How to: mining Helium over a cellular connection

An (easier) guide to setting up your Helium miner with a mobile data hotspot

Wednesday, Dec 1, 2021 by Oliver Switzer (Guest Blog)

HNT Wallet:

13bLi78qskZov4AbvWCWFwGX6odmxLbxbvN5z2FjsreGS4zLEJb

ETH Wallet:

0x67a10EDdD58c9B5E22c689c83a5F0b8B4d6DF273

📜 A little background

A few months ago I wrote an article about how to mine Helium over a cellular connection using the Teltonika Rut240 cellular router. Why would you want to mine Helium over a cellular connection? Or why does that take a whole guide to do? If those questions are popping into your head at this point, you should head back over to that article. There I explain everything about why you would want to do this, and why mining Helium over a cellular network can be challenging but rewarding. Also it has lots o’ fun diagrams.

However, if you’ve already made it through that guide and are still stuck, continue reading!

🕳 Getting out of a Rut

Since writing my previous article, many folks have reached out to me on Discord with issues getting the Rut240 to connect to Wireguard. So many, in fact, that I decided to wipe my own set up (both the Rut240 and my Linode’s VPS configuration) and try to re-create the connection that I had previously that had my miner off of relay.

To my dismay, I couldn’t get my Rut240 to connect to Wireguard again after doing this. I am no network engineer, but I spent around 3–4 days back to back trying to get this to work. I even reached out to Teltonika support a few times to see if I could troubleshoot the issue with them, but I didn’t hear anything for a while.

In fairness to them, I did eventually get a response. Unfortunately, by the time that they reached out (a few days ago from the date that I’m writing this), I had already returned both of my Rut240’s in favor for a different router that Mo#3110 on Discord claimed to have success with: the GL.iNet GL-x750v2.

In my experience, the Rut240’s support for the Wireguard VPN seemed like an afterthought. It had to be installed manually (only after you update the Rut240’s firmware), and its UI felt quite clumsy. Some folks have had better luck setting up OpenVPN on the Rut240, since it seems like Teltonika has programmed better support for that VPN into their routers. I don’t have much experience with OpenVPN, so I decided to follow Mo#3110s advice and swap router’s with one that had better support for Wireguard.

👨‍⚖️ So… the verdict?

Within an hour or so of unpacking the new GL.iNet GL-x750 router, I had my miner off of relay over a cellular connection.

At a high level, I found the admin interface on the GL.iNet device to be much more user-friendly and easy to work with. Their support team is also quite responsive, even reaching out on Telegram to answer my questions.

Long story short, if you managed to get the Rut240 to work, lucky you! Otherwise, I highly recommend you switch over to using the GL.iNet GL-x750v2.

✨ The (Updated) Guide ✨

🖥 Part 1: VPS / Wireguard server setup

Fortunately, all the steps for setting up a WireGuard server for the GL.iNet-GLx750 to connect to are the same. I have chosen to omit that part of the guide here to keep this guide short and sweet. If you don’t have a Wireguard VPN running already, or would like to run through it again from scratch, you can follow along in my previous article under the section labeled 🖥 The Guide: deploying a VPS for your mobile hotspot.

🛑 Prerequisites before continuing…

After finishing the VPS setup step from my previous article you should have:

• An IPv4 address for your Linode server (should look something like xxx.xxx.xxx.xxx)
• Wireguard successfully running on that Linode server
• A private/public key-pair for the Wireguard Interface running on your VPS (privatekey / publickey)
• A private/public key-pair for the router that you are using (hotspot-privatekey / hotspot-publickey)
• Your GL.iNet router device. In this guide I use GL.iNet GL-x750v2, but the walk through also works for other GL.iNet devices like the Mango.

If you are missing any of these, I highly suggest you go back to the last article and re-create a Linode server with a Wireguard. I know, it seems extreme, but this is a bit of an exact art, and it’s better to start with a fresh slate than a… er… dusty one.

📟 Part 2: Configuring the GL.iNet GL-x750v2 router

Alright, let’s do this.

