Recommendation for a cheapish 4g modem router with inbuilt VPN.

[Fred2016]

Hi, Im after a recommendation for a cheapish 4g modem router with inbuilt VPN. I need to setup a system at a property with no fixed line internet and i obviously need remote access. Is this the best way of doing this or if there is a better/easier way then what else would
you recommend?

 

[camdensnyder]

I have found that Asus routers are the easiest to setup a VPN on utilizing Open VPN. It is super simple and works as it should!

 

[rabittn]

Look at glinet routers. I have the 4g and 5g spitz.

 

[elvisimprsntr]

@Fred2016

Whatever LTE modem/provider you use, you will likely need a VPN that will traverse Carrier Grade Network Address Translation (CGNAT) for remote access. LTE providers do not normally provide a public IP address.

Tailscale MESH VPN is far far the easiest solution to traverse CGNAT. Tailscale has a free tier with up to 3 users and 100 nodes, uses any number of existing identity managers, and has clients for every distribution on the planet. Tailscale · Best VPN Service for Secure Networks

You can run Tailscale one of two ways:

1. Run a Tailscale client on a computer that runs 24/7/365 at the remote site and advertise sub-net routes. This can include an AppleTV 4K running at least tvOS 17.3
2. Run Tailscale on a supported firewall distribution. Using Tailscale with your firewall

My personal preference is open source enterprise class firewall software pfSense. pfSense® - World's Most Trusted Open Source Firewall
I have two sites, both running pfSense and Tailscale, both on low power fanless Mini PCs running 24/7/365. I can access any device (even embedded devices) on either site remotely without running a separate Tailscale client. Great for remote access and off-site backups. Works automagically!.

Tailscale on pfSense Software!

In this video, we introduce Tailscale running on pfSense and demonstrate a common site-to-site deployment scenario.

www.netgate.com

LTE Modems:

Obviously, you will need to find a solution that is compatible with your providers LTE bands.

1. Netgear makes an external LTE modem. Cellular Modems: 4G LTE | NETGEAR
2. Or purchase a firewall appliance that includes the option to add a LTE modem. Protectli: Trusted Firewall Appliances with Firmware Protection

 

[The Automation Guy]

There are really two ways to accomplish this IMHO:
1) Use a 4g/5g cellular modem and then use it as your internet provider connected to "regular" networking equipment. This isn't an "all in one" solution, but it provides a lot of flexibility to the system. You can definitely get cellular modems with ethernet connections (although there are also a lot that are WiFi based) to attach your other networking equipment to. Ultimately this works exactly the same as using a cable modem, etc except you are using a cellular modem instead of another type of modem/internet connection.

2) Get an "all in one" solution that includes a cellular modem and a firewall/router all built into one. However I am not sure "cheap" is a description I would give these devices.

While I use an pfSense/OPNsense firewall device for my home network, I have also used networking devices from GL.iNet and would second the recommendation to look at those devices if you want something inexpensive that works well.

 

[Fred2016]

@Fred2016

Whatever LTE modem/provider you use, you will likely need a VPN that will traverse Carrier Grade Network Address Translation (CGNAT) for remote access. LTE providers do not normally provide a public IP address.

Tailscale MESH VPN is far far the easiest solution to traverse CGNAT. Tailscale has a free tier with up to 3 users and 100 nodes, uses any number of existing identity managers, and has clients for every distribution on the planet. Tailscale · Best VPN Service for Secure Networks

You can run Tailscale one of two ways:

1. Run a Tailscale client on a computer that runs 24/7/365 at the remote site and advertise sub-net routes. This can include an AppleTV 4K running at least tvOS 17.3
2. Run Tailscale on a supported firewall distribution. Using Tailscale with your firewall

My personal preference is open source enterprise class firewall software pfSense. pfSense® - World's Most Trusted Open Source Firewall
I have two sites, both running pfSense and Tailscale, both on low power fanless Mini PCs running 24/7/365. I can access any device (even embedded devices) on either site remotely without running a separate Tailscale client. Great for remote access and off-site backups. Works automagically!.

Tailscale on pfSense Software!

In this video, we introduce Tailscale running on pfSense and demonstrate a common site-to-site deployment scenario.

www.netgate.com

LTE Modems:

Obviously, you will need to find a solution that is compatible with your providers LTE bands.

1. Netgear makes an external LTE modem. Cellular Modems: 4G LTE | NETGEAR
2. Or purchase a firewall appliance that includes the option to add a LTE modem. Protectli: Trusted Firewall Appliances with Firmware Protection

Thanks very much for your detailed reply. I think your tailscale suggestion is the way forward. I'm learning all about it at the moment and will give it a go. I have a computer setup with BI ready to go. I just need to get the remote access working and I'm happy. Such a massive learning curve for someone with no I.T. background. Cheers

 

[JustCrs]

Just keep in mind that the modem’s performance and compatibility with your provider’s network bands are key, so checking specs against your local 4G network is worth it.

Another thing to think about is whether you need a solution for managing IP addresses or bypassing restrictions on certain services. In that case, using a 4G proxy could be helpful, especially if you're managing multiple devices or need to access location-specific resources. This setup can give you a bit more flexibility and help avoid connection drops when switching towers.