Home networking suggestions for Brume 2

jounij · January 6, 2025, 5:12am

Hello

I have Brume VPN gateway in my home lan. I use Brume 2 VPN gateway as VPN server. I would like to get VPN connection from internet to Brume. I will need a port forward from fiber modem to Brume VPN gateway. Now i cannot do this because Brume is in another subnet.

Now network configuration is messy as follows:

Internet <--> Genexis fiber modem (LAN:192.168.1.1) <--> (WAN: 192.168.1.202) MikroTik Routerboard in router mode (LAN: 192.168.88.1) <--> (WAN: 192.168.88.251) Brume 2 VPN gateway (LAN: 192.168.88.251 ) <--> Workstation

Problem is that now there are 3 dhcp servers active.

First dhcp server is active in fiber modem using 192.168.1.0/24 network. MikroTik router gets WAN ip from fiber modems dhcp server. This DHCP server cannot be turned off.
Second dhcp server is active in Mikrotik router using 192.168.88.0/24 network. Brume gets its WAN ip from MikroTik dhcp server.
Third dhcp server is active in Brume using 192.168.8.0/24 network. Brume gets its wan ip from MikroTik dhcp server.

MikroTik router is between fiber modem and Brume so cannot directly do port forward from fiber modem to Brumes ip. I wonder could i first do a port forward from fiber modem to MikroTik router and then from there do a second port forward to Brume. Or should i put Brume in between of modem and mikrotik. Then i could do port forward from modem to brume.

Fiber modems lan ports are directly exposed to internet so i need mikrotik with its firewall in front of home lan.

Picture from network:

Any suggestions?

bruce · January 6, 2025, 9:20am

According to your requirements, combine your topology:

According to the topology you draw, nothing change, you have to turn on the port forwarding both on the mikrotik and Fiber modem.
Pay attention to config the corresponding IP and port, do it one by one:
a. config the Mikrotik (192.168.88.251:51820 -> mikrotik WAN)
b. config the Fiber modem (192.168.1.202:51820 -> ISP public IP)
If the topology can be changed, you can swap Brume2 with Mirkrotik, but it will bring a problem about the NAT of Mikrotik. You have to configure the Mikrotik's firewall to allow access from Brume 2 subnet to Mikrotik's subnet. Otherwise, if the VPN is established, it can only be access the subnet of Brume2, but cannot access the subnets and clients of Mikrotik due to the NAT and firewall.

After this swap, the port forwarding only needs to be configured on the fiber modem.

Kindly note, you can set the address reservation for the Mikrotik and Brume2 to avoid IP changes. BTW, you can also use the firewall of Brume 2 (OpenWrt), which is also very comprehensive and highly safe.

jounij · January 6, 2025, 7:21pm

Thank you for your quick reply.
I will try first with option 1 using port forwarding rules.

jounij · January 14, 2025, 8:42am

Got it working. Thanks for your advice. Much appreciated!