Brume 2 - Use as Drop-In vs Main Router

Hi again. I still try find out how to build my Home Network.

I had a FritzBox that did all before (Modem and Router)

Now I want to separate the functions in more devices which give me more configuration options and possibilities.

At the moment, i have the Brume 2 as main router connected to a DrayTek Modem.
On the Brume LAN Port there is a managed switch and on this switch, there is the FritzBox as IP Client to serve DECT and WLAN.

I have still a TP-Link ER-605 Gateway here which is much more configurable than the Brume 2 for example regarding VLANs and Firewall Settings.

An other Idea is now to use the ER-605 as main Router and add the Brume as Drop-In Gateway (I want to avoid double NAT).

So what are the main advantages / disadvantages for both options? Can I use every function of the Brume as Drop In when set it as default gateway in the ER605?

On thing I saw (in Drop-In Mode) is, that adguard gets not the IP’s, even if the option is set in Brume that AG shall manage them. It is always localhost, so it is inpossible to do a device specific filtering.

As a normal router, you can decide for yourself whether the Brume 2 or ER-605 is better for your specific purposes, in terms of performance, features, functionality, ease of use. etc.

For example, if configuration of VLAN’s and Firewall settings and multiple LAN pots are important, then the ER-605 has the advantage. If AdGuardHome is important, then the Brume 2 has the advantage. The Brume 2 runs OpenWRT which is highly configurable and has expandable functionality, but that involves somewhat of a learning curve.

There is a method to set up AdGuardHome on the Brume 2 to receive the client IP addresses for filtering. In terms of Drop-In Gateway mode on the Brume 2, what other function(s) do you want it to perform?

I do not work for and I do not have formal association with GL.iNet

1 Like

Do you have the “AdGuard Home Handle Client Requests” option enabled?

Sounds like a bug, we’ll detect it.


Yes, that is what I thought too. The Brume is more easy in config for VPN and has AdGuard integrated, but when going in the VLAN direction / Network separation for example, the ER605 is more straight forward and understandable than openWRT.

I know that it is possible with openWRT to separate it for the Brume LAN Port and I have a managed switch that can “translate” the tags to the corresponding ports, but, yes, it’s not that easy than with the ER605

I really like the AdGuard integration and VPN, which is superior integrated. However, I want avoid a double NAT because it means more unnecessary configuration regarding port forwarding that I also want to avoid. But the only way seems to be to use the Brume as main router or drop-in to reach that.

Yes, I enabled this option, however, it was still localhost.

When I use the Brume as router, it works, only in drop-in mode there seems to be an issue.

Thank you

1 Like

It looks like a BUG that needs fixing.

You can set up the Brume 2 as a standalone AdGuardHome server, in Router mode, without double NAT and without Drop-In Gateway.

This thread has procedures to set up a LAN-only server in Router mode and then to set up AdGuardHome to show actual client IPs.

You can also run VPN on the same LAN-only server by setting the default gateway IP of client devices to the IP of the Brume 2.

Thanks for the tip, this could be an option. However, I think I will solve it in a different way and life with a double nat in a part of my network.

I think I try to use the ER605 as main router and create two separate Networks.

Network 1: FritzBox as IP Client. Provides network without double nat with lan, wlan and dect. Used for Homeoffice device, phone and as a kind of DMZ)

Network 2: Brume as second router for „private“ devices. It’s a second NAT but I can use Brume out of the box functionality (with port configurations) and have a second layer of security here.

I think I can live with the doubled nat here.

1 Like

Or (would be better) do this in a third Network…

I have an ER605 and Brume as well. I tried drop in mode and found it flaky. Was causing issues remote streaming from my plex server for one, but i seemed to be encountering other ghosts when drop in mode was enabled.

I came to the conclusion that a raspberry pi was a better option for PiVPN (wireguard) and also for running Adguard. I get you weren’t thinking of adding another device. But also keep in mine you can run docker on a pi and then there are both adguard home and pivpn containers.

I originally thought about replacing my ER605 with the Brume - but ya lost other features going that way.

I’ll likely try drop in gateway again at some point

1 Like

I am in a slightly similar position and would really like to know if Tailscale actually works in the Drop-in Gateway mode (with or without VPN Client being active on the GL.iNet).