Set Up Secure VPN in Minutes with GL.iNet Routers!
Vložit
- čas přidán 30. 06. 2024
- It's incredibly easy to set up a client/server VPN using the GL.iNet Flint 2 at your home or office and the Slate AX on the remote side. In this video, I walk through the entire setup start to finish to make your life easier!
Product link: link.gl-inet.com/Flint2-Cross...
CHAPTERS:
0:00 - Intro
1:21 - Network Overview
2:10 - Flint 2 Initial Setup
8:16 - Flint 2 VPN Server
12:23 - GL.iNet Slate AX Router
17:54 - WireGuard VPN Client Toggle Switch
19:19 - Final Thoughts
*** This video was sponsored by GL.iNet
-------------------------------
Buy me a coffee! ko-fi.com/crosstalk
Crosstalk Discord: / discord
Follow me on:
- Twitter: / crosstalksol
- Facebook: crosstalksolutions
- Instagram: / crosstalksolutions
- TikTok: / crosstalksolutions
- LinkedIn: goo.gl/j2Ucgg
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit www.CrosstalkSolutions.com for more info! - Věda a technologie
I got my Beryl AX today. Great devices!
I’ve had the slate axt1809 since 2022. Really handy device when traveling. Being in IT for the past 17 years, I’ve been to a ton of conferences. I’ve always bring my own router. lol. Bring it on vacations as well. Great device!!!
Much appreciated this video! I'm using the Teleport VPN feature between my local and remote Amplifi routers, which doesn't require the same amount of setup as this. But, there are questions about whether the Amplifi line is going to continue. If they do end it, now I have an option, thanks to you!
Great vid! In Daytona Beach FL area Metronet 2GB service ($75/mo) on the Flint2 2.5Gbps WAN port. I use the 2.5Gbps LAN port into a 5 port 2.5Gbps LAN switch for all my clients. Also has 4 1GB ports, I use one of those for my cheapo 8 port 1GB switch for my many non 2.5Gb devices.
Maybe should also mention what get routed through the VPN by default? Does all traffic go through or just traffic destined for the remote subnet. With a manual Wireguard config, the AllowedIPs setting determines that, 0.0.0.0/0 means all traffic goes through the tunnel whilst something like 192.168.0.0/24 means only traffic to and from that subnet goes through the tunnel.
What a great video. Thank you for all the information and the step-by-step instructions. So if I did, this, and I used my travel router in, for example, Mexico, would my Internet traffic from Mexico appear as if I’m actually back home in the US?
Also, do I have to use the GLI net brand of router at home, or can I use my existing Netgear for the VPN server part?
Great content. I've been using travel routers since the TP-Link TL-WR703N in 2012. Have you tested DNS leaks with or without the AD Guard? Some TV streaming services will block you if they notice DNS leaks in a foreign country, which I have encountered with my GL-MT1300 after a firmware upgrade.
both have Tailscale so that can overcome issues with CGNATs. Tailscale also helps connect an IP cam on the travel router side to my NVR at home
I used the GL.iNet GL-MT3000 (Beryl AX) router configured with OpenVPN. I can travel with my home Market (New York) shows and sports teams.
It would be awesome if you did a video on using the travel router with unifi as some of us watch your channel for the unifi content.
Great video. I've got a GL.iNet Slate Plus which connects back to my Unifi Dream Machine Pro. I take this with me whenever staying away, and therefore get to connect to the internet securely from my home IP address wherever I am in the world. 🙂
Has given you any issue with alerting your IT department?
Please cover the zerotier/tailscale option in another vid :D
I've done a full tutorial on Cloudflare Tunnels! Check it out!
@@CrosstalkSolutions I was thinking about the menu with tailscale that it shows in the router. perhaps it can help people with the "server" behind cgnat :)
I mean there’s really not much you need to do for tailscale, just enable it, login, and it should start working.
@CrosstalkSolutions I'm getting my devices soon, wanted to ask how I can connect a work laptop that already has a VPN on it
Im just gonna leave a comment to say how insane these routers really are, 100$ on amazon and you have a built in vpn router thats great, ive been using it to work remotely for 7 months now with 0 issues.
For real? Is this a AD?
I'm really confused. Can I use my existing home router or do I need a second one? I already bought a travel router. I tried looking everywhere on the internet and asked around :(
Do you happen to have any other recommendations for home routers other than the Flint 2? I wanted something with faster speeds and with wireguard enabled as well.
