another location, but I ran all the ip website checks and nothing was bleeding through.
Yes, you can use anything that supports WireGuard ®️ but you will likely find that the performance of the Flint is greater than the TP-Link. You can change the Flint Server to a different Port (and redo the Client configuration as well) so you can run both at the same time. Then you can do a proper speed comparison.
@@justinreviewsandrepairs5246 I don't know the full performance of the TP Link, but it's a fairly high end router, goes for $500-$600, got it $350 Black Friday. Model Tri-Band BE19000 WiFi 7 Router (Archer BE800). I would hope it competes with $100 Flint.
@@justinreviewsandrepairs5246 So far so good, I'll still need to test away from home to ensure the site to site still works. I got a wifi 7 TP link that normally goes for over $500, so I'm hoping it's not any worse than the Flint at being a VPN server.
So it does have WireGuard ®️? Their website does not even list it as having WireGuard ®️. I thought you were going to have to use the much older OpenVPN option.
@@justinreviewsandrepairs5246 Yes, it has WireGuard. It's the BE19000 Tri-Band Wi-Fi 7 TP Link router.
First of all, wow thank you so much for this video! It’s taken me days to find something like this. Thank you for your responses to all questions asked as well. You’re awesome for doing this! I will be setting mine up the way you did it here and I’ll be back to let you know how it goes :)
Thank you! Let me know if you run into any problems!
Seriously I wouldn’t have been able to figure it out without this video and your help! Thank you so much
Glad it helped, thank you!
Thank you so much for the instructions however, it looks like I am having an issue with my port forwarding setting and I call Comcast. They still are not able to do it correctly. I'll try to telenet command to see if my port was being forwarded. But it's not working.
Feel free to email me screenshots of what you have for Port Forwarding. For cable you will need to select UDP only instead of TCP or BOTH. Also, did you use a second Internet connection for the Client Travel Router? You cannot connect while already connected to the same Internet as the Server. Email: support@JustinPruett.com
Hey man thank you so much been working for a week from Colombia .. I'm like the happiest man alive 😂
Hola gorge, soy también colombiano y necesito hacer este puente, podrías ayudarme a hacer el set up de los routers, ta compre los dos pero no se como se instalan, cualquier ayuda le agradecería! Bendiciones, si algo nos comunicaremos por WhatsApp
Perdona q insista es q me urge ir a Colombia y mantener mi trabajo, cualquier ayuda y si hay algún cobro por el tutorialme hace saber, quedo atento. Thank you
No ayuda a los paisanos 😢
Thanks Justin for the comment. Let me give it a try. I exchanged a few msgs with nord, but not getting anywhere with them. I will definitely look up the port forwarding for the xfinity router/modem.
Here is the video that shows how to get your IP Address or MAC Address from your travel router for port forwarding: ruclips.net/video/LzBa6KsfG9A/видео.htmlsi=bpljRVvc_0LTJpt8
Thank you thank you thank you! You made what was quite a complex challenge (for my low technical aptitude) so so easy to follow! I got hung up on setting the port forwarding for AT&T because I missed a step bit after that it worked like a charm
Port forwarding is tricky because every ISP router is different, glad the video helped though!
Can you PM me how you did port forwarding with AT&T because I wasn't able to set it up?
Justin Thank you very much for this video. I have zero knowledge on networking and it was difficult to understand initially, but after watching it few times I was able to set it up. This solved a major hurdle i was facing all these days. And this is the only video which clearly points out what to do. Thanks again for your effort.
Thank you! One major change since the video was made is the "Block Non-VPN Traffic" is no longer on by default in the newer firmware. I think it should be turned on for better security: docs.gl-inet.com/router/en/4/faq/block_no_vpn_traffic/
Hello Justin! So I think I’ve got most of it setup now, but I’m just really confused about a few things. So for my travel router, I wanted to make sure everything is a wired connection with my MacBook so I never need to turn WiFi on, but noticed I can’t access the admin portal unless I connect to the router via WiFi through my MacBook. So each time I want to connect to a network I would need to: connect to the slateAX via WiFi, tether to a network through the admin portal, then turn off WiFi and connect with Ethernet? Also confused about the MTU in the config that I pasted to the travel router, and an option to select, “services from gl.inet use vpn”
Thank you for your wisdom
You should be able to connect from either connection, are you using the WAN port? You may have an IP Conflict preventing you from accessing the portal.
MTU is an advanced topic, you should leave the defaults in place unless you want to run multiple tests and fine tune the setting.
Thank you Justin for the informative video! GL-iNet is now version 4.5.16 and options are rearranged (a lot) but your video still hits all the major points.
On your remote client router, Slate AX in your example, did I miss where you can specify a split router?
In an ideal world what two GL-iNet routers would you recommend for 2024?
Another question I can not find a definitive answer; I want my Client(s) to access location A and location B.
I would like to be able to reach all devices in BOTH locations.
If location A, HOME devices are 192.168.1.x/24, do devices on location B, OFFICE have to be on a different sub net 192.168.2.x/24 (NOT be the same as 192.168.1x/24)?
Thank you, I guess it is time to make an updated video.
For your use case I would highly recommend considering the Ubiquiti UniFi UDM Pro to establish the site-to-site connection. They have some cheaper options as well, but in general Ubiquiti is very expensive because it makes that type of advanced network set up easy. The GLiNet routers are great but they are not intended for your use case.
I will need to upgrade my firmware to see what you are seeing as far as the split "router", could you explain what you mean by that?
Hi Justin, Thank you I see you have replied to everyone. I do have a question ! just started working remotely but they give me a little cpu which I plan on taking with me, what should I look for on the computer that might jeopardize my plans to go ? are there tools they have to conclude that this CPU left the country? I feel pretty confident everything will work just fine but I just want to make sure Im good. Thanks man
If your company is spying on you, there is not much you can do. This method basically just makes it to where you don't raise red flags, but if they are actively trying to detect you there is nothing you can do since they own the hardware and have full access to the device.
Definitely look out for GPS and Cellular Connectivity tracking, but it is still possible to track people using Bluetooth and WiFi. The same networks that help you find lost pets and keys can be used to track you!
Despite all of this, only one person has emailed me saying that they got caught, and it was because they didn't turn the VPN on before connecting their laptop.
Most people know when their company is spying on them because the company culture is already toxic and does things like making you keep your webcam on all day.
Let me know if you have any more questions as a new comment since I don't always get notified of replies.
Thank you
I need your help George, soy colombiano también 😅
@@TheDicampo pues no soy un experto, solo segui las instrucciones jeje que pregunta tienes?
Hello Justin. You have helped me greatly in the past. Would you have any idea why suddenly port forwarding would just stop working, saying no internet? Here's a brief. The opal is at the house (Chicago) and the Slate is with me (St. Louis). When trying to port forward is says no internet. I switch the mode button and the internet works (but with the ip address in STL). I had this issue several weeks ago and I thought that the Opal went off line or there was an internet problem at home. When I got back to Chicago I tested the port forwarding using my cell phone as the internet provider and the port forwarding worked (ie showed my Chicago home IP, and when I switched the mode it showed the IP address of T-mobile in Chicago.) So, now when in STL the port forwarding does not work when using my phone as the provider or the home internet (100 mbs download and 10 mbs upload). I just get "no internet", but when I flip the mode I get internet, but with the local STL ip addresses. Any guidance would be most helpful. Thanks again, for putting up this type of content.
