WireGuard on Cellular Router

Hello, I'm new and I've just read
good-arm-router

I am searching for any Cellular Router that I can access remotely using WireGuard VPN.
The Milesight UR75 meets my desired spec, but I'm not sure if I can install WireGuard on it. I am also unsure how to access it since a simple ssh admin@192.168.1.1 lead nowhere.

The reason for WireGuard in particular is that I access my NVIDIA Jetson with WireGuard VPN, and the Internet is provided from a Cellular Modem today; however I am not able to connect directly via VPN to the router. Today I SSH to my Jetson Device and from there I can access in on the local IP. I want to improve this by adding the router to my VPN.

Any suggestions to a Cellular Router?

Which device is it? Does it present the public IP address to the device behind it (i.e. a bridge), or does it use the public IP address itself and present a local IP address to the device behind it (i.e. a router)?

Reading between the lines, it sounds as if you want to be able to connect to your network securely from anywhere (hence the VPN) and, while connected, manage the router (so need to permit router management traffic across the VPN). And you want to know what device(s) could help you achieve that goal.

Is that an accurate summary, or have I misinterpreted your requirement?

The router I use today presents a local IP address that I can access from my computer (which is on VPN). I have a SMS way of pinging and doing simple DIO-changes directly to the router, but I would like to reach it in a similar manner as I reach my machines E.G. username@vpn_ip

Your summary is correct :+1:

A diagram would help readers picture your layout (see my profile for a good, free diagramming tool). Ideally it would contain subnet and IP address details, interface names, and makes/models of each pertinent piece of equipment.

Does any of your equipment already run OpenWRT?

As a picture paints a thousand words, here's an example to give you some ideas. The LB2120 is a 4G-Ethernet router/bridge which takes a SIM card from a cellular provider. I have one in my network so I've used it in this example.

The most important thing to know first is: Do you get a public IP address from your cellular provider? If not, you will not be able to access it remotely, no matter which router you use (unless you have an external system that is accessible from both networks and closes this gap).

The cellular ISPs in my country all provide you with a CG-NAT IP by default, but you can request a public IP if you need one.

That said: There are some quite good ZTE routers, like the MF28x series. There are very cheap branded devices (e.g. MF282, MF287+) or unbranded ones (MF286 ...). You can run OpenWrt on them, but some require disassembly for the initial installation. Some are older ath79-based devices, some are newer ipq40xx-based devices.

My read of the OP's request is that he's already got a working VPN, and uses his Nvidia gizmo as a jump box/bastion host to manage the router; he wants to be able to manage the router directly without first going via the Nvidia box. But I might have misunderstood.

1 Like

You are probably right on this, then only the second half of my answer applies :slight_smile:

1 Like

@iplaywithtoys you are complety right!
I already got a working, WireGuard, VPN and I can access my Nvidia Jetson ARM computer. However, to reach the router I first have to SSH to my machine, then I can access my cellular router.
I am searching for a router that would allow me to SSH to it directly.
I'm thinking a router that runs a Linux OS, maybe something like Ubuntu 20.04 where I can install WireGuard, perhaps with the command sudo apt install wireguard and from there I know what to do.

Be aware that this is a forum specifically for OpenWRT, so you may or may not get the answers you seek if what you want doesn't entail OpenWRT in some form.

That said, many forum members have loads of different toys at their disposal and may be able to offer advice outside of OpenWRT.

Thanks,

:crossed_fingers:

See my suggestion on the ZTE MF28x devices above. However, you didn't specify your requirements on the cellular modem (LTE? 5G? speed?) and the routing capability. What are your requirements?

The router must be of compact size and suitable for cabinet mount.
It must have the ability to be used in as a Cell modem in Gateway mode or as Wifi connection in an AP Client mode.

GENERAL:

  • WAN port + minimum 3x LAN ports
  • Status lamps for SIM, LAN, WIFI, Cell reception
  • 12-48VDC or 12/48VDC power
  • Antenna SMA connections 2 x wifi and 2 x cell (possible 1 x GPS)
  • Nice to have: GPS clock or installed clock battery
  • Rugged design
  • Temperature limits -10degC – 40degC
  • No IP (water/dust) protection required

CELL

  • Dual SIM. Possible to enable/disable SIM1/SIM2, give priority to SIM1 or SIM2
  • 2G/3G/4G LTE (also 5G if available) with bands for Europe, North America and South America
  • SMS function to set high/low signal for relay control. Only configured phone numbers are allowed to send commands

WIFI

  • 2.4GHz/5GHz

Then I'm out: I am not aware of any router that fits all your requirements, not even close to it. Maybe somebody else can chime in.

I expect you'll be able to find equipment that meets those specs, but you might struggle to find something which meets those specs and has support for OpenWRT and/or has an integral SSH server. Not saying it's impossible, but you might find yourself on a unicorn hunt.

As an example of the sorts of mobile and M2M routers/bridges you can find in the UK, this place has an extensive catalogue:

(I'm seriously considering the Amit IDG450 as a replacement for my ageing Netgear LB2120)

If you're not in the UK, there might be a broadly equivalent seller closer to home.

You need any OpenWrt compatible cellular router. You also need a special WireGuard VPN that provides a public IP. A regular privacy-oriented VPN won't work. I know two compatible commercial VPN providers:

Or a provider which issues a public IP to the SIM. Mine does. Not all mobile providers insist on CGNAT.

Thak you all I really appreciate all the feedback.
I'm going to have a meeting with MileSight about their UR75 and see if it supports WireGuard VPN, bacause it do supports IPsec and OpenVPN

Update.
After reading How to Access the CLI on MileSight, I see that the UF51 and the UR Series (except for UR75) supports CLI access. This is a bit of a bummer, since UR75 is the only one that supports 5G.
Also, none of their routers support custom installation of additional SW (E.G. apt install nano) .
Also none of their routers support WireGuard.
It uses OpenWRT with OpenVPN / IPSec, maybe I just have to settle with this solution. Maybe, as @iplaywithtoys says, it's a unicorn hunt.

1 Like