Hopefully someone can point me in the right direction (or will tell me it can’t be done )
I bought the Brume 2 - MT2500 with the main reason to have a better VPN solution but because I saw it also runs AdGuard by default I thought, great I can get rid of my PiHole setup!
Based on an Edge Router (SFP) setup I’m struggling to get the MT2500 working just behind it, connected to the ERX (via LAN port on the MT2500). I have 2 VLANs configured for the main LAN and IoT, so the drop-in gateway function will not help me running DHCP servers on both VLANs, also not really fund of the principal.
Will try to explain my setup and current challenges.
ERX (with SFP module) configured as a router + switch → MT2500
Main VLAN = 192.168.2.x
IoT VLAN = 192.168.5.x
ERX router = 192.168.2.1
MT2500 = 192.168.2.2
DHCP servers on both VLANs pointing DNS to the MT2500
ERX Firewall rule to accept DNS server 192.168.2.2 (this works also with the current PiHole in the main VLAN) within IoT VLAN.
The MT2500 is currently configured with de LAN port static IP within my main LAN, running AdGuard. The DHCP server(s) on the ERX point DNS to the MT2500 and that works just fine for the main LAN (having internet + AdGuard filtering), but the IoT VLAN doesn’t work.
Further configured an OpenVPN server (allowed via the ERX NAT), which connects with my client (via 4G) from outside, but no internet + LAN access when the tunnel is up. I can access the Brume itself when connected via VPN, but further nothing is accessible + no internet.
How can I use the MT2500 behind the ERX router/switch just with my LAN? Is the Brume firewall blocking this and/or can I disable this blocking DNS traffic, VPN issues?
OpenVPN server also works now, but only with local internet breakout! When I add the “redirect-gateway def1” + “dhcp-option DNS 192.168.2.2”, internet is broke on the client. LAN access still works.
Next stop;
how to get DNS working for the 192.168.5.x VLAN, because this is still not functioning.
how I get my internet traffic through the tunnel, loading websites + using my own DNS/Adguard server 192.168.2.2