I think you are calling the VPN "port forwarding" but port forwarding is just one of the steps on the ISP router to allow traffic to the Opal. It sounds like your ISP router lost the setting or changed the local IP Address of the Opal. In either case it will need to be corrected. You may want to consider a UPS if a power outage (even a quick one) is to blame?
Hi Justin - My use case is working remotely from other countries (outside the US) while using my home IP address in LA. At home, I currently have Spectrum cable with a separate router and modem. What gear from Gl.Inet should I buy to ensure that my zoom video calls have no lag.
A: 2 Ax Slates (1 at home, 1 away from home)
B: 1 Slate at home, 1 Beryl AX away from home
C: 1 Beryl Ax at home, 1 Slate at away from home
D: 2 Beryl Ax (1 at home, 1 away from home)
E: 1 Flint 2 at home, 1 Beryl Ax away from home
F: 1 Flint 2 at home, 1 Ax Slate away from home
Given that Spectrum provided me a specific router and modem, does that mean that options E and F (using a Flint 2 router) is off the table?
Thanks!! This is extremely helpful!!
D would be your cheapest option, F would be your fastest option. All options will work. You will be limited by your cable connection which typically has low upload speeds and high latency. Upgrading to Fiber Optic Internet would be ideal to support video conferencing. For example, I have 500 download, 500 upload, and less than 4ms latency with Frontier Fiber and that allowed the Opal to achieve decent speeds for the price. The Beryl AX supports much higher speeds than the Opal.
@@justinreviewsandrepairs5246 Amazing! Thank you super helpful. I think I will go with F. just want to confirm my last question though:
Given that Spectrum provided me a specific router and modem, does that mean that options E and F (using a Flint 2 router) is off the table?
The Spectrum Modem and Router combo unit can be changed to modem only so that all traffic will be handled by the Flint 2. I believe they call this Bridge mode on the Spectrum Modem Router Combo.
You can also just Port Forward to the Flint 2 as you would have done on the Beryl AX. The Flint 2 form factor may be different to provide better WiFi coverage but much of the setup is the same if you go the Port Forwarding route or the Router route.
@@justinreviewsandrepairs5246 Thank you!! Really appreciate you taking the time to respond. I owe you!
I picked up Brume 2 and slate ax
Is the setup similar?
Thanks
Yes, but obviously the Brume 2 does not have WiFi so it will need to be plugged in which is the preferred method for the server anyways. Let me know if you run into any problems.
I'm thinking of going with the same setup as you...have you got it up and running? If so what kind of speeds are you getting? Also does your actual computer location show you actual location or the location where your home ISP is? Thx very much in advance!
@@TylerTheCompiler ended up having to return brume and get an ASUS router
Is it possible the connect the GL.iNet GL-AX1800(Flint) WiFi 6 Router at home and have the opal to connect to it and carry it abroad
Yes, but the Opal is pretty old now, the new Beryl AX has come out since the video was recorded which is more powerful and has the latest features.
@@justinreviewsandrepairs5246Thanks for your reply, I actually plan on getting the Beryl soon, but I can only afford the Opal for now. One more thing, can I connect it if I have already left my home country if I have someone back home to help with the setup?
Yes, they can do the port forwarding and send you the configuration file you need to connect.
Is this possible without access to the router to setup port forwarding e.g. using tailscale or zerotier? If so, can you also make a video showing steps on how to setup. Thanks.
You could setup ZeroTier ahead of time and then have the person you ship it to plug in power and Ethernet and be good to go. I hope to start on a ZeroTier video soon.
hi Justin. quick question. I also have frontier and looking to buy a GL-MT3000 / Beryl AX (for travel). I want to connect to my home IP in USA from Ecuador. Do I need to buy a second travel router like you have in the video (because you have the OPAL for home) I was looking at the GL-MT6000 / Flint 2 for home to "" what frontier provides. That is my question. can I simply replace the frontier one or do I need 2 routers at the home like you have the OPAL and the one from frontier? I appreciate the time and effort you put into breaking down step by step how to move forward with setting up wireGuard to connect to our home IP.
Frontier is great, it is Fiber Optic Internet so you can plug in any router to their ONT. So the Flint 2 would have a cable from the ONT to the WAN port of the Flint 2 and run your Server without the need to Port Forward.
The Beryl AX would be your Client, but keep in mind you should still test your setup from a second Internet connection.
In the video, I was actually port forwarding from the Frontier Router to an Ubiquiti UDM Pro router that was port forwarded to the Opal Travel Router that was running the Server. So there is a lot of flexibility with how you can set things up.
Today, there are some other brands that offer WireGuard ®️ as well, so if you happen to have a supported Asus router or Ubiquiti UDM Pro, you could actually use that router as the Server. I used the Opal because it was the cheapest option that still provided decent speeds at the time. Today I would probably buy two Beryl AX for about the price of the Opal and Slate AX. The Flint 2 is designed for home use so it is larger, but it does provide the best WireGuard ®️ speeds you can get between the four routers we discussed.
@@justinreviewsandrepairs5246 thank you so much for the reply. Do you recommend I set up the DDNS? is that a must or I canuse it without that set up.
If you have a Dynamic IP Address from your ISP, you must enable DDNS because your Public IP Address could change at any time. If you have a Static IP Address you can leave it off because your Public IP Address will never change. Most Residential ISP will have Dynamic Public IP Addresses so you will need to enable DDNS. The GLiNet DDNS service is provided for free so you might as well take advantage of it.
Just wanted to let you know your help here was instrumental in allowing us to access all our U.S. accounts while in Portugal. We were able to access everything in the U.S. as if we were there, at home. It worked flawlessly with the GLinet AX Slate and Opal routers. Took a little while to get it set up properly before we left, but with your help, it worked great in Portugal. We plan to head back there next year and this gear will be going with us again! Thank you.
Thank you for sharing! I am glad it worked well! 🙏 Thank You!
Hello, Justin. Thank you for sharing this very informative video.
I have the Slate (for travel) and the Opal (for home).
ISSUE: When I copy/paste the manual configuration into the Slate router (under WireGuard Client), it will not allow me to save (i.e., Apply) the file. The input box turns red when clicking "Apply." Based on what I'm seeing, my copy/paste looks identical to yours (and the example on the GL-iNet page).
Do you have any idea what I could possibly be doing wrong?
Thanks.
Solved.
Instead of copy/pasting, I "downloaded" the configuration file from the Slate and uploaded it to the Opal. That seemed to work.
That is interesting, it should work either way. What operating system are you using?
@@justinreviewsandrepairs5246 MacOS Sonoma 14.5, not that it would matter since it was a simple copy/paste exercise. Oh, well. I'm glad I got passed this point. Hopefully someone experiencing a similar issue will do what I did.
BTW... you replied to my comment within 6 minutes?! That's nuts! 😂
Awesome response time! 👍🏻
Macs do some interesting things sometimes, not sure if it was a factor here, but they have something called "Smart Quotes" and "Smart Dashes" which will change characters such as ' and -- to Mac style quotes and dashes.
Hey Justin!! Went out and bought the Gl.Inet Flint 2 and Slate AX 1800. Used you video as a guide to set up these two routers.(Also followed up on your comment from my last post using tail scale to tunnel into routers).Here is the deal tho.If my home router is connected to my home ISP(CGNAT-STARLINK) then the two routers dont get a handshake over VPN or Tail scale! (Port forwarded,DDNS confic file,everything setup the way you showed) But if i take my home router to a friends house with a fiber line and then test the two routers (both on two different networks) everything works perfect!! drives me insane! I have tried Zerotier and Tailscale with no luck. Any recommendations that i have missed? Got a flight this saturday worst case i just leave it at a buddies house THNX man
It sounds like the issue is Starlink or the Port Forwarding step. While Starlink is fast, it is not as fast as Fiber Optic Internet so you may want to consider paying your friend to host it. But let's take a look at your Port Forwarding settings. I replied to your email.
I saw some other videos mentioning that you need to turn off your work laptops Bluetooth/WIFI (in order not to reveal your location).
Does that even make sense? Isn't the point of the portable router to be a WIFI access point for the laptop to connect?
The reason this is suggested is that the nearby WiFi access points could be used to determine your location. Think about "Hotel Barcelona" being the WiFi name... But in reality, unless there is a physical switch, WiFi scanning is typically available while it is off anyways. So if your company is using advanced tracking software, the risk is very high.
This was such a helpful video and I got my routers talking a few months ago! My routers somehow got disconnected 2 months ago, so I need to do the set up again. Will you be doing a refresh of the set up reflecting the new 4.7 upgrade UI?
Sorry to hear that, please check the Port Forwarding settings before resetting the routers. Some ISP routers have extra steps like setting a Reserved IP Address for the Travel Router so it will remember the Port Forwarding settings after a power outage. I do need to make an updated video, but I have been waiting for the TailScale update -- it's always around the corner but I need to give in and just make the updated video as is. Thank you!
Hello Justin, Do you have any information on setting this up using cloud management? I don't have a public IP address and I saw online that in that case I cant use ddns. I have the cloud management set up but do not know how to proceed in the process now that it is bound and active. in the video your next step was the wireguard server.
If you don't have a Public IP Address (You are likely behind a CGNAT) then you will need to use TailScale or ZeroTier which are both still in Beta. To complete the setup in Beta you will need to be comfortable with command line to set the Exit Node.
@@justinreviewsandrepairs5246Since i messaged two days ago I have returned my opal, bought a Beryl, got the Zerotail account and set up Beryl in the app. I am unsure on how to run a test or to proceed with connecting my slate(what I'm traveling with). Can you assist me further, I do not know what to do from here or what you mean by "command line to set exit node". I am willing to pay.
Tailscale or zerotier is slow and detected by most cyber security application , the solution is to use the cloud vps to make tunnel when you not have public ip address
The command line is where you would run raw commands on the router without a web dashboard. If your company allows it, using a commercial VPN Provider such as NordVPN or WindScribe would be much easier. Unfortunately using a commercial VPN provider will not allow you to use your Home IP Address, but you can choose a server that is in your city, state, or country. For many people the commercial VPN provider is also faster than you can run from a CGNAT Internet Service Provider like you have.
In my area, most people have access to Fiber Optic Internet for $40/month which is ideal for running the VPN Server. If you are using Wireless or 5G/4G Internet then you will have higher latency which will negatively impact your speeds.
For WindScribe you would generate the configuration file from this page after logging in: windscribe.com/getconfig/wireguard
Hi Justin, very easy to follow video thank you for this! I have one question though. I have two Gl.iNetSlate AX router's and it works perfectly with the example you showed in the video. But, with the Slate route (the one I plan to keep at home) when it is connected directly to my modem via Ethernet (and not Wifi) the VPN will not connect and it gets stuck on connecting (yellow dot) with some error messages in the logs. I checked the port that was forwarded and that did not seem to change. Any ideas? Thanks again.
Thank you! Did you change your port forwarding when switching to wired? It will be a different IP and/or MAC address as seen in this video ruclips.net/video/LzBa6KsfG9A/видео.html you can also email your logs to support@justinpruett.com if you would like me to take a look.
@@justinreviewsandrepairs5246 Thanks for the quick reply! That fixed it! One last question. I am getting around 500 mbps download speeds per second on my home modem and around 50 mbps on the travel slate router. Anything I can do about this? Thanks again for all the help
The Internet connection on both ends plays a role. With the VPN off, what are the speed test results of both connections? Upload, download, and latency.
@@justinreviewsandrepairs5246 Seems it is around the same for both (VPN connected and not) around ~50MBPS download and ~5 MBPS for upload. Not sure how to check latency just running the google internet speed test
5mbps is very slow for an upload speed which will severely limit your overall VPN speeds. The google speed test displays Latency after the test is complete right above the Server line. It should be presented in milliseconds (3 ms is mine for reference)
Hi Justin, couple of question,
1) can someone set up the server in country A, and I set up the client in Country B ? (without leaking location, I have a VPN) or do I have to be in country A to set both up before leaving for country B
2) if we are on a work computer, wouldn't we still be getting internet from the local ISP ? hence that information can be available/retrieved
1. Yes, they can send you the configuration profile and you simply load it into your travel router.
2. I am not sure what you mean, yes the travel router needs Internet itself before it can connect to the Server Router back home.
2. If you are asking about the VPN, the VPN is on the Client Travel Router so no software is installed on the work device. The Travel Router basically creates a virtual cable back home.
Hi Justin. Great videos - they've brought me up to speed. But when I do the DDNS test I am getting the following error message: The IP address from DDNS domain resolution is not the same as the WAN IP of the device. You need an Internet Public IP address to use Dynamic DNS. Not sure what this is about.
Thank you. The warning message is there because your GLiNet router is behind another router and will require Port Forwarding. You can use the test on this page to confirm DDNS is working: justinpruett.com/glinet-troubleshoot.php
At 8:29 you mentioned our phone could also use my residential IP, would that be something manually we would have to do after changing the plain text? Would that also mean I could use my phone on my normal cellular data plan, but everything would look like it was coming from my home IP?
You can install the WireGuard ®️ Client on your phone, but it is not as full proof as using the router. Also, if you intend to use your phone as a HotSpot to share your Home IP, that was only briefly available in an older version of Android. play.google.com/store/apps/details?id=com.wireguard.android
Great video. Thanks.
How is the Network mode (router, AP, Bridge) configured in the Opeal and the Beryl?
The network mode is in Network -> Network Mode: docs.gl-inet.com/router/en/4/interface_guide/network_mode/
@@justinreviewsandrepairs5246 Right, but which one of the options did you choose after that?
