I got my Brume2 today and started setup. I can connect to it through WireGuard and OpenVPN and internet traffic will go through my home. However, I can't access any device on my LAN. I tried a lot with adding various routes/combinations but nothing seems to work and I sure miss something here.
(C) assigns own IP addresses to all network devices, thus is a different network than (B). For now I'd want to keep it that way even though I could make (B) my primary DHCP for the whole network.
How do I need to setup routes to allow e.g. my phone to connect to (D) when outside my home?
I think that the WiFi router (C) could be the culprit if you use the Brume 2 only as a gateway. In theory the Brume 2 gives all open connections to the WiFi router, and, if you have something closed on C, perhaps could affect to the connections.
For D working as a server online when you're connecting It elsewhere you should configure the Brume 2 as Dynamic DNS to the IP of D.
Thanks for your reply. How can I figure out whether the WiFi router is the issue? So far it seems like the routing table needs some tweaks, so that requests for certain IP ranges do not go towards the WAN (A) but towards the WiFi router (C).
I could make Brume2 a client of the WiFi network itself but then Brume wouldn't add the benefit of AdGuard and such to the whole network, unless I use the drop-in gateway option and change the whole network config.
Let's assume that (A) uses a 192.168.0.0/24 network, (B) uses the default 192.168.8.0/24 network on LAN. The VPN (B1) uses a 10.0.0.0/24 network, VPN clients thus get a 10.0.0.x address when connected. Now lets further assume that (C) uses a 192.168.1.0/24 network.
Is my assumption right, that the routing table must be as follows:
192.168.1.0/24 (target) - 192.168.8.x (gateway)
But when this routing is applied, in the log it says: daemon.notice netifd: wgserver (27935): RTNETLINK answers: Network unreachable.
So I assume I need to tell Brume2 somewhere that there's another network behind the WiFi router that is connected to Brume2, which Brume2 only knows as a client of it's own network. Normally, the WiFi router should tell Brume2 that there's a network it manages and that Brume2 should forward respective requests. Or does the target in the routing need to be the VPN gateway instead?
Do I have an error in my thinking? Clearly, I'm not a network specialist but have quite some understanding of IT other than that.
Login to your webgui, head over to "VPN Dashboard" scroll down to "VPN Server" and find the Wireguard server, select the 3 dots / cog icon and then toggle ON "Remote Access LAN "
Hi j2zero, that option is turned on. The only IP I can reach from the VPN, is the Brume 2 itself but not the WiFi router that even has an IP assigned by Brume2.
After reading your posts again it seems like the WiFi router is doing some DHCP / routing which also could be causing double NAT.
In your current setup, using the drop in gateway feature would probably make it all work, however If possible I would just recommend you start your network layout again.
For example. I have the brume 2. My current setup is this ONT (Modem) > Brume 2 (router/DHCP) > switch (LAN ethernet) > access points (WiFi)
Now, I'm not sure why you want to keep your WiFi router handling the DHCP, you state you could make (B) the brume 2 handle DHCP, well if you can then do so, it will make it all a whole lot easier.
So first thing to do would be to disconnect any LAN ports on the "WiFi router" and turn the WiFi router into an access point, either by enabling access point mode or disabling the DHCP server and just allow the SSID to broadcast.
You will then need to connect the WiFi router back to the brume 2 like you currently have.
Any direct ethernet clients usally need to go back to the brume 2 and not be connected to your WiFi router. The brume 2 only has one LAN port hence the need for a switch that will connect to the brume 2 Lan port and from there (the switch) you can then connect the hardwired clients and WiFi router / access point(s)
Your WiFi router might allow you to use the LAN ports when in access point mode, so you may or may not need to run them back to the brume 2. My WiFi is provided via access points so therefore they need to go back to a switch.
All clients will then be handled via the brume 2, including the wireless clients. They will all show inside the brume 2 gui and mobile app too, the only thing that will look "wrong" is that all clients will appear as "wired" as technically your WiFi router is wired to the brume 2.
All the features inside the brume 2 should then work without any issues. Adguard, parental controls, VPN etc.
I figured that could be a solution. There are 2 things why I didn’t do this so far: I have some devices connected to the router which have a fixed IP address assigned that I would need to make changes to. Secondly all my tests so far didn’t allow me to connect to the WiFi router using the address assigned by the Brume2. The only device I can reach is Brume2 itself but not it‘s only client. It‘s like a bridge from VPN to the private network is missing.
You can change the brume 2 to use the DHCP range of the WiFi router and then reserve/ assign each client that you want to be "static" to be safe I always ensure these devices are outside the DHCP range.
As for accessing the router interface, again this could probably be due to NAT and your different subnets being unable to talk. Doing the typology that I suggested would ensure a smooth transition and a better network layout that will probably "just work"
