RSS 中文
AGENTUPDATE JOURNAL

Seamless Remote Access in China: A Portable Gateway Solution Using GL-MT3000, HomeProxy, and Mobile Hotspot

June 27, 2026 | By AgentUpdate | 9 Min Read
#Networking#OpenWrt#HomeProxy#Sing-box#GL-iNet
Seamless Remote Access in China: A Portable Gateway Solution Using GL-MT3000, HomeProxy, and Mobile Hotspot
Table of Contents

1. Introduction and Pain Points

For developers and business professionals who frequently travel back and forth or work remotely in Mainland China, one of the biggest headaches is: how to stably and seamlessly access global development environments, SaaS services, and collaboration tools (such as GitHub, Slack, and Google Workspace).

While you can install proxy clients on your laptop, this client-based approach falls short in several scenarios:

  • Multi-device collaboration: When you need to connect your laptop, phone, tablet, and dev boards simultaneously.
  • On-the-go workspace: Staying in hotels or temporary places without stable fixed broadband, forcing you to rely solely on cellular data.
  • Client instability: Desktop proxy apps frequently disconnect, face DNS pollution, or fail to intercept certain app traffic.

This post shares a highly flexible and robust mobile networking solution: using the portable Wi-Fi 6 router GL-iNet GL-MT3000 (Beryl AX). By wirelessly tethering (via WISP Repeater) to your mobile phone's hotspot, running HomeProxy (powered by Sing-box) in TUN mode (routing both TCP and UDP), and channeling traffic through a remote WebSocket (WS) node, you can establish a client-free transparent proxy for all down-link devices.

2. Solution Architecture and Network Topology

The core concept is a "gateway-level transparent proxy". All handshake, routing rules, and DNS resolution happen on the router. Laptops and mobile devices simply connect to the router's Wi-Fi without needing any client software.

graph LR
    SubGraph1[Local LAN] --> Router[GL-MT3000 Router]
    PC[Laptop / Devices] -->|Wi-Fi / LAN| Router
    PhoneHotspot[Mobile Hotspot] -.->|WISP Repeater| Router
    Router -->|WebSocket over TLS| VPS[Remote Proxy Server]
    VPS -->|Outbound| Internet[Global Internet]
    
    style Router fill:#f9f,stroke:#333,stroke-width:2px
    style PhoneHotspot fill:#bbf,stroke:#333,stroke-width:2px

Network Topology Diagram

  • Hardware: GL-iNet GL-MT3000 (Beryl AX). Equipped with the MediaTek Filogic 820 chip and pre-installed with a customized OpenWrt system, it has plenty of horsepower to handle encrypted traffic.
  • Proxy Client: HomeProxy (built on Sing-box). One of the most popular native transparent proxy clients in the OpenWrt community.
  • Transport Layer: WebSocket (WS) protocol. In mobile hotspot networks with multiple layers of carrier NAT, WS is highly resilient against connection resets.

3. Step-by-Step Configuration

Step 1: Wireless Repeater Connection to Phone Hotspot

When you're on the move, your phone's cellular connection is the most convenient internet source.

  1. Phone Prep: Turn on "Personal Hotspot" on your phone. If available, toggle "Maximize Compatibility" (forces 2.4GHz Wi-Fi, though you can use 5GHz if the signal is stable).
  2. Router Connection:
    • Log into the GL-MT3000 admin panel (usually 192.168.8.1).
    • Go to the Internet section, click Scan under Repeater (WISP).
    • Choose your phone's hotspot SSID, enter the password, and click connect.
    • Once connected, the GL-MT3000 will use the hotspot as its WAN interface and obtain a local IP.

[!TIP] In hotspot repeater mode, remember to enable Auto Reconnect in the router settings to prevent disconnection when the phone locks or goes to sleep.

Step 2: Configure Remote Node (WebSocket Protocol)

Ensure your server-side node supports the WebSocket transport layer. Add the node in HomeProxy:

  1. Log into your OpenWrt LuCI interface and navigate to Services -> HomeProxy.
  2. Go to the Nodes tab and click Add Node.
  3. Key Parameters:
    • Protocol: Select your server protocol (e.g., VMess, VLESS, Trojan, Shadowsocks).
    • Address & Port: Enter your remote server's domain or IP.
    • Transport Configuration:
      • Set the transport type to WebSocket (ws).
      • Host: Enter your masqueraded domain.
      • Path: Enter the WebSocket path configured on your server (e.g., /ray).
      • TLS: Recommended to enable TLS and configure a valid certificate for enhanced stealth.

Step 3: Configure HomeProxy Routing Mode & DNS

This step is critical for routing traffic correctly and preventing DNS pollution.

1. Routing Mode

In the main HomeProxy settings page:

  • Running Mode: Select TUN Mode.
  • Protocol Support: Make sure both TCP and UDP are checked. TUN mode creates a virtual network interface, which seamlessly proxies TCP while capturing UDP traffic (essential for voice/video calls).
  • Proxy Mode: Select Rule-based (direct routing for domestic sites, proxy for global sites), or Global during your initial stay in China if you want everything proxied.

2. DNS Settings

DNS hijack is a major cause of broken connections in China. In HomeProxy's DNS configuration:

  • Direct DNS (Local): Set to reliable local DNS, such as Tencent 119.29.29.29 or Alibaba 223.5.5.5.
  • Routed/Proxy DNS (Global): Set to Google DNS 8.8.8.8, and force these queries to be resolved through the remote proxy node. This prevents local DNS hijacking by ISP carriers.

Step 4: Device Connection and Verification

Once HomeProxy is configured and saved:

  1. Connect Devices: Connect your laptop via Wi-Fi or LAN to the GL-MT3000.
  2. Test Connectivity:
    • Open a terminal on your laptop and run ping 8.8.8.8 or visit global IP checking sites.
    • Go to ipinfo.io to verify your outbound IP matches your remote server's location.
    • Access global developer sites like GitHub or Slack; they should load instantly without any client configurations.

4. Optimization and Troubleshooting

When using mobile hotspots as the WAN source for transparent proxies, keep these optimizations in mind:

1. MTU Adjustments for Cellular Networks

Since mobile hotspots encapsulate packets over cellular networks (adding wireless overhead), large packets may get dropped. This manifests as: "Handshake completes, but page loading is extremely slow or images fail to load."

  • Solution: In the OpenWrt virtual interface or HomeProxy TUN interface settings, reduce the MTU from 1500 to 1360 or 1400. This dramatically improves handshake stability on cellular networks.

2. Hotspot Auto-Sleep

Many mobile devices (especially iPhones) turn off the hotspot broadcast if no active down-link activity is detected for a short period.

  • Solution: Run a background micro-task (like a simple ping) on the router/PC to keep the connection alive, or keep your phone on the Hotspot settings screen while connecting.

3. Multi-WAN Failover

The GL-MT3000 supports saving multiple Wi-Fi repeater targets with priority. You can save your phone's hotspot, hotel Wi-Fi, and office Wi-Fi in the list. The router will automatically scan and connect to the highest priority, available SSID.

5. Conclusion

By combining the GL-MT3000, mobile hotspot, and HomeProxy (TUN/WS), you can build a fully independent, highly portable out-of-band gateway for a fraction of the cost.

This setup frees you from installing proxy clients on individual devices, while the TUN mode and remote DNS routing ensure a seamless, native-like global browsing experience. For digital nomads and developers traveling globally, this is an indispensable addition to your travel gear.

RECOMMENDED IN-DEPTH READING