For this video, both routers are set to router mode.
Justin, good to know I was not rude. Ok, here is the quick scoop. Just arrived back home and used my phone's internet through the slate ax to see if it would talk to the opal. I got same thing "no internet". however, I unplugged the opal and plugged back in, waited a few minutes for it to cycle up (my term) and voila they found each other I have internet from "home ip address" where the opal sits. So, I guess the issue is leaving the opal on all the time without any traffic (my term again), it sort of goes to sleep/offline and not available for the slate to find. Going forward, I will leave it off until I travel. Do you know of any other way to wake it up besides physically unplugging it/turning off/on? It is a bummer that this is the case because it makes my logging into my work's network from my "home ip" while working remotely very difficult. Hope I made sense this time. As always, thank you for your guidance and expertise.
You shouldn't have to reboot it, I have been running my Opal for more than a year now without issue. Please reach out to GLiNet to see if they can do anything for you. Either way I would consider upgrading to the Beryl AX which is newer and more powerful than the Opal.
Hi Justin,
After watching your video, I purchased both the GL routers to set up port forwarding and work from Canada, showing my home address in Dallas. However, I am unable to see the GL-MT 3000 device on my Xfinity network port forwarding devices 6:46 .
Could you please help me with this issue as I am currently stuck?
Thanks
Hi, the Xfinity routers use an uncommon IP Address range that happens to be the same as WireGuard ®️. You will have to change WireGuard ®️ so it has a unique address range. Please see "Local IP Address Conflicts" on this page: justinpruett.com/glinet-troubleshoot.php
@@justinreviewsandrepairs5246 I'm finding it a bit difficult with my current modem. Do you suggest I buy a new modem for my Xfinity internet provider? If so, which one would you recommend?
Thank you!
Please send me an email at support@JustinPruett.com
Xfinity has a few things that are problems but are easy to fix.
Hi Justin great in depth video!! Just ordered two GL Slate 1800. One will stay in TX and im traveling to Africa in a month. Question 1) what is the best way to bypass (CGNAT) using this method some threads suggest Tailscale? My Isp is starlink unable to port forward.
Yes, TailScale and ZeroTier are two common methods. Setting the "Exit Node" from the GUI is not available in Beta yet, so it will require some manual command line setup to complete the install: docs.gl-inet.com/router/en/4/interface_guide/tailscale/
Thank you, I found this informative. I did have a question about security though, is the information encrypted between the gli routers?
Yes, you'll notice in the configuration file that there is a Public and Private Key which is used for encryption.
Justin - Thanks for this detailed step by step instruction. I am out of country at the moment, can my friend setup the server in his house in the US and can I order a separate router and set it up as a client remotely co-ordinating with him ? Will that work for the initial setup ?
Thank you! Yes, they can set up the server and send you the configuration profile. The small text file includes the connection information so all you do is load it in and connect.
My company has given me the green light to work remotely from anywhere in the world but with a huge wink that this isn’t officially agreed on and more so verbal. All they ask is that whenever I access something with my company provided laptop it looks like I’m in the US. Do I still need to do this 2 travel router setup or can I do a single travel router with a commercial vpn like your last video? I’m not too familiar with setting this all up so I’m watching the two videos to figure this out now. I see another one of your comments say you would recommend the flint 2 over the slate? And if budget is a concern to use the beryl? Does this 2 router setup primarily benefit if I need my ip address to show my home address at all times?
Congrats! Which method you use depends on your company and/or your preferences. The two router method works with any company while the commercial VPN method may not work with every company due to their security policies blocking commercial VPN Providers. If your company allows commercial VPNs the setup is easier and they provide VPN Servers across the country which could provide lower latency and better speed than your home server. You can start with 1 router and a VPN Service to see if your company allows it, and if not, you can get the second router.
The Flint 2 is the fastest option and the Beryl AX is the slowest option (but it is actually still very fast for the price). The description has a list of routers you can choose based on your budget.
@@justinreviewsandrepairs5246 i ended up getting a flint2 to be the main router and vpn server. i got the beryl to bring with me. i just finished setting it up today and i believe it is working. now i turned all the eeros in my home to access points with the main gateway as bridge mode very exciting stuff
Hey Justin! Great video. My home setup: Linksys router plugged into my cable modem. On my Linksys router I've enabled DDNS and it's working perfectly. I just ordered 2 AXT1800s. I'll configure one AXT1800 as the Wireguard server and plug it into my Linksys. I know how to set up port forwarding on the Linksys, so I'll do that for the Wireguard server. I'll configure the other AXT1800 as the Wireguard client, and this one will come on the road with me. Here's my question: since I have DDNS set up on my Linksys router, do I need to set it up again on the Wireguard server? Or will the Wireguard server just inherit the DDNS IP from the Linksys router? Additionally, if I don't have to set up DDNS on the Wireguard server, then I shouldn't have to override the IP address in the config file that Wireguard client uses, correct?
It won't hurt to turn on the GLiNet DDNS, you can run both. The one you choose to use should go in the configuration file for the client. The DDNS stays updated as your actual public IP Address changes, if you don't use DDNS then you will have to manually update your IP Address every time it changes.
@@justinreviewsandrepairs5246 Well, I followed your advice and I'm happy to report that I got it working the very first time! Easy peasy. You're a rockstar, Justin!
I am glad you found setting up your own VPN Server to be easy! Don't say it too loud or the VPN companies might start disliking this video! 😆
@@justinreviewsandrepairs5246 😀
Thank you for this tutorial. I am interested in this setup, the choice of using the Opal as the receiving router. Was it chosen because there is no need to have two Slate routers for this setup and hence going with the lower priced Opal? I believe the Opal has a slower WireGuard speed does that effect the connection speed at all? Thank you
The Opal is the cheapest option (that still works for most tasks) while the Slate AX is the most expensive travel router (there are more expensive non-travel routers). You can choose any of the combinations of routers from the Description of the video or you can even use other brands such as Ubiquiti. For most people, the Beryl AX is a nice balance between performance and price. Your connection speed is limited by the routers you choose, the Internet connection on both ends, and the latency between those connections. For the Home Server, you should get Fiber Optic Internet for the best performance. Feel free to email me if you need any help. Thank you!
Hey mate could I use the brume2 for home and take the slate AX with me? Already own the slate AX just need to buy the home one and leaning towards brume2
Yes, the Brume 2 is a good option for home, it is comparable with the Beryl AX but it has more RAM instead of WiFi.
Hi I want to run the same setup and wondered if yours is working? What kind of speeds you're getting? Does your laptop show the location where you actually are or show the location where the Brume 2 is?? TIA!
Suuuuper helpful video, thanks so much. Very new at this, so maybe this is a stupid question - is the second travel router left at home the most inexpensive way to do this? I have a netgear router which doesn't appear to support wireguard, just openVPN, so I suppose getting another gl.inet router is the cheapesr way to set up a wireguard server?
Secondly, would plugging the home gl.inet router directly into the modem and bypassing the other home router obviate the need to set up port forwarding?
Thank you!
