GL-MT300N-V2 - VPN Server Only

rashuge.com · August 10, 2022, 7:11pm

I have a GL-MT300N-V2. The device is simple enough. I would like it to do VPN Server only though. I bought a eero mesh system for my home and it does not allow for static routes. I would like to setup the device in a mode other than router that provides my ability to VPN into my network, utilize my existing DHCP, and be able to access the other devices on my network. Is this possible?

I did have the device setup. Both the LAN and WAN ports were connected to my internal network and I had the WAN setup with an internal IP address coming from DHCP from my eero and the LAN was the default (different IP range) and I had the VPN server setup to use my local network. This appeared to work except it had issues with detecting other devices on my network as devices attached to the GL.

Would love to see a mode setup for VPN server only where we can connect up the WAN or LAN, setup the VPN server, then have it connect and access the network.

alzhao · August 12, 2022, 9:00am

If you want to set as vpn server only, this is what you should do:

connect wan port to your eero system
set up vpn server, e.g. wireguard server
set up port forward on your eero system to the mini router

Then it works as vpn server and you should be able to access it from the Internet.

You mentioned that “detecting other devices on your notwork”. I am not sure what you mean because it looks like you are setting as vpn client.

rashuge.com · August 12, 2022, 2:34pm

I have done this and it works. In the connected device list for the Router page, it shows some wired and some wireless devices even though they are not connected to the GL-MT300N-V2. Like it has devices connecting to it but not really.

alzhao · August 15, 2022, 7:19am

They are on your main network, right?

It should be a bug in older firmware. The router list all devices may have arp packet to the router.

rashuge.com · August 29, 2022, 10:30am

What I found is that when my actual router reboots, devices are jumping onto the GLs dhcp. Is there a way to disable dhcp for the device at all?

alzhao · August 29, 2022, 10:31am

How do you connect? Can you draw a simple diagram?

rashuge.com · August 29, 2022, 2:48pm

I want to only use the device as a VPN server. I have no other purpose for it and the Eero unfortunately doesn’t have the capability without breaking the pay wall for monthly service fees.

alzhao · August 29, 2022, 3:17pm

You should not connect the LAN of GL router to the switch which created a loop.

You can use www.astrorelay.com to repeat your server if you cannot set up port forward on your eero

rashuge.com · August 29, 2022, 5:18pm

Right, I had put in a tech support request to run ONLY the VPN server. This is not currently possible. The device has been working just fine, the LAN output that it has is serving up a different subnet. When asking for advise on this forum it was indicated that it would be just fine. Unfortunately that has proven to not be the case. This was the only way to get to the devices on my network through the VPN server. If I can disable the DHCP, then I have the ability to keep the “recommended” configuration for VPN server only and access my local LAN via the VPN server.

LupusE · August 29, 2022, 6:16pm

I don’t see why it is not possible to run a VPN Server on the MT300N-V2. As far as I read the thread, it is working well. It just can’t be reached, because of your infrastructure.
Put exact this device with exact this configuration at any router and add a simple port forwarding and you can use the Mango as VPN Server. Right?

Why can’t you just follow the advice and plug out the LAN? There is no DHCP running on WAN. And the VPN will be still available.
And depending on the setup you are able to reach the admin panel as well, within the VPN.
Or plug LAN behind the Eero direct on the router (the DHCP, I assume?). With a little luck the delay to the clients is big enough, that the router is ale to answer first.

DHCP requests are not subnet aware. Client asking FF:FF:FF:FF:FF:FF: “hey, has someone data for me?”, any DHCP which is first reply “hey, gotcha friend. here are your data” … And FF:FF:FF:FF:FF:FF (broadcast) is not part of any subnet, as we all know. Not a Mango issue, that’s how it works.
If you’ve hat a different VLAN and a managed switch, it could work. But with a normal switch, you’ll have a ‘race condition’ problem with two DHCP. And even if you’ve solved this, how will be the further routing? The Clients from subnet A won’t be able to easily reach subnet B…

But to make it easy:

Disable DHCP 1:
Put router in ‘Bridge Mode’. This should disable DHCP Server.

Disable DHCP 2:

login to your router via ssh
edit the file /etc/config/dhcp
add option ignore '1' at the end of block config dhcp 'lan'

Disable DHCP 3:

Open ‘LuCI’
Network - Interfaces: LAN - Button: [Edit] - Tab: ‘DHCP Server’
Subtab ‘General Setup’ - Option: ‘Ignore Interface [x]’

All not tested, because my Mango is on a roadtrip for 4 weeks. I’ve got only FW 4.x devices here.

rashuge.com · August 29, 2022, 7:00pm

There is no bridge function on this device. If you only have the WAN plugged in, then you only get to the VPN server and none of the devices on the network. If you have both plugged in and disable DHCP, then you do not have a dual DHCP setup.

Thank you for the clarification. I really do appreciate the explanation of DHCP and the like, am long time veteran of IT. This device is just a vexing little device for it’s simplicity and complexity at the same time. Once I got the LuCI installed, I was able to disable the DHCP on the interface or “ignore” it to be more specific, I have had no issues since then. The device works as I would expect now as a VPN Server only that is able to access my network devices.

Again, thanks for the help LupusE. That was the missing piece I didn’t have.