Hello, I am hoping for some advice on the Brume 2 and where to place it in an existing network. I am a total novice at this so any help is appreciated.
I’d like to use the Brume 2 solely for a hardware VPN client, behind an existing router, so only one device in the local network can connect to a VPN 100% of the time. This device can’t run a sw vpn itself and I’d like the other devices to continue to connect outside of the VPN to the internet thru the existing router as they do now.
I was hoping to plug the WLAN of the Brume into the LAN of the router, then anything plugged into the LAN of the Brume would connect via VPN. Also leave the DHCP on the existing router.
Is this a possible/correct use case for the Brume if I really do not need any other features but the VPN client? Or should I connect the Brume in a completely different way?
What network mode should be used if I place it behind the router? Drop in Gateway, Bridge Mode, or regular router?
Would I also have to setup which device (by MAC address) uses the VPN connection in the VPN profile or will just using the LAN port of the Brume force the VPN connection all the time?
I was hoping to plug the WLAN of the Brume into the LAN of the router, then anything plugged into the LAN of the Brume would connect via VPN. Also leave the DHCP on the existing router.
Sounds good.
What network mode should be used if I place it behind the router? Drop in Gateway, Bridge Mode, or regular router?
For sure not Bridge Mode. I’m not sure what’s the difference between the other 2. I used whatever was the default.
Would I also have to setup which device (by MAC address) uses the VPN connection in the VPN profile or will just using the LAN port of the Brume force the VPN connection all the time?
By default all traffic goes through VPN. Just remember you need to enable VPN first. You can also enable VPN kill switch (recommended) and consider forwarding all DNS through the router.
Every time you change any config settings, connect to your Brume with a device with a browser and go to https://ipleak.net to verify if you aren’t leaking to the clearnet (traffic and DNS). I’d consider getting GT-MT3000, because it’s the same device but with WiFi, so it’s more convenient to connect from a distance and verify.
For sure not Bridge Mode. I’m not sure what’s the difference between the other 2. I used whatever was the default.
I believe the default mode is router; drop in gateway is an option but needs to be enabled. Others recommended DIG, so glad you had success with default router mode. Seeing I only need 1 device to use VPN, I don’t see the need for DIG mode. Thus some of my confusion on determining the correct network mode for my use case too.
Will definitely enable VPN kill switch. (Block Non-VPN Traffic)
Forward DNS to the router.
Then what about VPN Dashboard global policy settings?
I wouldn’t want to use Global Proxy because I only want one device to use the VPN, correct?
So use Policy Mode “b” - based on client device and it’s MAC address?
No need for a VLAN in this simple setup either I think.
Sorry, I wrote “Global Policy” when I meant “Global Proxy”. In your setup, the only device connected to the Brume is the device you want to go through the tunnel, so Global Proxy would work. But Policy Mode limited to the MAC address would work to do that too, but means that other devices connected to the Brume would go outside the tunnel unless you set up another rule.
Hi. I am a new Brume 2 (and novice networking) user and I am using it as my main router with my Google Nest Wifi set up in bridge mode. I too have two devices (my Android TV’s) set up to use Wireguard VPN full time, with my other devices on regular Internet.
I set the VPN to use the Policy Mode “Based on Client Device” indicated above. You cannot currently set the Global Policy to block non-VPN traffic as normal traffic will not get through (regardless of whether they are excluded/included via policy). Instead, I have a kill-switch for those MAC addresses using custom firewall rules in Luci.