Good question. I'm using this now with Metronet 2GB service on the 2.5Gbps WAN port, and the 2.5gbps LAN port into a 2.5g lan switch. But faster cpu would be nice, but connectivity is high speed.
Nice video Chris! I'm familiar with the Beryl. Very handy! So we have family staying w/us -their house is under repair. My brother wants to add his Flint routerto my Unifi network.... How do we set up this up ? I've got a UCG Ultra, USW 8 lite... Do we connect UCW LAN Flint WAN to LAN on UCG or USW 8 Lite? Do I create a VLAN for the Flint??
Thanks!
I had issues setting my up, luckily my friend work in Networking. He was able to set mines up. After he did it, I noticed how easy it actually is. Let me know if I can help
Hello, I followed all the instructions (which were terrific) for my GL AX-1800 Slate 1 and the GL-A1300 Slate Plus (travel router). I'm using Wireguard and have green lights on both sides, yet, on the travel router I have no internet while on the VPN. Upon disabling the VPN on the travel router I have interent. Any guidance appreciated. Tx.
had issues setting my up, luckily my friend work in Networking. He was able to set mines up. After he did it, I noticed how easy it actually is. Let me know if I can help
Is there any difference with the settings for a Flint 1 as the master? vs Flint 2
Download speed at client router depends on upload speed of your Comcast’s or T-Mobile home internet, i am confused please clarify
I have Tailscale running on a NAS on my home network with port forwarding. Just ordered the Slate router. Could I connect the Slate router from hotel on the road to my tailscale connection on my home NAS and access the data on the road?
Also wondering about this. My unraid is running tail
scale exit node
Whats the max speed as wireguard server from Flint 2? Would Flint 2 be better as a wg server than Slate AX? How much would the difference be if so?
I have the flint 2 with me but I already have the beryl GL.iNet GL-MT3000 in a different state where I need to have it, my question is do I need to have with me in the house to have it configure?
I got yellow not green at the end. I have tried multiple times by reseting and following the steps again but still the same. Any help?
support@gl-inet.com (Email them)
I had the same issue but luckily my friend is a Network Architect and he came over and set it up for me. It's actually not that difficult. We set mine up 2 weeks ago. Got the Flint 2 at home (att fiber) and Beryl AX. Travelled to Dominican Republic. Plugged into router via LAN. Ip showed I was at home. I also went an IPleak site and after 4 hours IPs pointed to my city. I also turned off my wifi, and bluetooth. I connected keyboard and mouse via usb and used ethernet to connect to my beryl ax travel router.
@@saiynbrosxxyeahxx2258 Can you or your friend help me please? If you can just walk me through how to fix it, that would be really helpful for me and others who have the same issue.
I just came back from Dominican too haha, i bought the device for that vacation, but unfortunately it didn't work. I was thinking of returning it but if i can find help, i would keep it cos it will be useful again some day.
Great Idea to use Flint to provide Wireguard server. I have a problem in that my internet provider also provides my TV service and that means the primary router is theirs, and my flint is a secondary router that provides my original "old network ID 192.168.2.0". So how do I set up my DDS go thru to my secondary flint router. Doug
My IPS's is a cable modem and I put it in bridge mode. See if you have the same option.
ty so much for ur great video its really serve great help i have a question to u hope u can assist me . my home & my main devices ' &network based in Israel & due to my work i live in Bulgaria so in order to use some of my programs & the Israeli TV i use urban VPN via my laptop & connect to my israeli computers via Anydesk . do u think if i will buy travel router thats inc VPN one like Gl. inet gl mt300n/v2 MANGO i can setup VPN which will work at all times on a local Israeli ip address ? & will allow me to connect to my local israeli network couse thats exactly what i need VPN SERVICE that will let me able to connect from Bulgaria to my local network in Israel thanx
Yes sure, you can. But man... don't buy the cheapest one. It is great for testing, but the bandwidth is not great. One router/pc at home to host your VPN server and one VPN client -travel router, here in Bulgaria, and all connected devices to the travel router will appear to be in Israel.
Is this gonna help me hide from my employer while working remote? Any other opsec or killswitch to be aware of?
