Brume 2 Bridge mode question

decided to purchase Brume 2 and Beryl AX. However, I am currently experiencing a problem with Brume 2, while Beryl AX is easy to configure.

I want to achieve the following:

  1. Run a WireGuard server on Brume 2.
  2. Access the Brume login page ( while using my current WiFi router.

Here is my current setup:

  • XFINITY modem in bridge mode, with an Ethernet cable going to my Asus router, which provides WiFi.

Here is what I have done so far:

  • I connected an Ethernet cable from the WAN port of Brume to my Asus LAN port.

  • The Asus router assigned an IP address to Brume, which I set to be static.

  • I was able to log in to the Brume page and enable Bridge mode, but then I lost the VPN section.

  • I switched back to network mode and changed it to Router, which brought back the VPN option.

  • On the main router, I port forwarded port 51820 (UDP and TCP) to the Brume IP address.

  • I connected back to the Brume and enabled DDNS.

  • I changed the WireGuard server IP from to 10.20.0.X/24 because XFINITY uses for their home router gateway.

  • Then, I created a WireGuard client config, making sure to reference the DDNS URL instead of my public IP address.

I don’t need adblock on Brume because my Asus router already has the adguard server running on custom Merlin firmware. All I need is a WireGuard server.

My question is why does the WireGuard server only work in router mode and not in bridge mode? Is there a way to run the WireGuard server in bridge mode, as that is my preference?

Please keep in mind that I am still new to networking, so any help would be greatly appreciated!

GL GUI/firmware has heavy customizations ‘under the hood’ that automate approp. routing, firewall configuration when setting up WG in Client or Server mode. If you’re looking for something more than that, you can always log into LuCI & set up manual configuration(s) (GL GUI → System → Advanced Settings). The caveat there is that you’ll have better luck posing LuCI-based questions on the OpenWrt forum as you’ll be pretty much ‘out of scope’ of what the GL firmware is designed to do.

However to your second goal: it may be easier to just put the Asus unit into AP mode & put it it behind the Burme 2. That way everything will be within the VPN tunnel & you should be able to use the Burme 2’s GL GUI.

You can, technically, expose the GL GUI to be managed by ‘remote access’… but that’ll mean incoming connection attempts to its port 80 or 443 from the WAN side (from the Burme 2’s perspective) will be accepted. I can’t recall where it is ATM in the GL GUI but it’s in there. If you know the Asus unit will also be providing routing/firewall duties that may not be an issue… just don’t forget to keep it upstream fr the Brume 2.

thanks so i decided since my current setup is working i am going to leave as is