First, insert the SIM card you got from your carrier into the back of the GL.iNet router. Make sure you also installed all the necessary antennas it came with before powering on!

Ok, plug it in. Now, after a minute or so, it should show up in your computer’s Wifi list. For the GL.iNet GL-x750, it should show up as GL-X750-...-5G.

Connect to it.

Log into the router’s admin tools by visiting 192.168.8.1 in the browser.

You will be prompted with a language selection page. Select your language, to proceed to a password setup page (you may need to enter the default credentials written on the back of the router’s box before it prompts you to change the admin password).

Once you’re logged in, you’ll see a pretty sweet looking admin interface.

📡 Setting up the VPN Connection

Let’s get this router talking to our Wireguard server.

Click on “VPN” > “WireGuard Client” in the side panel.

Go to the “Management” tab, and click “Add New Profiles”

You should see a form to fill out for the Wireguard interface and peer. Fill it out with the following details captured in this screenshot:

Note that content in < > brackets is meant to be filled in. In the case of the private / public keys, please copy and paste the content from the files that you generated in previous steps with the same name into these fields.

Click “Apply”

If your router has made a successful handshake with the Linode Wireguard server, you should see a little green dot next to “WireGuard Client” in the sidebar. If it was not successful, you will see a little yellow dot instead, like so

If you see a yellow dot, please consult my previous guide, as I list out steps to debug your connection there (keywords to look for: tcpdump — used to look at network traffic over your Wireguard connection, or systemctl status wg-quick@wg0 — used to see whether your Wireguard instance is running)

Assuming you see a nice green dot there, we’re set to move on to port forwarding!

🎈Configuring the router for Helium

Guess what? Now it’s time to plug in your miner! Go ahead and plug it into power, and either connect an ethernet cord between the miner and the LAN port of the router, or configure your miner to connect to the cellular router over Wifi. I’ll assume you know how to do that if you’ve gotten this far…

Now, back to your router admin page.

In the sidebar, head to “Clients.”

In the list of connected devices you should see your miner’s MAC address listed.

Depending on whether your miner is connected via Wifi or via Ethernet, you will need to either look for your miner’s Wi-Fi MAC or Ethernet MAC address. This should be printed on the back of your miner’s box, or on the miner.

Once you’ve found the miner in this table, make note of its internal IP address (this is its internal IP), and copy the MAC address listed in the same row.

𝌚 Creating a Static DHCP Lease

With that info handy, it’s time to set up a static internal IP address for your miner.

Background: Most router’s re-assign IP addresses to devices when they disconnect or reconnect to the network, and refresh them every once in a while. This is useful to the router for a couple of reasons, but we won’t get into that right now. All you need to know is that once you’ve set up a port forwarding rule for a device, this IP re-assignment behavior doesn’t work in your favor. We’d like to prevent the router from reassigning your miner an internal IP so that the port forwarding rules don’t stop working when that happens.

So to do this, in the sidebar, click “More settings” > “LAN IP”

The page should look something like this.

Under the “Static IP Address Binding” section of the page, there should be a table. In the first column of the table, labeled MAC, you will see a dropdown where you can select the MAC address of your miner. Select the Mac that you took note of in the previous step.

In the IP field to the right, enter the IP address you took note you also took note of in the previous step (you wrote down both, right?)

🧱 Firewall Time!

Now that we’ve prevented IP re-assignment, we’re finally ready to configure the port forwarding rules.

Click “Firewall” in the sidebar

You’ll be taken to a page with a table that looks like this

In the row with blank input fields, enter the details exactly as you see them in the screenshot, except for the IP (that one is specific to me). Enter the IP address assigned by your router to your Helium miner that you took note of earlier. Hit “Add” in the rightmost column.

Connecting the 🔴’s

Now, it’s time to make sure it ummm… actually works.

First, make sure you’re connected to your router. Then, head on over to this port checking tool and enter 44158 into the port number field. Hit “Check”.