I set mine up 2 weeks ago. Got the Flint 2 at home (att fiber) and Beryl AX. Travelled to Dominican Republic. Plugged into router via LAN. Ip showed I was at home. I also went an IPleak site and after 4 hours IPs pointed to my city. I also turned off my wifi, and bluetooth. I connected keyboard and mouse via usb and used ethernet to connect to my beryl router.
On the hotel router, is it better to hide SSID or not?
I've never hidden the SSID and I've never had an issue.
A dum question. what is a combo wan/lan port for? Can I use a cable to connect my computer and WAN/LAN port?
It means that port can be either a 2nd WAN port (for dual Internet connections) or a regular LAN port. It’s a setting in the GUI.
does it automatically rotate its WAN MAC/BSSID periodically so that it can't be used to geolocate the user over time?
Currently the gl.inet stable firmware does not. May 24th gl.inet published a blog post stating that the feature would be added to their products over the next 3 months and gave the order in which products would receive the feature. The blog post also gave directions for steps to take in the meantime to help mitigate BSSID tracking. I have a Beryl AX router which is among the 1st batch of devices which is supposed to receive the feature. The current beta firmware for my device, released June 6th, does have randomized BSSID support.
I have a PiVPN running on my raspberry pi4, I tried to use my beryl ax as a client and it did not work. I tried it with the mobile app then uploading the config file and it still did not work. Is it only compatible with another GLi hardware?
I work at a big tech company.
I’m fully remote, but not allowed to travel outside the country.
This same method should allow me to connect to my home network so I can be in London for example but my work laptop would be showing im still home in the states right?
Yes indeed. I set mine up 2 weeks ago. Got the Flint 2 at home (att fiber) and Beryl AX. Travelled to Dominican Republic. Plugged into router via LAN. Ip showed I was at home. I also went an IPleak site and after 4 hours IPs pointed to my city. I also turned off my wifi, and bluetooth. I connected keyboard and mouse via usb and used ethernet to connect to my beryl router.
had issues setting my up, luckily my friend work in Networking. He was able to set mines up. After he did it, I noticed how easy it actually is. Let me know if I can help
Reply
@@saiynbrosxxyeahxx2258 what issues did you have?
Did he explain how to set up the open port for the main provider modem? I think he missed explaining that part.
Great Job, why do you need 2.4GHz ?
The 2.4 GHz gives you more range and passes better through walls and other physical obstructions. Also older devices or cheaper devices don't have 5GHz connectivity.
17:11 What to do if the VPN connection never gets established and the light never turns green. It continues to light up as orange?
What about people with CGNat at home?
dumb question and sorry but im not super tech savvy but I just bought a GLinet router the beryl MT3000 ax
do i need to subscribe to a VPN service like NordVPN or ExpressVPN? are there any free ones or better yet does the router I bought give a free one?
Nord could be installed on the router, which would keep your internet private from your ISP.
@@goodcitizen4587That is no good for work. They use tools like intune which flag public VPNs !
Make a VM in azure or some cheaper cloud and set the VM in the region you need it thevon. This a step forward.
Only the most secure jobs will detect that. Its best to use reditential home IP though.
Hi Chris, excellent video. I ordered the products and followed your step-by-step.
Things went great until I uploaded the configuration file to Slate. The dot remains orange and the client is unable to actually start.
Any videos or content on troubleshooting this? Alternatively, if anyone can help 1:1, I would owe you big time and am happy to pay for your services. Thanks all. Cheers
had issues setting my up, luckily my friend work in Networking. He was able to set mines up. After he did it, I noticed how easy it actually is. Let me know if I can help
Reply
@@saiynbrosxxyeahxx2258 good afternoon, I’m trying to do the same set up but I’m too having issues with the orange dot. Can you help?
I’ve a pair of Slate AX and without a Public IP (Fixed or Dynamic) I’m not able to set-up any VPN Server (Wireguard or OpenVPN) !? neither I’m Not able to make the DynDNS work !?
Do you know how to configure the VPN Server & DynDNS under a NAT, double NAT or CGNAT ???
Use tailscale or zero tier, it’s an option on the router
If you don't have zero tier or tail scale, and the vpn server is not double NATed or behind CGNAT, you can just use your current WAN's dynamic IP address (add that into the config file - open it with a text editor and make the adjustment - Googling wireguard configuration settings will show you where to place it) just to see if you can get the connection working.
What amazing luck that you just posted this video! I've been trying to figure this out all day.
