Looking for feedback on Wireguard capable wifi routers that keep a persistent link from the router to an endpoint. A lot of what I see advertised as “Wireguard Supported” sets up a server and not a client.
The GL.iNET routers seem to do it, anyone with experience with these? https://docs.gl-inet.com/router/en/4/interface_guide/wireguard_client/
Bonus for being able to push a wireguard client config to the device via API/cli.
You must log in or # to comment.
Easy to configure in a GL.iNET with OpenWRT under the hood. For a more flexible router at the cost of a steep learning curve go with Mikrotik.
I bought a Mikrotik recently and it was terribly unstable. It would simply stop routing after 3 days on a test network with 1 device. Had to reboot it to get it to work again - no indication it had puked.
No strange config, all default other than a few IP settings.
Microtik needs time to mature.
Curious which MikroTik you had. I’ve been running them for years and absolutely rock solid. Right now a HEX-S refresh and it’s awesome and cheap.
It is complex to configure properly because it’s so powerful though. ChatGPT is great for debugging configs.
Sorry, have to dissagree. I use them for years at home and have many of hundreds out with customers big, middle and small. We use many features it offers. Sure, it has itr’s quirks just like cisco, fortinet and all others do. But, It’s stable and reliable.
Good to hear mikrotik fans here … if there wasn’t an abundance of Cisco equipment at my work I would be buying these for personal use instead, but these just wont die :P
This will be for less capable persons needing a wifi hotspot for access to CIDR restricted services on our side. Keeping it stupid simple like a GL.iNet GL-MT3000 for clients if they perform well.
Can you expand on that, I’ve been considering making a “portable network in a briefcase” situation, with a small router and a kodi box with just HDMI, Power, and Network coming out (for when the family travels; the kids connect to the same SSID and are on the home network by default). I hadn’t started researching yet, but I am wondering if these support using Wifi as the WAN link, even with openWRT firmware? For example, if we’re in a hotel, can I join this to hotel wifi with a captive portal, have it tunnel home, then the kids join it like a hotspot? I prefer openWRT and not vendor firmware because I trust patching the firmware more than I trust a vendor to upkeep their maintenance.
I’m looking at this: https://www.amazon.com/GL-iNet-GL-MT3600BE-Portable-Wireless-Computer/dp/B0GF1J99S4
They do.
My setup is:
2 power adapters (the slate 7 came with 4 travel adapters. The other is for my chrecast
A chromecast + remote
A Slate 7 routerInternet can be supplied through Wifi as a repeater, as a MitM-AP and can also spoof the mac through which you can login into the captive-portal.
The Mudi7 can do all that + cellular with 2 SIMs (or 1 SIM + 1 eSIM)
This may be useful: https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md
Wireguard on OpenWRT is pretty much set it and forget it.
I have a GL.iNET Flint 6 router running OpenWRT with multiple WG interfaces, both client and server. The client tunnels reconnect automatically and it just works. A Pi 4 in one location is set to reboot every night and the WG tunnel reconnects every time. An older router running OpenWRT is just as reliable.
Unifi gear can run both a Wireguard server, as well as a Wireguard client.
I’m pretty sure EdgeRouters (another product line by Ubiquiti) can also do it.
Have the slate 7 and mudi 7.
Both great and capable little devices. You can sometimes snipe a deal on AliExpress.
Of not, Amazon or their own store.I have a GL.iNET 4G router that I’ve configured WG for, and it worked exactly as expected. In my case, I had a requirement that when roaming onto a new tower, the tunnel had to recover automatically. And it seemingly did. Even though the router itself was mostly stationary, the mobile carrier’s CGNAT endpoint would change and the router gracefully adapted to that
I would have preferred to use IPv6 – which the router also supports, but off by default – to avoid CGNAT but the opposite end of the WG tunnel had complexities which precluded that.
Was there a noticeable disruption between towers? It’s taking resolvd a good 10 seconds to catch up when turning the client on and off. Maybe I should disable cache all-together.
Alas, I never witnessed the handover happening live, only that my logs from the far end of the tunnel would show that tunnel uptime had reset.
I imagine there’s a tunable parameter to adjust the WG keep alive, which could help reduce the drop time.