If all is working, you should see this sweet, sweet message:

If you still see that the port is closed, double check all the values that you entered in the previous steps! If it still says closed, please check out my last article, where I wen’t a little more in depth into how to debug your Wireguard connection with tcpdump.

IMPORTANT: You cannot run a port checker test without plugging in your miner to the router and turning it on first. This seems obvious once someone tells you, but I fell into this trap the first time I set all this up.

And you’re done!

Well almost.

👨‍💻 Connecting to your miner remotely

Technically, at this point, you’re finished. After a day or so of waiting for the blockchain to recognizing your fancy new setup, your miner should officially be off of relay.

However, you’re not gonna wanna miss this last step…

One benefit of using a VPN like Wireguard in the way that we are, is that it makes it very easy to remotely monitor your hotspot or the cellular router itself. The best part? It’s completely secure, and doesn’t involve exposing your miner to the public internet.

You can lord that over the folks who managed to get their hands on static public IPs 😉 (although admittedly there are ways to secure your remote connection even when you’re using public static IPs, it’s just a bit more complicated)

Anyway, if you are using a miner that allows you to connect to it directly on your local network, this step will let you access your miner remotely! If you don’t have a miner that has that feature, you can skip this section to the one after labeled: 📶 Connecting to the GL.iNet GL-x750 router remotely.

To get to the point: add the following port forwarding rule to make your miner’s IP address accessible remotely via a secure Wireguard tunnel:

The IP 192.168.8.110 is the internal IP assigned to my miner by my specific router. You will use the the same IP you used for your 44158 port forwarding rule, not the one in the screenshot.

Then, from the computer which you have been using to SSH into your Linode Wireguard server, run

$ ssh -L8080:10.0.1.2:8080 root@ ‹ip of linode server›

You now have opened a direct, secure tunnel to your Helium miner. Visit localhost:8080 in any browser, wait a few seconds, and you should see the “homepage” of your Helium miner (what you see here will depend on the brand of miner you have, and whether it hosts a website at its IP or not).

📶 Connecting to the GL.iNet GL-x750 router remotely

You can also tunnel to the GL.iNet GL-x750 router itself! This can be really useful for monitoring data usage, or checking in on your Wireguard VPN connection.

However, before I show you how to tunnel into the admin tools of the router itself, I want to pass along the fair warning that rbrtio#1507 from the Helium discord gave me: this is playing with fire.

It is very easy to accidentally update a setting over a remote connection to your cellular router that disconnects you from the VPN tunnel that you’re currently using. As a result, this could render you without any ability to connect to your miner remotely until you go in person to undo your changes.

I’m just trying to save you an unnecessary 2 hour trip here 🤷‍♂️

With that precaution out of the way, all you need is the following additional port configuration:

Once that rule has been added, run:

$ ssh -L9090:10.0.1.2:9090 root@ ‹ip of linode server›

With a little bit of patience (the page will take a while to load over a cell connection), you should now be able to log in to your GL.iNet GL-x750 router by visiting localhost:9090 in your browser.

🎊🎉🎈Fin 🎊🎉🎈 Look at you! ya did it!

If you made it through this guide successfully, you should have your miner off of relay over a cellular connection, AND (as a bonus) a method of remotely connecting to your miner and to your router to monitor your setup.

📜 A note from the author:

As always, feel free to @ me with my Discord handle switz#1985 I write these guides and answer questions in Discord in my spare time. If this guide helped ya earn some HNT, consider buying me a coffee… or or a Popeyes chicken sandwich… or an antenna:

HNT Wallet:

13bLi78qskZov4AbvWCWFwGX6odmxLbxbvN5z2FjsreGS4zLEJb

ETH Wallet:

0x67a10EDdD58c9B5E22c689c83a5F0b8B4d6DF273

About The Author

Oliver Switzer is an ex-physics graduate and now a senior software engineer. He has 7 years of experience working with various server and client-side languages, as well as XP & agile development best practices. He is passionate about helping startups and large companies make a social, creative and environmental impact using technology.