I have one quick question if thats alright :,)
in your video at 9:06
once I establish my wireguard server...I lose internet access. once I turn it off I get that internet access back. I've followed your steps as closely as possible but it seems no matter what I do, my internet access gets cut off a few moments after I establish my wireguard server. Any idea why? or how to fix this?
Thanks!!
oh! and I have a dynamically assigned ip address
Are you sure it is working, if you don’t see the handshake being established or data being transferred, then the set up did not work
@@tama47_ Everything seems to be as is in the video...except once I turn on my wireguard server...I lose internet access after about 15-20 seconds every time. Do you have any idea why this might be? what do you mean handshake?
@gbeepee9995 he skipped a step that some of us needs. On your home ISP modem, you need to do a port forwarding for the Wireguard server.
@@rendezvu175 Better yet, put the ISP gateway into bridge mode, so that its routing functions are disabled, but the modem portion is still active. This way, port forwarding from the ISP gateway will not be necessary and double-NAT will not exist.
It would make more sense with an overlay network, no hassle with CGNAT or DDNS..
ASUS routers with Merlin firmware are also capable of this.
What the feature called on Merlin firmware ?
Don't you have to open port 51820 on your Comcast modem that your AXT is using?
It depends on where your WAN IP lives - if it's on the Flint 2 directly, then you don't need to open anything up...it's done automatically. But if you are double-NATting through another router (like your ISP's equipment), then you may have to port forward. Though, to me it would be a better use of time to contact your ISP and have them put their equipment into bridge mode.
will this "trick" Hulu into thinking I'm at home and allow me to watch my live local channels from Hulu on a Roku device??
"DHCP pool size... of 150 IPs. That's, kinda small..." SMALL? how many devices do you have?!?!?! My god!
I have the flint 2, somehow I can't access my LAN remotely. They've said wireguard is much simpler to setup than tailscale...I'm experiencing the opposite. Tailscale allows acces to lan but wireguard wont. What gives?
I had the same issue but luckily my friend is a Network Architect and he came over and set it up for me. It's actually not that difficult. We set mine up 2 weeks ago. Got the Flint 2 at home (att fiber) and Beryl AX. Travelled to Dominican Republic. Plugged into router via LAN. Ip showed I was at home. I also went an IPleak site and after 4 hours IPs pointed to my city. I also turned off my wifi, and bluetooth. I connected keyboard and mouse via usb and used ethernet to connect to my beryl ax travel router. Ping me if you need assistance
I get to the end of the setup and add new provider and file and the light stays yellow....it doesn't turn green....Any suggestions?
Me too! I have tried everything but still showing yellow not green :(
@yk-lash Hopefully someone can help us with this issue
@crosstalksolutions I see a couple people are experiencing this problem. Are you able to shed some light on a solution? Thank you!
Im only getting a yellow sign, it doesn't show green , is that normal ??
It has to be green. Did you generate the config file? If you did you probably need to enabled DDNS if the client can’t resolve the DDNS name of the server.
I can't see VPN menu option on my MT3000 router. Why?
Updated your firmware?
For Business we can get static IP how about for residential purpose
As long as your internet service provider is not using CGNAT and you are not double natting the router, turning on the DDNS generally should solve it for you.
In the GL.iNet forums, they did note there was a little bit of trouble with that service, but as far as I know it's being tweaked and working now again. Worst case scenario, just look at what your current dynamic IP address is and insert that into the configuration file before you first upload it using just a text editor to modify it. And if I'm not mistaken, Even if it's not being modified, I think you can go in and edit it once it's been uploaded to point at your current dynamic IP address. If your IP address changes and you can't connect, once you know what it's changed to, you can log back into your travel router and just edit it to the new IP address.
I did same exact steps but my Wireguard Client is still in orange and not turning to Green..
Wi-Fi is strong with 200mbps
I had the same issue but luckily my friend is a Network Architect and he came over and set it up for me. It's actually not that difficult. We set mine up 2 weeks ago. Got the Flint 2 at home (att fiber) and Beryl AX. Travelled to Dominican Republic. Plugged into router via LAN. Ip showed I was at home. I also went an IPleak site and after 4 hours IPs pointed to my city. I also turned off my wifi, and bluetooth. I connected keyboard and mouse via usb and used ethernet to connect to my beryl ax travel router. Ping me if you need assistance
Having the exact same issue, all perfect up until the last step where my client remains Orange, any way you could help me out?