If you don't need the VPN to be fast, you can use OpenVPN on your existing router. Otherwise GLiNet is a very affordable way to host a server. If you have old computers you could use those as a server, but it would need to be left on 24/7 so the electricity cost may be a factor to consider as well since the GLiNet router uses about as much as an LED light bulb whereas an old desktop computer is like running a TV.
Yes, if you plug a cable into your Modem (Or ONT if you have Fiber) and then the other end into the WAN port of the GLiNet router you can skip Port Forwarding. In this case, the Internet Page of the Dashboard should show your Public IP Address under the Ethernet connection instead of a Local IP. You can use ip.suzam.com/ to view your Public IP Address.
Let me know if you have any other questions,
Thanks
@justinreviewsandrepairs5246 Perfect, super helpful. Yeah the only pcs I have are electricity guzzling custom builds, so probably going to first try using openVPN with my existing g router, and then springing for another beryl ax to set up as a wireguard server if that proves too slow.
Thanks so much, by far the most helpful video on the topic I could find!
Thanks! If you run into any issues just let me know as a new comment or an email. RUclips doesn't always alert me of replies. Support@JustinPruett.com
Which combination is better: a Slate AX device for home use and a Beryl AX router for travel, or using two Beryl AX devices? My home internet speed is around 100 Mbps.
Both options would cost around $180-200. Is there a more budget-friendly combination available? I would be satisfied with 40 Mbps.
Thank you so much for your content and all the free advice; I really appreciate it!
TLDR: two Beryl AX.
You could potentially save a few dollars getting the Brume 2 for home and the Beryl AX for travel. Set up is a little more complicated without WiFi, so I prefer to just spend the extra money and get WiFi even though I will only use it for the initial setup. The description has a list of devices at the bottom.
Before I buy two Beryl AX routers, can I still hide my location if position detection stays active? Unfortunately, it's a work laptop, so I can't turn off location services.
You need to make sure the device does not have other tracking methods such as GPS or 5G. If there are no other tracking methods the location should be based on your IP Address which you can lookup using www.revercell.com/ip.php
I set up the Server router on my home network as indicated in the video. When I set up the Client router at my home, the one that I will use for remote work, in set up do I also connect the Client router to the same home network? Or in order for the set up to occur correctly, the Server router is on the home network, and do I need to set up the Client router on a non home network or hotspot? Thanks!
Yes, the client router should be on a different network or hotspot. Most routers won't route correctly when on the same network. Thanks for watching!
Hey Justin! Me and my GF bought 2 Beryl AX's and are trying to follow your tutorial. Everything is setup but we get this in the log when trying to connect to the vpn from the second Beryl router: "user.notice firewall: Reloading firewall due to ifdown of wgclient ()". I am kind of clueless right now and would greatly appreciate any advice you can give us :(
Are you using a second Internet connection for the Second Travel Router? You cannot connect while already connected to the same Internet as the Server Travel Router. I have some additional common issues listed here as well as my email: justinpruett.com/glinet-troubleshoot.php
@@justinreviewsandrepairs5246 thank you so very much! We got it working after reading through your troubleshooting guide and are now planning a trip! You are a godsend, truly truly such a kind human being for putting all this content and help out there for people. Thank you !!!
Have a safe trip! Thank you!
Hello Justin,
I’m just kind of confused about a few things:
So I’ve setup the wireguard VPN on my Flint, and tunnel is successful through my Slate. I’m just trying to figure out how to make everything a wired connection since I’m afraid to turn the WiFi on my MacBook.
So when I’m in a new airbnb, how would I be able to establish the tunnel (turn on wire guard through admin panel) without using WiFi? Just wanted to make sure VPN is up and running when using my work laptop. And if I have to connect the router directly to the router in the airbnb via WAN, wouldn’t there be issues with port forwarding every time I’m in a new airbnb? Just a bit confused because I know I can just connect to the Slate via WiFi, and start tethering to the airbnb network, but would it be safe enough to do it that way? I just need to make sure the device doesn’t know my true location. Does the slate AX automatically load my setting and run wire guard tunneling each time? Or do I have to activate it each time? And when connecting to the Slate, would I be connecting my MacBook to it though the LAN port, if the router is tethering to the airbnb router via WiFi?
Also a bit confused about the “MTU” I have to paste to the config on my travel router. I can see in your video that it didn’t contain a MTU to paste.
There’s also an option to select "Services from GL.inet use VPN" when I was activating the kill switch (Block Non-VPN Traffic) do I also need to activate the other option?
I’m sorry if this sounded confusing, I don’t really know anything about networking. But stumbling upon your video motivated me to take the leap and start traveling the world while working remotely.
I really appreciate any knowledge you can provide me with!
At each new AirBNB you would need to connect the travel router via WAN or connect via WiFi using another device such as your phone. No port forwarding is needed for the client.
MTU is an advanced topic, the default is fine for most
Hi Justin thank you so much for all of the service that you're doing. I read your comment about them just wanting to make sure you have a secure connection, I agree I think most IT people don't have the time to dig any further really unless you give them a reason. I was wondering do you think if I buy the slate AX and install a residential VPN on it here at my home and then Ethernet into it, that would generally speaking be enough?
A residential VPN from a third party service or running the server yourself? Not many third party services offer residential IP Addresses but there are some.
Hi Justin! Thanks so much for the super helpful guide. I have followed the same steps exactly and was successful in connecting, however, I ran into a couple of issues. The first one is, the travel router (AX) would not connect to my Home IP VPN if the AX is connected to my home Wifi, it only connected when it was connected to an external network (my iPhone as a hot spot or external Wifi network), is this normal? Or is something wrong?
The other issue is, the speeds are very slow, I mean given network speeds of about 100Mbps to 150 Mbps, I got speeds of about 5Mbps to 15Mbps with bad latency (about 60ms) when connected to Home IP VPN, please let me know if this speed reduction is normal or if there is something I can try to help with this. The Opal is connected via Ethernet by the way.
Yes, the Slate AX should be on a different network than the Opal that stays home. Increasing speed is tricky, using WireGuard®️ is the faster option so then you can try using Ethernet cables instead of wireless and make sure your upload and download speeds from your Internet provider are fast.
@@justinreviewsandrepairs5246 thanks a lot man!
@@-Above-Average- Any updates?
Hi Justin - thanks for your video. We followed your instructions and they worked out fine on the latest (2024) firmware of the opal (home) and beryl ax (travel). So I was excited to bring the beryl on my trip. It worked quite well on my first week or so in Beijing - speeds are not super fast but decent. Then the wireguard client just suddenly turned yellow and I can’t get it to work anymore. The opal back in the US seems to be fine - pls help. I really need to get the beryl back up again. Thanks
Sorry to hear that, please go to the VPN Client and click View Log and email me those errors. Support@JustinPruett.com
hi Justin - we managed to make this work and even if i were getting speeds that are less than half of what i have in my home network, it was still useful for my purpose. After I returned from travel last week though, my speeds dropped quite significantly - it was ranging fm .01 to .08 mbps only. I already updated both my home and travel router to the latest firmware and tried to open new ports to use. But the speed has not improved at all it is now practically useless. Pls help - we’re out of options now. Thanks in advance
Hi Justin. my Asus home router (ASUS RT-AX5400) has Wireguard built in and I set up both Open VPN and Wireguard with my travel router ( Beryl AX ). A question, do I need to turn on Dynamic DNS on Asus router? or/and Beryl AX router? and If yes, do I need to edit configuration file from Asus router the same way you did before I use it for Beryl AX client?......btw you were absolutely correct, Wireguard is 4 times faster than OpenVPN :)
Yes, unless you have a Static IP Address from your Internet Service Provider (ISP), you will need to turn on Dynamic DNS so your Client Travel Router can connect using the DDNS name which will update automatically every time your Public IP Address changes. Otherwise you would have to change the address manually in the configuration every time it changed.
