Always-On Router Setup

Leave a Comment / Always-On Router, Working Remotely

Open Notepad, or another text editor to temporarily store the keys generated during this process. Make sure to type in the type of key before each one.

Definitions

X: The office identification number. For example, the primary office has the IP address block of 192.168.101.1+ so its identification number is 101.

Y: The always-on router number. Any number between 1 and 254 that has not been used by any other always-on router for this office. Go to VPN → WireGuard → Endpoints to see the numbers currently in use.

icRouter_Public_DNS: a DNS A record that will resolve to the icRouter’s public WAN address.

Configure icRouter

  1. Sign in to the icRouter and go to VPN → WireGuard
  2. Open the Local tab
    • Press + to create the public and private keys
      • Just give it a temporary name and then press Save
    • Reopen that entry by pressing the pencil icon
      • Copy the public and private keys into a text editor
    • Press + to create the Shared Secret
      • Just give it a temporary name and then press Save
    • Reopen that entry by pressing the pencil icon
      • Copy the public key into a text editor
        • Label this key as “Secret”
    • Delete both of the temporary entries
  3. Open the Endpoints tab
    • Set its name to something descriptive
    • Public Key: Paste the Public Key from the text editor
    • Shared Secret: Paste the “Secret” key from the text editor
    • Allowed IP Addresses: 10.0.X.Y/32 and 10.X.Y.1/24
  4. Open the Local tab
    • Open the Users entry
    • Copy the Public Key into the text editor
      • Label this key as “Server”
    • Add the new Endpoint to Peers

Configure the Always-on router

  1. Plugin the always-on router to the existing on-premise router using the provided Ethernet cable
    • Make sure the cable is plugged into a LAN port on the on-premise router
    • Make sure the other end of the cable is plugged into the port with the globe on the Always-on router
  2. Connect to its 5G Wi-Fi
    • The SSID will start with GL- and end with 5G
    • The password is goodlife
  3. Connect to the router’s admin panel
    • Its IP address is 192.168.8.1
    • set the password
  4. Configure the Wireless
    1. Setup the 2.4GHz Wireless network
      1. Set the SSID and password
      2. Press Apply
    2. Disable 5G and the guest networks
      1. Connection should be dropped
  5. Connect to the new wireless network
    • If using icHelp, the user will need to enter the security key
  6. Configure the local network
    • Network -> LAN
      • Change it to 10.X.Y.1
    • Confirm the PC was assigned an expected IP address
  7. Update the firmware
    • System -> Upgrade
  8. Configure VPN
    • Network -> DNS
      • Disable DNS Rebinding Attack Protection
      • Don’t forget to hit Apply!
    • VPN -> WireGuard Client
      • Create a new Group named for this company
      • Click Manually Add Configuration
      • Set Name to Office
      • Click Item Mode
        • May need to enter Name again
      • IP Address: 10.0.X.Y/24
      • Private Key: Paste the Private Key from the text editor
      • Listen Port: 1151
      • DNS: 192.168.X.1
      • Public Key: Paste the “Server” key from the text editor
      • Endpoint Host: icRouter_Public_DNS:51821
        • See definitions above
      • Allowed IPs: 192.168.100.0/22,10.0.X.1/32
      • Preshared Key: Paste the “Secret” key from the text editor
    • VPN -> VPN Dashboard
      • Click the button inside the purple background (may say Global Proxy)
        • Change to Auto Detect
      • Click Global Options (next to VPN Client
        • Allow access WAN
      • Click the gear for Wireguard client options
        • Disable IP Masquerading
      • Slide the Enable switch to connect to the VPN
  9. Verify they are able to connect to network resources

Make sure the end-user has read about the Always-On Portable Router

Leave a Comment

Your email address will not be published. Required fields are marked *