MT3000 as VPN AP with access to LAN

Hello! Hope the title makes some sense. I probably have some very simple questions here but I'm not at all network savvy and I hope you may be able to help me with my ideal setup. I will describe what I currently have and what I wish to achieve since I would probably get the technical terms wrong.

I have the Beryl MT3000. Its WAN port is connected to my ISP router's LAN port. I have a Wireguard VPN (Mullvad) set up and working nicely. Devices connected to the Beryl can access the interface on and all the devices connected to it are getting IPs like 192.168.8.x.

I however can't access my ISP router's page at nor can I access my NAS which is connected to it. On the Beryl, on the VPN Dashboard I enabled Remote Access LAN for Wireguard but that didn't seem to be the correct setting.

Is it possible to set up such that I can access everything on ISP router's LAN while all the Internet traffic goes through the Wireguard VPN on the Beryl?
Maybe instead the Beryl can get an IP like and then my laptop and other devices can get 192.168.1.x?

Anyhow, if this makes little sense I will try to explain myself better. Thanks in advance!

EDIT: Forgot to include this necessary information.

  • Which router (which model?) are you using? Beryl GL-MT3000
  • Which firmware version is in use? v4.6.0 Beta
  • How is your router connected to the Internet? Explained in post
  • Which DNS server do you use? I am not sure if safe to post this. (DNS from Ethernet shows 2 IPs I think from my ISP and DNS from Wireguard show one from Mullvad I think. The mode is set to Automatic)
  • Do you use DHCP or static IP addresses. DHCP I think, the default.

Did you try the 'Access Point' ubder 'Network Mode'?

VPN functionality doesn't seem supported while setting the Network Mode to Access Point. The option completely disappears from the web interface.

VPN does not work in AP mode because AP mode is bridge and VPN does not route your data.

For your scenario you should stay in router mode and enable this option in vpn client global options.

Otherwise all of your data goes via vpn and shield your ISP router.

1 Like

Thank you alzhao! This option is working.
Is it somehow possible to combine this with the kill switch option in case the VPN connection drops?

Should be OK. Just try.

What I mean is, it does not seem possible to set "Allow Access WAN" while "Block Non-VPN Traffic" is enabled.

Right. Kill switch is very strict and remove all the policies.