Build Your Own WireGuard Home Server with two GL.iNet Routers¶

This article will introduce how to set up your home router as the WireGuard VPN server and your travel router as the WireGuard VPN client to connect together remotely, so that you can use your home IP address with the travel router anywhere.

Here we use our GL-MT6000 as the example to run WireGuard VPN server at the home site, and you can also choose other models such as MT2500 if you don’t require the wireless capacity. As for the travel router, we use our GL-MT3000 as the example, and you can choose others as well.

Why you need to build own your WireGuard home server¶

Use your home IP address as the Internet address, acting as that you are just at home.
No need to pay the monthly fee when comparing with the 3rd parties VPN service.
Route all the Internet traffic to your home network via encrypted VPN tunnel and secure your privacy.
Easy access to your internal resources and local streaming.

Topology¶

topologywg

Check if you have a Public IP address¶

First, you shall make sure the GL-MT6000 has a Public IP address on its WAN side, so that it can be globally accessed. Otherwise your travel router cannot build up a VPN connection with it while you are traveling.

To check if you have the Public IP address, please open a web browser and type in ip.gs in the address bar.

myip

It will show your public IP address, if it matches with your WAN IP from your ISP, you are granted a Public IP Address.

If you don’t have a Public IP address, here are some methods for your reference.

if you have a main router, you shall login to it and check if it gets the Public IP from your ISP.
if you can ask your ISP to give you a Public IP address, she may charge an extra fee for it.
if both the above two ways don’t work. For example, if you are in a CGNAT, you can take the reverse proxy method such as Astrorelay.

TP-Link as Main Router

Your GL-MT6000 connects to an upper router¶

Connect to your home router’s WiFi or LAN, then login the web admin panel. Check the IP address it obtains from your ISP. Here you can see it is your Public IP 42.200.00.00.

Example: A TP-Link Router

tp_home

Set up the Port Forwarding on your main router¶

Login to the web control page of your main router
Find out where is the function of port forwarding, different brands may call it by different names
Find the IP address assigned to GL-MT6000

Example: A TP-Link Router

Go to “Advanced” and click “virtual Server”, then “Add”.
Internal IP (Device IP): It is the IP address assigned to GL-MT6000, you can find it in the client list of TP-Link
External/Internal port: Please fill both are "51820"
Protocol: You can choose "All or UDP or TCP/UDP"

tp_port1

GL.iNet as Main Router

Your GL-MT6000 connects to the ISP modem directly¶

mt6000-home

You can see your Public IP shows on the IP Address and you have No Need to do port forwarding.

Set up the WireGuard server on GL-MT6000¶

Enable DDNS (Optional)¶

Enable the DDNS function if you do not have a Public Static IP but only have a Public Dynamic IP.

Go to the admin panel >Applications>Dynamic DNS and slide to enable

serverddns

Check the box below and click Apply.

ddnsapply

Then Go to WireGuard VPN server, make sure the Listen Port is 51820 and click “Apply.”

wgserver

Generate a Configuration¶

Click Profiles and Add a Client then it will automatically generate a client configuration. Click the square icon (point 2) and slide to use DDNS Domain. (point 3, Optional if you have dynamic IP only).

wgservergen

Use the WireGuard mobile app scan the QR to test the server.For details please click here.

Output a text format configuration for Client Installation¶

Change the configuration to text format by click Configuration File. Copy the text for the client or download and save it then drag it to the client later.

configload

Set up the WireGuard Client on GL-MT3000¶

Change the LAN IP¶

Login to the admin panel of GL-MT3000 and go to the Netwrok on the side bar and change the LAN IP.

Change the LAN IP

Add the Configuration¶

Go to the WireGuard Client and click Add Manually.

addwgclient1

Create a name for the connection and drag the configuration downloaded before or click Manually Add Configuration.

addwgclient2

Paste the Configuration Text onto it and then you can connect to the server now.

addwgclient3

Connect GL-MT3000 to your GL-MT6000 Server¶

Click the name you just created, and it will show you the configuration you just loaded then click Start.

wgstart

You will see your client is connecting to the server now with your Home Public IP.

clientup

Go back to the VPN DashBoard of GL-MT6000, you will also see the client is connected.

servercon

Use GoodCloud to manage the routers remotely in case of any problems when you are traveling¶

Sometimes your server may be down due to a power outage or other reasons, in order to maintain the accessibility of your server, please bind it our GoodCloud also.