Yes, OpenVPN is fast enough while still within the same Country, but every bit of speed helps when you are overseas. Latency is extremely difficult to manage over great distances.
Thanks for the reply. My DDNS on Asus router was actually on.
I am going to be traveling soon to Brazil and will test it there. OpenVPN didn't work consistently in Costa Rica. In one place where internet was 100MB , I had 3mb download, but then another place where there was a fiber internet and speed was 300MB, I had less than 1mb. Strange@@justinreviewsandrepairs5246
Hi Justin, I have two quick questions.
Is it possible to do the exact same setup on two Opals for both at home and traveling as it's cheaper? Or do we really need the slate ax as our travel router?
Second question is, do we need to connect the travel router to a hotel wifi via ethernet or wifi to get internet? Even if we plug our laptop to the travel router via ethernet?
If so, how do we do that? I don't think you covered that in the video.
Thank you!
Hello,
1. You can, but it would be slow, the Beryl AX would be a better option that is in the middle as far as price.
2. Yes, you must provide Internet Service, preferably Fiber Optic if available. If the Hotel requires a login, you will need to bypass the captive portal using these steps: docs.gl-inet.com/router/en/4/faq/connect_to_a_hotspot_with_captive_portal/
@@justinreviewsandrepairs5246 Thank you for the response.
Just for more info, what do you mean by it would be slow for having a second opal as a travel router? Do you mean the internet speed? Is it bad just for regular browsing that doesn't include any video streaming?
As for the second question, is there an option to just use the travel router as wifi repeater? Does that option exist in the opal as well?
If I were to use it as a wifi repeater, how would I do that?
I just got the opal today and I have the slate as well but I'm thinking of returning the slate in favor of getting another opal.
Sorry for the long questions and thank you again!
@@justinreviewsandrepairs5246 Also is the opal lacking feature wise or they all have identical features to make this possible?
The Opal has less features, a slower processor, and older WiFi technology. As far as the features you listed, they should be available on the Opal. When I made the video, the Beryl AX was not released, now that it is, getting the Beryl AX is a good mix of features and price.
Changing the network mode to Extender might be the option you are looking for : docs.gl-inet.com/router/en/4/interface_guide/network_mode/
Hey Justin thank you for this amazing video! Most detailed out of everything I looked up. I watched multiple times now and sorry for some dumb questions if you don’t mind.
1. With port forwarding between home router and travel router, do we need a VPN subscription like NordVPN? Cuz I looked up NordVPN and they dont allow port forwarding, and also I didn’t see you logging in to anything.
2. What is your Frontier router’s role in this? I saw that you are leaving Opal at home and traveling with Slate AX but didn’t get why you’re adding in Frontier.
Thank you!
Thank you!
1. In this video you are basically running your own VPN Service, you do not need Nord for this video. There is another video that covers using Nord.
2. Frontier is my Internet Service Provider, they provide me with a router and instead of replacing theirs I added the Opal. If you have Fiber Optic Internet you can probably get the Flint 2 router and replace the ISP router completely. If you have cable, you must use a modem which typically is bundled with a router these days. So unless the GLiNet router is the main router you will have to do the Port Forwarding step.
Please let me know if you have any other questions
Thank you
- Justin
@@justinreviewsandrepairs5246 hey Justin, thank you so so so much for explaining. The set up worked out perfect for me. The two things that did the trick was first only enable UDP on the home router port forwarding and second change the default IP address 10.0.0.1 to 10.1.0.1 on the stay at home server router. Hope this helps others too. Again thank you!
Do you have Xfinity? For some reason their routers use the same IP Address range as WireGuard ®️ which is why you had to change it. Glad you got everything working! Thanks for sharing!
@@justinreviewsandrepairs5246 exactly I use Xfinity! Don’t mind this extra step and I noticed traceroute that it takes 1 step in my home city before routing to the next steps.
Hey Justin! This is a great video. Though I am not a software expert I was able to set my routers up. But I have been facing a problem and was looking if you could help me. I have configured a flint as my home router and beryl ax as my travel router. When I set the wire guard server up they both connected well and all was fine but as soon as I took my beryl remote with me it wasn’t connecting to the wire guard but again when I got it home it would connect to the flint. Is there something that I am
Missing here?
Usually people have the opposite problem 😆
It is likely that your configuration file is using your local IP Address instead of your DDNS address on the "Endpoint" line. Please double check that you see a domain instead of an IP Address on that line.
If you prefer, you can email your configuration to support@JustinPruett.com
Another quick question: Besides enabling the “Block Non-VPN traffic” option on the client, what else do you recommend for preventing DNS leaks and location tracking? Is it a good idea to enable Encrypted DNS with “DNS over HTTPS” on the client? How about enabling the AdGuard Home feature and checking WebRTC stuff on the browser?
Those are all good suggestions, but also be sure to never share an account on your phone with the computer. If you are logged into an account on both it might share your GPS coordinates!
Just switched to a new ISP and they don't provide a router. I'm using flint 2 for it and I have my slate ax for the trave router.
How do I set up the port forwarding in this case?
That is the preferred way to do it! You can skip the Port Forwarding step since the router is already capable of receiving connections from the Internet when you enable the VPN Server.
@@justinreviewsandrepairs5246 I sent you a donation. Thank you for the helpful videos 🙏
Thank you so much! 🙏 "Block Non-VPN Traffic" is no longer on by default in the newer firmware, I recommend turning it on: docs.gl-inet.com/router/en/4/faq/block_no_vpn_traffic/ reach out any time if you have questions.
I am unable to use port forwarding on T-Mobile Home Internet Router. Have you or are you planning to make a video with ZeroTier (which you mentioned on your notes) and two supported Gl.lnet routers? I have the Beryl Ax and planning to buy another one.
I have been waiting for ZeroTier or TailScale to exit beta since the Exit Node portion is not supported by the GUI. TailScale might be closer to being complete so I might feature that one first in an upcoming video.
Hello! A few questions I hope you can help with:
1. I just got a WiFi6 Router and I'm trying to figure out how to connect to my ISP-provided modem or router. Do I connect my WiFi6 router to the ISP-provided modem or router? The ISP-provided modem only has one ethernet port, and the router has one internet and 3 ethernet ports. If I use this router, should I remove the ISP-provided router?
