Apologies if this has been asked before, but all I could find was a post from several years back…
Basically I’m looking for a low-cost solution to access the home networks of some relatives. I’m willing to compromise on almost everything to keep the price and running costs down. This means I’m okay with slow speeds, high latency. What I’m not willing to compromise on is not having to manually intervene (they don’t live very close to me), basically it needs to be able to be set up once and from that moment on run without fail for at least a while.
Currently I’ve gotten down to either setting up a cheap pi clone or similar boards, of getting something like the Xiaomi router 4c and putting openwrt on it. The first option is around 40-50usd all in, while the second should run me around 25 USD.
I’m wondering if there’s any alternatives and if anybody has experience with the second option
Old routers, flashed with openwrt, set up with a wireguard interface, set behind the family member’s router. I send it to them, and walk them through opening two ports on their router via facetime or duo:
Wireguard listening port (prima facie)
ssh listening port (set with public key-only authentication so if the wg tunnel goes down, I still have a way to get in)
I typically have old linksys routers as that’s what I’ve bought in the past. Many/most are supported for openwrt. The cheapest one I’ve deployed is an EA3500, goes for about $15-20 on ebay.
The throttle point tends to be the upload on one end or the other, so speed isn’t really affected by the router. Heck, I route all Comcast IP’s through the endpoint I sent one family member so I can use the xfinity stream app and get all of their TV channels, not just the ones available “outside the home.” Plays just fine routing hundreds of miles away and with a 20mbps upload on their end.
Thanks for the advice everyone. As for some of the suggestions here, I’m really looking for something that I can just place, add firewall rules for and from that moment onwards connect through at any time without having to worry about what computer/device is turned on, etc.
I’ve looked into installing a NanoPi which are pretty awesome but at the same time are not cheap so I decided against it. The same goes for the RaspberryPI models, they’re still difficult to source, overkill for what I want to do while at the same time restricted in bandwidth (which I don’t really care about, but if I’m spending more money than the other options there have to be at least a couple of advantages for my usecase). In the end these devices are great but more geared towards the hobbyist and are best suited for the millions of other fun projects you can do with them.
I ended up strolling the local “ebay” for used routers compatible with OpenWRT and found a Netgear Nighthawk AC1900 for around $20 including shipping. The first advantage of it is that it already should come with WireGuard support out of the box (or after FW upgrade), besides that it still offers the option of flashing OpenWRT and I can set it up as an extra access-point to increase the range of their home network.
I also ended up finding a rebranded Tp-link Archer C7 for $10, which should also be capable of running OpenWRT, so I’m going to play around with that as well.
Well you could get a google cloud free tier. Oracle has one too. Or you can rent a 5 bucks hetzner server and set up WG there.
Then you can put a Pi in a location you want access too and make it auto connect to the WG on boot. Now you have a reverse gateway into the network. This is how I do it with my clients who don’t have static IPs or a configurable internet modem
GLiNet AR300 - runs full OpenWRT so you can do pretty much anything with it - you’re not limited to standard LAN/WAN/NAT etc. It’s just cheap and slow with a 100M port. I love them for remote access.
You will need a static IP address ‘somewhere’ or dynamic DNS setup to create a connection you can use.
Note* I’ve had a number of issues with wireguard in windows needing to be reset. It’s an easy enough process to open the App, hit ‘deactivate’, then ‘activate’ and it will run again, but for unattended installs I cannot trust windows+wireguard. (I don’t blame WG for this)
A cheap SBC powered off a 5V cell phone charger will work well if you want a dedicated device for this, otherwise you can run it on an existing machine in the home or run it on the home router (needs a supported router, or you need to buy a new one)
Personally. I’ve got an SBC running in a couple remote locations, using dynamic DNS (and as such, remote locations need a cron task to restart the tunnel or run ‘re-resolve’ scripts.)
Works very well, and have had zero issues with this method.
Sounds like a plan. Only cheaper (and ‘greener’) option I can think of is find someone with an old ‘broken’ laptop (screen/keyboard/pad kaput) and give it a new life.
They are looking for hardware for remote network access. Tailscale doesn’t give you acces to a network without controlled hardware present. Just like wireguard.
actually you can install headscale (opensource tailscale controller) in a free tier oracle cloud and use tailscale clients and no restrictions on subnets.