OR you can just install Tailscale on your devices without paying a dime or messing with router port forwarding
Slate AX vs Beryl AX?
Almost identical except the Slate AX is slightly bigger. The Beryl AX has a 2.5Gbps WAN port + 1Gbps LAN port; the Slate AX has 1Gbps WAN port and 2x1Gbps LAN ports.
Beryl AX
Slate AX has more CPU power so decrypting VPN traffic will be better performing. The prices are almost the same, I dont really know why anyone would buy a Beryl over a Slate at this point. Maybe someone can enlighten me?
@@mattbradley1716 When will you ever get the advertised 550 Mbps over a WireGuard connection on a travel router? I’ll gladly save anywhere between $30-$40 on a travel router that I wouldn't use that often anyway. Also the Beryl AX has newer CPU, 2.5Gbps WAN, smaller form factor, and is just a more modern product in general.
Mine doesnt connect. Very frustrating
Same issue try to connect the VPN client but the WireGuard doesn’t turn green
Just buy a cheap mini PC, install TailScale on it, and make it run 24/7
Obviously this tutorial is for people with the gl.inet routers...
...and configure Tailscale to use it as an Exit Node, you mean? I'm gonna try this with an 8GB Raspberry Pi 5.
Why not tailscale?
That was my first thought. Leave the excess hardware and complications at home.
Cuz if you’re not behind cgnat, there really isn’t any benefit to using tailscale. Using a vpn will be the superior way.
@@tama47_ Thankyou. According to Tailscales's web site : " Tailscale assigns every one of your nodes a private IPv4 address. We do this from the CGNAT range, which is typically used by ISPs that have run out of public IPv4 addresses. Starting today, you have control over what IP address from that range is assigned to your nodes. This gives you the ability to decide what subset of the CGNAT range your tailnet uses to avoid conflicts with other applications. "
Not all the Internet Providers offer public static Ip
Which is why I took the time to explain DDNS for folks who have dynamic IP's from the ISP.
@@CrosstalkSolutions I think you misunderstood. I have to pay some 80 CZK for unshielding my IP from my ISP's firewall (which provides me static IP, btw), otherwise, I'd be firewalled and wouldn't be able to receive any new connections on my equipment, only established/related ones.
its all very well but if your behind CGNAT your screwed!
Ok… so he must be talking to those of us who aren’t behind CGNAT, not you. Plus, I think there are fixes available to get around CGNAT if you really need to… granted they’re subscription based solutions, but they do exist.
If the server is behind CGNAT, then yes - this won't work...but in this demonstration, the VPN client device WAS behind CGNAT and it worked fine.
@@CrosstalkSolutions yeh, for me it doest work as im behind a CGNAT on both ends.. so frustrating!
Tailscale works great even behind CGNAT.
What's cgnat and is Comcast gonna work?
To secure you network with China band router? 🤔
How secure you are!!!???
Why not introduce how to use Ubiquiti Unifi Express as travel router? I'm happy with Unifi Express as my travel router 👍
Too bad, your phone and all your devices are made in china too
That's a cool idea. Not trying to be argumentative or anything, but where are the unifi Express routers made? Would this not be similarly problematic?
@@Greg.M Which you going to trust Huawei switch or Cisco switch? Both are made in China
Creating this VPN can be done in Unifi just as easy. Just a sponsor video. Dont se any benefice of using whatever product to produce the same result as unifi
I have both products. I must admit that the GL.iNet setup is pretty damn easy. With their built-in DDNS option, it becomes pretty compelling for those that are a tiny bit more tech savvy than the vast majority
I don't have a UniFi Express hence the question. Are you able to connect using a repeater mode like the GL.iNet routers? Some hotel rooms I've been in don't have a working ethernet plug and so the only way to connect is via Wi-Fi. So are we able to connect to the hotel's Wi-Fi using the UniFi expresse's mesh functionality? Is that how that works?
very expensive, focus on mikrotik
Mikrotik this, mikrotik that. Tried looking at them before. Unless you have PhD in networking, I don't even have a clue what to buy from mikrotik.recently bought glinet router and what a pleasure to use. No complicated menus. And it just works. I'm not working for glinet, just had to get through so many hurdles setting my home office network until I found glinet routers
No, you focus on Mikrotik
expensive is relative.
@@lenanaH mikrotik cool
17:11 What to do if the VPN connection never gets established and the light never turns green. It continues to light up as orange?