2. Also, should I use the LAN or WAN ports on the WiFi6 router?
3. On the travel router, how would I connect the ethernet cables? From the ISP-provided destination modem to the travel router? Or ISP-provided destination router to the travel router?
4. Not sure if you know the answer to this, I connected to the WiFi6 router for the first time, and now every internet webpage says "Internet connection is not secure." How would I be able to fix this issue?
5. Lastly, would it make sense to get a static IP address? I ask since how would you know if a dynamic IP addresss changes when you're traveling?
Thank you!!!!
1. Which model GLinet router did you get? The Flint 2 has longer antennas so it could replace your existing router, otherwise you may want to plug the GLINet router into your existing router and do the Port Forwarding step.
2. You give Internet to the GLiNet router using the WAN port so a cable would go from the GLiNet WAN port to the Modem/ONT or a LAN port of the ISP router. You can plug devices into the GLiNet router such as laptops using the LAN ports.
3. You could do it either way. Modem to WAN of GLiNet or Modem to WAN of ISP Router then from the ISP Router LAN to the GLiNet Router WAN.
4. Based on your previous questions, please start by making sure the router is connected properly. Then you can send me a screenshot of what you are seeing to support@JustinPruett.com
5. The GLiNet router has DDNS built in which updates when your IP Address changes so there is no need to pay for a static IP Address. In some cases, mostly apartments, you do have to pay for a static address to allow Port Forwarding because otherwise you are sharing 1 IP Address with your entire apartment complex.
This was extremely helpful TY! So do I absolutely need a VPN to have my Flint stay at home while I use my Slate abroad?
You would be running your own VPN Server using the Flint.
Good evening from Virginia! Could I just buy two of the opal, leave one at home and travel with the other? Or do I need two different ones? Thank you for your response in advance!
You could, but the Opal is the slowest option. If you can afford two Beryl AX that would give you significant performance boost plus you will have the latest features from Firmware 4.
@ I definitely need two though? Or could I get away with just one?
You need one to run the Server and another to be the Client. If you have an existing router or another device that can run the Server you could use that, but few ISP routers have that feature.
Hi Justin! Thanks so much for this video. I'm currently in Puerto Rico, but want to sent this up with a router in Florida and then have a travel router. Is it possible to set this up without me being in the location where the main router is going to be? What's the best way to do that? Also, given that this video is a couple years ago is your rec to go with Flint 2 for home and slate AX for travel?
Yes, someone can set up the server in Florida and send you the "profile" configuration to load into your Client Travel Router.
Yes, the Flint 2 and Slate AX would be a great choice and they are both on sale for Prime Day today. If your remote location is your second home or something like that, you could also get a second Flint 2 for a more permanent installation. Let me know if you have any questions, - Justin
@@justinreviewsandrepairs5246 Thanks Justin. I went for two Flint 2's since my other location is my permanent location. Would the process for setting it up to be more permanent be the same process as you have in the youtube video or would you do something different? Thanks!
It would be the same, but you will likely want to set up Good Cloud on both routers for Remote Management. This isn't part of the video and is not required, but it is a nice tool when both routers are staying connected for long periods of time so you can do a firmware upgrade or change settings from anywhere.
Hi Justin, thank you for sharing this. According to your videos I bought 2 these modems, Opal and Slate. I am a beginner and I have few short questions.
As I understood we don''t need VPN service with two of these?
Could you just explain do we need to fix as you did im the first video related to DNS, which means to put Enceypted DNS, DNS over TLS and Cloudflare? Must we use Cloudflare or it can be Next DNS, does that mean that business data go through some server of the manufacturer? Or is it slower with that?
Thank you in advance.
The idea is to speed up DNS queries to reduce overall latency, which CloudFlare does well. You can use any provider, I just prefer CloudFlare.
Thank you. Can my employer discover CloudFlare or other dns servis if I have it on the modem that I take wirh me as described? Company's VPN on the computer is Cisco anyconnect.
Thank you.
Since the employer has full control of your device, they could potentially, the general idea is to stay under the radar so they don't gain full control of your device and start snooping.
Hey Justin, is there a reason you chose these two models? Thank!
I chose the Opal because I was too cheap to get another Slate AX 😭 but now the Beryl AX is the best budget option. The description has a full list of routers sorted by performance
Justin, thanks for the reply. i am using these two travel routers in the video to do just that port forward my chicago ip address to wherever i am using the internet (ie making it look like I am using my chicago ip) i thought maybe something was reset as well. but i checked the setup and it was the same. i then used my phone as the isp and then connected slate to laptop to test (while in chicago) and it worked showing my ip address as my home address and to make sure i was not on home wifi i then switch the mode on the slate and check the ip address and it shows the ip of the t-mobile tower. could it be the distance somehow? it just doesn't make sense. and now while in st. louis neither the phone or house internet can locate the opal in Chicago...i just get "no internet", but then flip the mode switch and get the local stl ip addresses. i am not using any type of vpn. if this clarifies for you to think of another possible issue i would welcome the feedback. other than that, i would not know what to fix since the settings/setup has not changed.
Hi, I am looking to try this setup tomorrow with the Opal and Beryl. This video seems great and straightforward. I just have one question. Should I disable WiFi and Bluetooth on my laptop? I just want to make sure the company can’t track my location. Is there anything else I should be cautious of with tracking or location?
Yes, also cover the webcam. If you are going to a different time zone you may need to set the time zone on the router to your home time zone depending on the computer.
@@justinreviewsandrepairs5246Thank you! This worked like a charm when i tested it! I am curious of what extra steps I could take to not raise suspicion. Whenever I do a traceroute command I can see the glinet domain as the first point of contact. I don’t think my employer will notice but I’m curious if there’s ways to hide that I’m using a glinet router. Maybe getting a second router from a non suspicious company and connecting it to the glinet travel router?
You could do that or you can dive into the advanced settings of the GLiNet router since underneath is OpenWRT. GLiNet makes home routers so it is not completely uncommon to have a GLiNet Router.
Hey Justin! Thanks for everything you did with this setup. I do have a question though. Everything was working inside my home network. Yesterday, I went to a dealership for a maintenance and I decided to bring my wireguard client Beryl AX with me to test it out outside of my home network. I left my wireguard server Berly at home basically. There was no issue with connecting to the dealership's wifi via my wireguard client, didn't have to deal with a captive portal or anything like that. The issue I had started when it came to enabling my wireguard client on the dealerships wifi. It kept stuck at the status saying "the client is starting please wait". When I checked the logs I saw an error something like this "user.notice firewall : reloading firewall due to ifdown of wgclient". Do you have any idea what causes this issue by any chance? Should I add the every IP address of the network I am in to my router first and then enable wireguard client? Or is it something else? Thanks!
If it works from another network such as a hotspot or friends network, then it may have been the dealership blocking traffic because it was not http traffic on port 80 or 443. If you are in the United States I have been having decent results from Dish's Project Genesis 5g hotspot for just $20/month
The forums might be able to offer some suggestions forum.gl-inet.com/
Thanks Justin. Yeah, I think I need to try this at my friend's house first. This might be related to the dealership only like you said. I will try again and let you know! Thanks again! And yes, my phone hotspot just works fine with wireguard client enabled.
hi @@orkunsaglam5556 I am running into the same issue; I am testing mine on the library's wifi. Did you find a solution for it?
