Brume 2 as bridged router

I want to use the Brume 2 only for its WireGuard server/client and AdGuard Home capabilities.
I plan on getting the TP-Link X75 mesh wireless which does not have the WireGuard or AdGuard.
If I connect the Brume as « Bridged » to my modem and connect the Brume’s LAN port to the TP-Link’s WAN port will all the clients traffic of my network be going through AdGuard and will I be able to remotely connect to my home network?
Of course TP-Link will be handling DHCP and AdGuard the DNS
In the meantime, could this be achieved with my existing Beryl GL-MT3000? (Can’t see any bridging option anywhere on the Beryl’s web admin)

Do you want brume to work in bridge mode? It should work in router mode to fulfill your requirements, as both functions depend on NAT and DNS

Yes, I wanted to use the Brume only for the AdGuard and VPN server.
if I put it in front of my main router (Wirekess Mesh) the clients on my network won’t be able to reach it.

I think you should put brume in front of the wirekess mesh, in which case both AdGuardHome and VPN are in effect.

Thanks.
If I do that, how will the traffic from my wireless clients in my network be able to reach the Brume?

Traffic will always be send to front router, so it will always reach brume2.

I have a similar question. I have an ISP modem/router that I cant out into bridge mode. I also use an Orbi in full router mode. Where do i put the Brume2 for AdGuard and VPN duties. Thanks

I got a Brume2 for this exact same reason and was able to make it work behind my TP-LINK router.

Brume2 handling all DNS requests using AdGuard, and acting as a Wireguard Server

Connect Brume to your router like any other computer using the WAN port on the Brume 2. This is how it will stay permanently.

Connect a laptop to the LAN port and set it up. Leave it in DHCP mode (your TP Link router will assign Brume 2 an IP – make sure its fixed/reserved so it stays the same). Activate your services (Adguard, Goodcloud DNS & Wireguard Server)
Go to Network > Firewall and open port 80 (for web config), 3053 & 53 (for DNS). These ports will be open to your LAN, not to the internet.

Unplug your computer from the LAN port. Now, you you are free to log in to it from your LAN.
Create your wireguard profiles. Edit the .conf file and point the DNS server to your Brume2 (using your router’s assigned IP)

Note the Listen port in your wireguard server and port forward that on the TP Link so it can listen for incoming wg connections. Go to Network > DHCP Server and set the Brume 2 IP address as Primary DNS. This way all computers in your network will use AdGuard for DNS (I’m using the Archer C2300, your menu might be different).

Don’t forget to turn on “Allow Remote Access LAN” on your Brume’s WG options so clients can access your LAN resources if you wish. (VPN Dashboard > VPN Server > click on the ´gear´ icon under wireguard)

Main router (tp link) will still handle DHCP for your LAN. Brume2 will only assign wg IP’s.

7 Likes

If my main router is on 10.0.0.1, should I reserve a fixed IP for the Brume?
Also, what Network Mode did you set the Brume2 to? Bridged, Access Point…etc

Network mode: Ethernet, acting as a router. (i.e.: default mode)
I did reserve an IP for the brume on my main router, otherwise the Wireguard port forwarding will break

2 questions:

  1. do you see your client devices IP in Adguard Home or just localhost?
  2. is Drop-in gateway Mode enabled on your Brume2?
  1. Just localhost for all devices connected to the main router.
  2. It’s disabled. DHCP is handled by the TP Link router. DNS is handled by Brume2
1 Like

Hey man I’m in need of some serious help lol can I contact you outside of here to chat faster about setting up this brume 2 as main router for vpn,adh. The past 2 days I have spent like 8 hours easy trying different things to get this damn thing to work about to give up, made posts, here, Reddit, no luck!

Please help lol ):

I’ve just bought a Brume 2 & would like to have it siting between my Virgin media superhub (modem mode) and my eero pro 6, so that I can use the wireguard VPN & adguard.

I’m a complete noob, so looking for some guidance & think this thread might help?

I have everything plugged in & have a white light on my brume 2.
I think I need to set up port forwarding, but the IP address currently showing begins with 86.16 … which I believe is the virgin local ip address from the superhub.

The eero won’t allow port forwarding from that ip address, so I need to change it on the brume 2 (I think), but not sure what to put in the options if I click on modify (static IP, netmask, gateway, dns, etc.).

My understanding is that “Modem Mode” on the Virgin Media SuperHub is is also referred to as “Bridge Mode”, so the router function is disabled. In this case, the IP address beginning with 86.16… is a Public IP address that is directly on the Internet and you should not need to set up port forwarding.

The Brume 2 should be in router mode to run WireGuard and AdGuardHome. The Eero can be in Bridge Mode (Brume 2 will be your main router), or it can be Router Mode (you will have double-NAT).

I do not work for and I do not have formal association with GL.iNet

3 Likes

Hi, thank you for this helpful information. Exactly what I was looking for.
Would the VPN client mode (connecting to 3rd party VPN service) also work with this setup?

1 Like

I would say No, unless you play with iptables and routing. You could connect to a 3rd party VPN if using the Brume2 as your gateway, meaning you have to connect devices directly to it’s LAN port.

You could, however, use the Brume as a bridge between your ISP modem and your LAN, in other words, let the GL.iNET router be the DMZ device and all your LAN should ‘hang’ from it, effectively leaving it as your main router.

Ok great! Thanks for the feedback. I’ll experiment with my Brume 2 once I receive it.

I can’t seem to figure out why I can’t connect. It works when I’m on wifi at home but not via cellular.

My very first setup with the brume was putting it between my modem and google wifi. It works (phone says home IP via cellular + vpn on) but nothing behind google wifi is exposed as I can’t set it to bridge mode.

I wasn’t planning on using adguard. Is this required if I want my setup to be modem → google wifi → brume?

I don’t really understand how your setup looks like.

If you can’t set Google Wi-Fi to bridge mode you need to do port forwarding. If this isn’t possible, your setup won’t work.