I’m new to networking and was wondering if anyone has experience setting up a WireGuard VPN server with Verizon’s 5G home internet. I have a GL.iNet travel router and a GL.iNet Flint as my home router. I’ll be traveling soon and want to route all my traffic through my home internet connection.
If it’s cellular internet it’s going to be CGNAT and you won’t get a public IP. You can try to set it up but as soon as you try to enable it, it won’t work.
So I dont have WireGuard setup…but I do us OpenVPN setup to get into my dads network. I have OpenVPN setup on a Linux VM on TrueNAS server on the network.
However, with the 5G Home…the IP address changes SO fucking much. Each time I connect I have to log into myverizon to get the routers IP address, change it on my DDNS server, then it’s fine.
I used to have the DDNS updater…but they changed how its done, and I havent been over there to fix it yet…so I have to change it each time I connect…its annoying but doable—and it does work just fine.
I have no problems with it I use the Verizon 5g home internet i put the router in bridge mode and I get a public IP. Wireguard server is setup on my Asus router, and I just s beryl ax as the client. All my traffic properly gets router out my home Internet connection.
I set up a Wireguard via a Beryl AX on my Verizon 5G Home Internet, also with a TP-Link router. In both cases the trick was to set up the client to use a dynamic dns as the endpoint.
Glinet has a ddns thats tied to each of their devices. You just need to enable the DDNS and then make sure to check that when your Wireguard server sets up the config file for clients, that it has “Use DDNS domain” toggled on. That will change the qr code, but also the config file should contain a ddns endpoint line which will look something like:
Endpoint = glinetdevicename.glddns.com:999999
This has worked for me with both the Beryl AX and the TP-Link as a wireguard server (as each has their own DDNS service)
My Verizon 5G internet router also offers DDNS through services, and I got it all set up… and it never worked for me. So now I have the TP-Link running on my network 24/7 and I take the Beryl AX with me and it works just fine. I can also tap in from my phone with the Wireguard client.
Let me know if you need more specific help.
Yup, just did it a week ago. Using a Slate Plus as the server and a Beryl AX as the client. I know this is dependent on how strong the signal is but my upload speed seems capped at 11-12mbps so thats as fast as my download speed will be using the Beryl. Theres also some extra latency but I needed it done ASAP and didnt have time to go with a different ISP. I will upgrade to fiber once i finish my trip.
I just followed the Glinet videos on youtube. Enabling port forwarding was pretty straightforward on the Verizon router.
Works fine as long as your 5G has decent down and upload speeds, and a stable connection.
They typically provide a public IPv4 and allow port forwarding.
Not true. I have Verizon 5g home internet and I get a public IP when the router is in bridge mode
Yes, it is Verizon’s cellular 5G home internet service. So it’s not going to work with port forwarding?
That sounds quite painful! I need a reliable connection that works without fiddling around
Thanks for the detailed response! I’ll try these steps and reach out if I run into any issues. Appreciate the help.
Port forwarding? I thought the Verizon modem just needs to be put in passthrough/bridge mode and hard wired to your own home GL.inet router? Or did I mis understand this completely?
That awesome to hear. I had heard that 5G home internet ISP’s like Tmobile did not allow port forwarding so that had me worried. I’ll check out the Verizon gateway conf for port forwarding
Yes I said if it’s cellular and has CGNAT. If you have a Verizon modem then that’s already telling that it’s not cellular. Those of us with only Verizon cellular internet do not receive any modem or router. We simply purchase our own mobile hotspot and use a 5G hotspot plan.
Generally (there are exceptions) mobile data providers use CGNAT gateways for their users, which means, one WAN IP is shared amongst many users. This stops external access to services you may have on your router such as VPN applications.
You may be able to get around this by using Zerotier or Tailscale though, as both of them work in situations like this.
So it’s a SIM card? And you have some other modem/router? Yeah it won’t work. But you can run a Tailscale exit node! Digital Nomad VPN Tutorial using Wireguard or Tailscale
I do this on my Spitz AX at one of my places with Verizon 4G/5G only.
Port Forwarding does work…yes. I do it with OpenVPN… I havent looked at the methods 5G home uses vs the cell phones…but cell phones don’t really get public IPs. The Routers do.
ya its annoying for sure…I deal with it for that…but wouldn’t for my own.
however, I do manage a network that is CGNAT (id assume) I couldn’t get ANY VPN port forwarding to work–But, what I did was I setup a UniFi UDM Pro at the house, configured it and use the Teleport built in VPN…and that works great for that network. I tried EVERYTHING to get OpenVPN, WireGuard, all of it…NOPE…built in Teleport…works flawlessly.
so…I mean…
I did this on the fly last week and I am not an expert so dont take this as bible. I am just gonnna tell you what i did.
I just quickly looked up how to route all my traffic through my home internet no matter where i am in the world and landed on a wireguard reddit discussion. I went through Glinet’s documentation on how to set up the server and client and the instructions told me to enable port forwarding on my verizon router. On Glinet’s YouTube you will find wireguard server/client set up videos.
So my set up is Verizon Router as main router >Slate Plus as Wireguard Server connected to the verizon router with ethernet and when Im traveling i have my Beryl AX as the Wireguard client connected by ethernet to my laptop and home router.
I did exactly as Glinet said and called it a day. It has been a week and my VPN is working as it should. Im sorry this isnt the detailed answer you probably wanted but this is all i did.
Yeah. TMo requires you to upgrade to a business plan to get it. It’s been a little bit since I last setup someone on VZ 5g, but I doubt it’s changed.