Hi, I would like to use Brume 2 as vpn server. I have connected Burme 2 lan port to a lan port of my main router (tplink). So as you see Brume 2 is behind my router. Now I need some clear instructions as how to setup Brume 2 as a OpenVPN server. Any help would be appreciated. Thanks.
First question why OpenVPN? I would use Wireguard instead.
As for myself, I'm using OpenVPN because it uses an additional second level of authentication when using username/password with the certificate for VPN access. For me, it doesn't matter which VPN service is faster since the bottleneck is the speed of the internet connection on each end.
Also, since the latest version of GL firmware allows me to change the routers HTTPS TCP port from TCP port 443 to something else on the Security page, I did that since I could then use the TCP port 443 for my OpenVPN server. That’s because most all open wireless networks in the world typically won’t block this port because it’s used for HTTPS (SSL) secure website connections.
Using a GL.iNet MT2500 Brume 2 VPN device inside the outside router requires setting up a port-forwarding on the primary router to the TCP port that you setup on the MT2500’s VPN service, and the ‘static’ IP address that you should have already set manually on the MT2500’s LAN port since you advised you are using the MT2500’s LAN port. I’m guessing that you set the LAN IP address manually on the same IP network as your primary router, and you disabled the DHCP server on the MT2500’s LAN network to avoid it conflicting with the primary router’s DHCP server on the network.
Setting up the OpenVPN server is pretty straight forward using the GL GUI and the how to guide. Also, after you enable the OpenVPN server, go to the VPN Dashboard and tap the ‘wrench’ ICON for the OpenVPN server to setup the ‘OpenVPN Server Options’ for ‘Remote Access LAN’ if you want that.
BTW, you might also consider using ‘Dynamic DNS’ if you don’t have a static external IP address from your internet service provider. If you do, then when exporting the client configuration certificate, you can select the ‘Use DDNS Domain’ option which will use the Brume’s DDNS registered hostname instead of your internet service provider’s randomly changing external IP address in the OpenWRT configuration file.
1 Like
Another option is to use Tailscale with the Brume 2 serving as an exit node. It solves the authentication question with certificates plus the Tailscale account login requirement. It also solves problems like DDNS, port forwarding, and CGNAT for you without any work. I've stopped using a traditional VPN servers on my home network because Tailscale is so good.