Hi all, I’m hoping someone can help guide me through this setup. I’m using two GL.iNet Mango (MT300N-V2) routers to create a VPN bridge so I can work remotely while abroad. Here’s the situation:
Router A (UK): This one will stay permanently connected to my home broadband in the UK. I want it to act as the VPN server so that all my internet traffic from abroad routes through it, making me appear to be in the UK.
Router B (Abroad): I’ll take this one with me overseas (Indonesia) and set it up as the VPN client. My work laptop will connect to this router (via Wi-Fi or Ethernet), and all traffic should tunnel back to the UK router.
I’ve plugged Router A into my broadband router and connected to it via Wi-Fi, but I’m struggling to access the admin panel at 192.168.8.1 despite following the setup guide. Once that’s resolved, I’ll need to configure WireGuard (or OpenVPN) properly to ensure the two routers can connect smoothly once I’m abroad.
My key questions:
Any tips on why I might not be reaching 192.168.8.1 while connected to the Mango’s Wi-Fi?
Best practices for setting up the VPN server on Router A and the client on Router B (step-by-step guidance would be amazing).
How to export/import the VPN config file to make the connection seamless later.
Any other troubleshooting or performance tips to ensure stability while working (e.g., VoIP calls and booking systems)?
Thanks so much in advance, I’m fairly new to this and appreciate any help from the community! I just don't want to run into any issues when I am in Indonesia aha
It sounds like you're still using the stock gl-inet firmware (based on the 192.168.8.1 address you mention).
I would recommend that you start with an upgrade to the official OpenWrt firmware:
I don't know since you are probably using their firmware. I'd recommend performing a factory reset and not connecting it to an upstream network. Instead, just plug your computer directly into the lan port on the device. Then you should be able to connect... and you can install official OpenWrt.
Use the WireGuard road warrior configuration tutorial for OpenWrt. This will do exactly what you want:
It's only a few parameters.... you can copy them with the gui, ssh, or scp.
It should be pretty simple -- all traffic should tunnel through. The biggest thing is to make sure that the three subnets involved (your home network, your wireguard tunnel, and your travel router that you have with you) are all uncommon enough as to not be likely to conflict with the 'local' subnets to which you will connect while on your trip. Obviously, it's important to use RFC1918 address ranges, but you can select ones that are a bit more obscure.
Just to note - if you're using a company provided laptop for remote work - most likely they can see the public IP of your hotel on the beach in Indonesia...
And IT teams are getting more aware of this due to remote North Korean IT workers remoting in from the DPRK...
That's the reason to use the travel router to create the tunnel. As long as the tunnel is up (and a "kill switch" is implemented such that the local lan cannot reach the internet without the tunnel), the devices connected to the travel router (and the services to which they connect) will not be able to determine the IP address of the hotel's connection. The tunnel will make all devices behind the travel router appear as if they are originating from the OP's home.
Now, there may be other mechanisms that one could use -- a cellular and/or GPS equipped device (such as a phone) would be able to detect the exact location of said device, despite the tunnel, and that could be used as the basis for service limitations and/or 'alarms' to the IT department. Sometimes, this can also be achieved by looking 'wifi positioning system" information/databases. The extent to which any individual company (or app/service) will do this will obviously vary, so YMMV. But the IP address from which the traffic appears to originate will always be the OP's home.
Ultimately - OP is trying to defraud their employer for remote work - this is something they can and should work out with them...
Going back to company issues laptops and telemetry agents - consider them full of company issued spyware - looking at your access times, key strokes, screenshots - it's only a matter of time before that remote idea starts to fall apart - one says they're in Boise, ID (USA), but IP's show up over in Phuket, Thailand...
That is not necessarily the case, nor is that anything that this community needs to police (we would be concerned if the op was asking or advising to do things that are illegal). We also don’t know of the work computer is being used for accessing services and/or content only available in the uk (company resources or otherwise). This is between the op and their company.
At the end of the day - it's just a tool - what one does with that tool -- up to them. It's like the old saying - hammers don't kill people, people do - so should we bad hammers?
Getting back on thread - OP can do what he wants, if he gets caught, it's his problem...
Thanks a lot for your help; it is genuinely appreciated. Everything’s working now and tunneling correctly through my UK router. Cheers for keeping the thread constructive
I came here for tech support, not assumptions about my intentions. Throwing around words like “fraud” without context is unhelpful, especially when you don't know the full situation. If someone’s trying to work remotely and needs a secure tunnel, it’s not your job to speculate or pass judgment, it's a tech forum, not a courtroom. Maybe keep that in mind when replying next time.
If you had a "hard" need to be more that just remote, that is an easy thing to sort out with your management team - one shouldn't have to resort to what you're attempting to accomplish.
Most management teams are sympathetic to things like family emergencies, where one might have to travel to be with their loved one in the time of need.. note this would be a temporary thing, as if it were long term, this gets into things like payroll taxes and what not depending on the country/state/province/etc you register as home, and where you are on extended remote.
The extended approach you were looking at, this is actually very similar to the DPRK IT remote worker scheme - where they work in the DPRK, but VPN into a Laptop farm based in the US.
Hence the comment - it does raise concern about being the "extended" remote session...
So perhaps, take it all in context - I was trying to illustrate something that could keep you @Turinturambar out of trouble - feel free to thank me later...
