GL.iNet GL-X750 / OpenWRT / VPN / Cloudflare DNS over TLS /


Recently I got into my hands the new GL-X750 router


Interface1 x WAN Ethernet port
1 x LAN Ethernet port (100)
5 x LEDs
1 x USB 2.0 port
1 x micro SIM card slot
1 x MicroSD card slot
CPU[email protected]
Memory / StorageDDR2 128MB / FLASH 16MB
3G/4G Mini PCIe ModuleSupport CAT4/CAT6 Mini PCIe
4G LTE Antennas2 x detachable external antennas
Wi-Fi Antennas2dBi 5G & 2.4G internal antennas
Protocol802.11 b/g/n/ac
Wi-Fi Speed2.4GHz(300Mbps), 5GHz(433Mbps)
TX power2.4GHz: 20dBm (11b) Max, 5GHz: 20dBm (11a) Max
RX Sensitivity-94dBm Max
Ethernet Port2 x 10/100M
LEDsPower / 2.4G Wi-Fi / 5G Wi-Fi / 4G / WAN
MicroSD Card SlotUp to 128GB
Power Input12V/1.5A
Power Consumption<6W
Working Temperture-20~40°C (-4~104°F)
Storage Temperture-20~70°C (-4~158°F)
Dimension / Weight115 x 74 x 22mm / 86g

The router’s software is based on well-known openWRT (currently OpenWrt 18.06.1 r7258-5eb055306f), its base overlay gives us access to simple and fast options.

LTE and Frequency Aggregation

I bought this router due to the fact that in my town I do not have the possibility of connecting cable internet. GL-X750 is equipped with Quectel LTE EP06 module which has the ability to aggregate, “connect” two frequencies in my case is the LTE800 (B20) + LTE1800 (B3). Unfortunately, the menu does not yet have the ability to force the bandwidth, but it is possible to send the at commands so we can force the band, just click on the link at commnad and enter the command and click send.

AT+QCFG=”band”,0,4,0,1 //|LTE1800|
AT+QCFG=”band”,0,80000,0,1 //|LTE 800|
AT+QCFG=”band”,0,80004,0,1 //|LTE 800+1800|

AT+QCFG=”nwscanmode”,3,1 –> Force LTE
AT+QCFG=”nwscanmode”,0,1 –> Default Settings

LTE band :
1 LTE Band 1 2100 MHz
4 LTE Band 3 1800 MHz
10 LTE Band 5 850 MHz
40 LTE Band 7 2600 MHz
80 LTE Band 8 900 MHz
80000 LTE Band 20 800 MHz
You can configure two or more alternative bands by calculating the sum of LTEbandval
values. E.g. the combination of bands 20 and 3 is 40 + 80000 = 800040

AT + QCAINFO —> checking bands (after entering this command should display two lines with the details of “connected bands” if “ok” is displayed it means that the belt does not aggregate, it may be due to the lack of range of one of the bands or unsupported aggregation by a given bts point)

It is possible to add commands to the quick selection bar, simply log in via ssh, edit 12 atlist lines:

<code>nano /www/src/temple/attools/index.js</code>  

Komendy dodajemy wg wzoru

atlist: [{ 'msg': 'Manual command', 'item': '' }, { 'msg': 'Current Band Info', 'item': 'AT+QNWINFO'}, { 'msg': 'Current CA Info', 'item': 'AT+QCAINFO'}, { 'msg': 'Band Config', 'item': 'AT+QCFG="band"' }, { 'msg': 'Wymuś LTE ', 'item': AT+QCFG="nwscanmode",3,1' }, { 'msg': 'Force LTE 800+1800', 'item': 'AT+QCFG="band",0,80004,0,1' }, { 'msg': 'Force LTE Band 800', 'item': 'AT+QCFG="band",0,80000,0,1' }, { 'msg': 'Force LTE 1800', 'item': 'AT+QCFG="band",0,4,0,1' }, { 'msg': 'Sprawdzenie agregacji', 'item': 'AT+QCAINFO' }, { 'msg': 'Request IMEI', 'item': 'AT+GSN' }, { 'msg': 'Request QCCID', 'item': 'AT+QCCID' }, { 'msg': 'Request IMSI', 'item': 'AT+CIMI' }, { 'msg': 'Check Signal Quality', 'item': 'AT+CSQ' }, { 'msg': 'Reset modem', 'item': 'AT&F0' }, { 'msg': 'Operator Names', 'item': 'AT+COPS?' }, { 'msg': 'Force LTE Only', 'item': 'AT+QCFG="nwscanmode",3,1' }, { 'msg': 'Reset Scan Mode', 'item': 'AT+QCFG="nwscanmode",0,1' }],
commands doc

(when buying, remember to buy the right version of the European EP06-E).


Gl.iNet supports two vpn protocols, the popular OPENVPN and the recently created WireGuard. Through WireGuard, we can get higher speed of packet transmission, however, it is not yet as much supported by suppliers as openvpn. We will use WireGuard, for example, on Mullvad VPN. Personally, I use NordVPN, which unfortunately does not have WireGuard servers at the moment.

To configure the vpn clienta in GL-X750 simply click on the vpn tab and add the .ovpn file the rest of the tasks will be done by the router for us, without the need of manual configuration. You can easily add several vpn profiles and switch between them.

The built-in killswitch will protect us against leakage if the vpn server fails to respond. However, it should be remembered that killswitch only works if we are already connected to the vpn server and we lose the connection, there is no option to block access to the Internet in the event that vpn is not running, at least in the basic UI. To do such a killswitch it would be necessary to manually set the firewall in advanced settings or via ssh. Advanced settings switch the user to the luci interface (more extensive, standard UI OpenWRT). Manual killswitch was available in routers, e.g. GL.iNET ar-150.

Advanced settings (openwrt luci)

In addition to using the vpn client, we can also set up an openvpn or wireguard server in just a few moments if we can open the ports. In my case it is impossible because I use LTE and ports are not available from outside.

Cloudflare DNS over TLS

Router also has a DNS option via TLS. It is a security protocol used for encrypting and packing DNS (Domain Name System) queries and responses via Transport Layer Security (TLS). The purpose of this method is to increase the privacy and security of users by preventing eavesdropping and manipulation of DNS data with the use of “man-in-the-middle” attacks


GL-X750 is a great router in addition to the features that I described this router can be used for many things by installing appropriate applications, programs by luci or ssh (better compatibility, ssh cli applications). For me, the only downside is the lack of Gigabit Ethernet and external 2.4 GHZ antenna, I generally recommend 🙂

Leave a Reply

Your email address will not be published.