Skip to content

sid-ravikumar/5g-router

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.claude
.claude
 
 
configs
configs
 
 
docker
docker
 
 
docs
docs
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dns-socks-proxy.go
dns-socks-proxy.go
 
 
tcp-relay.py
tcp-relay.py
 
 
udp2tcp-relay.py
udp2tcp-relay.py
 
 

Repository files navigation

5G MiFi Router VPN Setup (Unisoc UDX710)

Status: EXPERIMENTAL - VPN is unreliable due to cellular network instability and China firewall interference.

This repository documents setting up Mullvad VPN on a Chinese 5G MiFi router to bypass the Great Firewall (GFW).

Current State

  • SSH access on port 2222 works reliably
  • VPN setup is documented but not production-ready
  • See docs/MIFI-VPN-SETUP.md for full details

Device Information

Property Value
Chipset Unisoc UDX710
OS Yocto Linux
Kernel 4.14.98
Architecture ARM64 (aarch64)
Root Access SSH via dropbear on port 2222
Web UI UDX710-UOOLS on port 9898

Key Limitations

  • No TUN module: The kernel was compiled without TUN support. Cannot load it even with root access.
  • No kernel modules: /lib/modules/4.14.98/ is empty
  • Read-only root by default: But can be remounted with mount -o remount,rw /
  • GFW blocks: Direct WireGuard connections to Mullvad servers are blocked

Solution Architecture

Since we can't use kernel TUN, we use userspace solutions:

[Client Devices]
       ↓ WiFi
[5G MiFi Router]
       ↓
[redsocks] → transparent proxy (iptables REDIRECT)
       ↓
[wireproxy] → userspace WireGuard (SOCKS5 on :1081, HTTP on :8081)
       ↓
[udp2tcp] → UDP-over-TCP obfuscation (127.0.0.1:51822 → Mullvad:80)
       ↓
[Mullvad Server] → TCP port 80 (bypasses GFW)
       ↓
[Internet]

Components

1. udp2tcp (Mullvad's UDP-over-TCP)

  • Wraps WireGuard UDP in TCP to bypass GFW detection
  • Protocol: 16-bit big-endian length prefix + UDP datagram
  • Connects to Mullvad's TCP port 80 relay servers

2. wireproxy

  • Userspace WireGuard implementation
  • Doesn't require TUN device
  • Provides SOCKS5 and HTTP proxy interfaces

3. redsocks (optional, for transparent proxy)

  • Redirects TCP connections via iptables to SOCKS5 proxy
  • Allows transparent proxying without client configuration

Directory Structure

/mnt/data/vpn/
├── udp2tcp              # UDP-over-TCP binary (ARM64)
├── wireproxy            # Userspace WireGuard (ARM64)
├── wireproxy-tcp.conf   # WireGuard configuration
├── start_vpn.sh         # Manual start script
└── redsocks             # Transparent proxy (ARM64)

/etc/init.d/
└── vpn-proxy            # Auto-start init script

/etc/rcS.d/
└── S99vpn-proxy → ../init.d/vpn-proxy

Quick Start

SSH Access

ssh -p 2222 root@192.168.0.1

Start VPN Manually

/mnt/data/vpn/start_vpn.sh

Verify Connection

curl -x socks5h://127.0.0.1:1081 https://am.i.mullvad.net/connected

Mullvad Server (US-LA)

Property Value
Server us-lax-wg-607
IP 23.168.216.3
TCP Port 80
Public Key ItEcyDXwTXtq6bQubbO6lY0K/oh0dfk26AV+muU+Ah4=

Files

See docs/ for detailed documentation:

License

Documentation and scripts are MIT licensed. Individual binaries have their own licenses.

About

Mullvad VPN setup for Unisoc UDX710 5G MiFi router (bypass GFW with UDP-over-TCP)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages