Traffic will always be send to front router, so it will always reach brume2.
I have a similar question. I have an ISP modem/router that I cant out into bridge mode. I also use an Orbi in full router mode. Where do i put the Brume2 for AdGuard and VPN duties. Thanks
I got a Brume2 for this exact same reason and was able to make it work behind my TP-LINK router.
Brume2 handling all DNS requests using AdGuard, and acting as a Wireguard Server
Connect Brume to your router like any other computer using the WAN port on the Brume 2. This is how it will stay permanently.
Connect a laptop to the LAN port and set it up. Leave it in DHCP mode (your TP Link router will assign Brume 2 an IP – make sure its fixed/reserved so it stays the same). Activate your services (Adguard, Goodcloud DNS & Wireguard Server)
Go to Network > Firewall and open port 80 (for web config), 3053 & 53 (for DNS). These ports will be open to your LAN, not to the internet.
Unplug your computer from the LAN port. Now, you you are free to log in to it from your LAN.
Create your wireguard profiles. Edit the .conf file and point the DNS server to your Brume2 (using your router’s assigned IP)
Note the Listen port in your wireguard server and port forward that on the TP Link so it can listen for incoming wg connections. Go to Network > DHCP Server and set the Brume 2 IP address as Primary DNS. This way all computers in your network will use AdGuard for DNS (I’m using the Archer C2300, your menu might be different).
Don’t forget to turn on “Allow Remote Access LAN” on your Brume’s WG options so clients can access your LAN resources if you wish. (VPN Dashboard > VPN Server > click on the ´gear´ icon under wireguard)
Main router (tp link) will still handle DHCP for your LAN. Brume2 will only assign wg IP’s.
6 Likes
If my main router is on 10.0.0.1, should I reserve a fixed IP for the Brume?
Also, what Network Mode did you set the Brume2 to? Bridged, Access Point…etc
Network mode: Ethernet, acting as a router. (i.e.: default mode)
I did reserve an IP for the brume on my main router, otherwise the Wireguard port forwarding will break
2 questions:
- do you see your client devices IP in Adguard Home or just localhost?
- is Drop-in gateway Mode enabled on your Brume2?
- Just localhost for all devices connected to the main router.
- It’s disabled. DHCP is handled by the TP Link router. DNS is handled by Brume2
1 Like
Hey man I’m in need of some serious help lol can I contact you outside of here to chat faster about setting up this brume 2 as main router for vpn,adh. The past 2 days I have spent like 8 hours easy trying different things to get this damn thing to work about to give up, made posts, here, Reddit, no luck!
Please help lol ):
I’ve just bought a Brume 2 & would like to have it siting between my Virgin media superhub (modem mode) and my eero pro 6, so that I can use the wireguard VPN & adguard.
I’m a complete noob, so looking for some guidance & think this thread might help?
I have everything plugged in & have a white light on my brume 2.
I think I need to set up port forwarding, but the IP address currently showing begins with 86.16 … which I believe is the virgin local ip address from the superhub.
The eero won’t allow port forwarding from that ip address, so I need to change it on the brume 2 (I think), but not sure what to put in the options if I click on modify (static IP, netmask, gateway, dns, etc.).
My understanding is that “Modem Mode” on the Virgin Media SuperHub is is also referred to as “Bridge Mode”, so the router function is disabled. In this case, the IP address beginning with 86.16… is a Public IP address that is directly on the Internet and you should not need to set up port forwarding.
The Brume 2 should be in router mode to run WireGuard and AdGuardHome. The Eero can be in Bridge Mode (Brume 2 will be your main router), or it can be Router Mode (you will have double-NAT).
I do not work for and I do not have formal association with GL.iNet
3 Likes
Hi, thank you for this helpful information. Exactly what I was looking for.
Would the VPN client mode (connecting to 3rd party VPN service) also work with this setup?
1 Like
I would say No, unless you play with iptables and routing. You could connect to a 3rd party VPN if using the Brume2 as your gateway, meaning you have to connect devices directly to it’s LAN port.
You could, however, use the Brume as a bridge between your ISP modem and your LAN, in other words, let the GL.iNET router be the DMZ device and all your LAN should ‘hang’ from it, effectively leaving it as your main router.
Ok great! Thanks for the feedback. I’ll experiment with my Brume 2 once I receive it.
I can’t seem to figure out why I can’t connect. It works when I’m on wifi at home but not via cellular.
My very first setup with the brume was putting it between my modem and google wifi. It works (phone says home IP via cellular + vpn on) but nothing behind google wifi is exposed as I can’t set it to bridge mode.
I wasn’t planning on using adguard. Is this required if I want my setup to be modem → google wifi → brume?
I don’t really understand how your setup looks like.
If you can’t set Google Wi-Fi to bridge mode you need to do port forwarding. If this isn’t possible, your setup won’t work.
I applied port forwarding to the brume. Just 51820 UDP right? Are the other features (adguard / goodcloud) required?
None of the other features are required if you only want to use the brume for incoming WireGuard VPN.
brume WAN port connected to my LAN switch
on google wifi settings, the brume is reserved to 192.168.86.11 and UDP 51820 forwarding to 192.168.86.11
This seems off. When I check the wireguard connections it shows the google wifi (gateway) IP rather than my cell phone?
I don’t get it. Why should it show the IP of your cell phone? What’s your goal?
I would advise you to create a new topic with all details (How to get support quickly) and maybe a network diagram.