I have 2 questions and would appreciate your help.
1: I work as a Cloud Engineer and need to be able to SSH into AWS/GCP services while using a company VPN(FortiClient). Is it possible to use this setup and then still be able to use Company VPN?
2: The Slate AX device would still need to be connected to local wifi/service to connect it to Beryl AX back home? Does it need to be ethernet or a wifi device from a local service provider would work?
Thanks!
1. The VPN is running on the travel router so you can continue to use your company VPN as normal.
2. Yes, the Slate AX will need Internet. Ethernet is preferred but the Slate AX has WiFi 6 which is very fast if the router you are connecting to also provides fast WiFi.
Hi Justin, thank you for this video! I have come across many other travel remote videos but did not realize that I would need to purchase 2 routers. I was under the impression based on previous videos I have watched that I could use my home/residence router and a router for travel. I have purchased the GL.iNet Slate AX1800 Router but it seems as if this will not be enough to mask my location. Is my interpretation correct? Any additional insight or advance would be greatly appreciated. Lastly, do you know how far or the range the GL.iNet routers cover abroad? Meaning, do you know if they work in most countries or not? And to double check, all configurations need to be made before I travel correct?
If your existing router supports WireGuard®️ such as a Ubiquiti UDM router, or if you have a device such as a QNAP Nas that supports it, you can connect to those. Many people do not, so a second router is necessary. If your company allows it, you could also use a commercial VPN provider such as NordVPN or WindScribe then you wouldn't need a second router but you wouldn't be using your actual home IP Address in that scenario.
That will be completely dependent on the Interference where you stay. If your room has lead paint, that will severely decrease range or if there are lots of other signals causing congestion. In general it works great because it has WiFi 6.
Yes, you should configure AND test before traveling.
Thank you so much for such a thorough response. I will be attempting to try this on my own this weekend. Will me luck lol. I will check back with you and the comments if more questions arise.@@justinreviewsandrepairs5246
Hello, it's me again lol! I am running into a few roadblocks and I think it might be due to the router I am trying to connect to. I have the grey slate router that is featured in the video. Upon further investigation, I see that my home router which is a Netgear Nighthawk AC1750 Model: R6700v3 supports VPN / port forwarding. However, I am having trouble trying to connect the two. I want to use WiredGaurd, but I do not see it as an option. If I add a VPN to this router and take my slate router with me for travel instead of buying the second one featured in the video, would I be able to connect to my home internet seamlessly from abroad? I have NordVPN as well. I hope this makes sense. Thank you so much indance for taking the time to respond to my inquiries! It means a lot.
@@aten6656 make sure you have the latest firmware on both devices. If your Netgear supports WireGuard ®️ you can use it as the server. Otherwise I believe Netgear supports the older and slower OpenVPN.
Hi Justin
Can you please do another video with ZeroTier technology? The new router models comes with the software pre installed
It is unfortunately still in Beta. TailScale is also in Beta but at least one person was able to set it up manually. The easiest option right now is to use TailScale on a computer that stays home to be your exit node then you can use TailScale on the Travel Router to have a similar setup as WireGuard ®️ without Port Forwarding.
Is there a way to access the server UI remotely just by doing this? Or do we need to configure something extra?
You should set up the GLiNet GoodCloud service for remote management since you would lose access if you were managing the Server directly in some situations.
How do I get the travel route to connect to an AP with a captive portal? How do I get past the credential entry page?
It's honestly not easy, but it is possible. Cloning the MAC Address is typically the fastest way and is listed as the second option in this guide: docs.gl-inet.com/router/en/4/tutorials/connect_to_a_hotspot_with_captive_portal/
Can I use two of the same routers for the home device and travel device? Or do I need both of these two routers? Can I just connect to my home router without an additional travel router?
Yes, you can use any combination of routers that support WireGuard ®️. A list is in the description of many GLiNet options. If your home router supports WireGuard ®️ you only need a travel router. Most ISP routers do not support WireGuard ®️.
@@justinreviewsandrepairs5246 Great! Thanks for the helpful info and great video! 😎
Hi Justin,
First, I want to thank you so much for the detailed step by step tutorial. Like most people here I happen to encounter the most common issue - I can’t start the VPN WireGuard Client on the travel router despite setting up the server/port forwarding.
Some background, I have Verizon and even after setting up port forwarding, I run the DDNS Test I still have 2 different IP Address and the same warning - from DDNS Domain Resolution is the same as my ISP Public IP, but the WAN Interface Ethernet is still the same one it was assigned initially.
Look forward to hearing from you and thanks once again!
Edit: Turned out I changed from TCP to Both in the process of Port Forwarding set up and everything started to pick up and worked out fine now.
Yes, some people have to select UDP only, but "Both" works for many. Glad everything is working now!
@@justinreviewsandrepairs5246 Just a follow up question - I expect a big drop in connection speed but what would you estimate the speed to be if I were to be in very long distance (thinking US-Asia Pacific)?
You can estimate using the latency values from wondernetwork.com/pings between two cities. If it is above 300 your speeds will drop significantly
@khanhly-courtleveltennis how were you able to set the port forwarding in Verizon? I'm also using both in the process of port forwarding but it doesn't seem to work .... did you call verizon?
Thank you for the video
I want to ask you if I enabled DDNS on the GL.iNet router, do I still need to enable it on the first router, for example, by taking the DDNS address and putting it somewhere in the first router's menu . Note that my ist router has a dynamic ip
DDNS should be enabled on the router that is acting as the Server (the one that stays home).
Hello Justine, Thanks for this video , I've recently purchased a GL-MT3000 / Beryl AX router and I'm attempting to configure it as a travel router. My current setup includes an ISP router that provides internet access. Is it feasible to set up the GL-MT3000 / Beryl AX as a travel router in this scenario? Or is it necessary to have two routers, with one being the home router working alongside the ISP router?
If your ISP router has WireGuard ®️ built-in you can use it, otherwise you will need a second device to run the server.
@@justinreviewsandrepairs5246 Thank you for your prompt reply. I've ordered the GL-AXT1800 (Slate AX) to use as a travel router and plan to configure the GL-MT3000 / Beryl AX as my home router, following your suggestion in the video. I'll provide an update here once I receive my order from Amazon. I'll let you know if this setup works well. Thanks again!
Despite implementing the suggestions provided, including port forwarding on my ISP router and experimenting with "UDP", "both" options, and trying various combinations of IP configurations across two different internet connections, the setup still did not work for me, as I continued to encounter a JSON parser issue.
Please email me a screenshot of your ISP router Port forward page and the Server Travel Router Internet page that shows the IP Address of your connection locally. support@JustinPruett.com
I suspect your home router might be on the 10.0.0.x network which would cause a collision with the default WireGuard ®️ setup. The solution would be to change the WireGuard ®️ default network address range.