Need Help with Wireguard VPN & Brume (GL-MV1000)

Hello there,

i just bought a Brume (GL-MV1000) to access to my company via wireguard vpn during covid home office.

Company: 100/40 MBit VDSL - there is a VoIP Gateway (Zyxcel Gateway 400) with integrated modem, WAN Port is not free, so i put GL-MV1000 with “WAN” and “ETHERNET” to the Gigabit LAN Switch in Server Rack

Gateway IP 192.168.2.1 / GL-MV1000 IP 192.168.2.4 , Routing in Gateway to Port 51820

Static Routing Table 10.0.0.2/32 to 192.168.2.4 & 192.168.2.0/32 to 192.168.2.4

Wireguard Server is allowed to connect to local lan, i added " list subnet '192.168.2.0/24" to config file on GL-MV1000.

Client at Home:
Windows 10 64 Bit, newest Wireguard Client:

Config: [Interface]
PrivateKey = *******************my Key *************=
ListenPort = 25185
Address = 10.0.0.2/32
DNS = 64.6.64.6

[Peer]
PublicKey = **my Key=
AllowedIPs = 10.0.0.2/32, 192.168.2.0/1, 128.0.0.0/1, ::/1, 8000::/1
Endpoint = dyndns IP:51820
PersistentKeepalive = 25

I can connect via tunnel, but i can’t connect to my synology NAS in company “Network Drive” in Explorer, oder other Servers in Office.

Paket Loss 50%, sometimes 100%

May someone can help?

Do you use Webdav? Or windows network share? Windows network share may not work. But webdav should be OK.

Can you confirm that both the WAN port and a LAN port on the GL-MV1000 are connected via Ethernet to the same Gigabit LAN switch, so that both WAN and LAN are using the same 192.168.2.xxx subnet? The WAN IP is 192.168.2.4. What is the LAN IP?

Yes, Both are connectet to the same Gigabit LAN Switch in Subnet 192.168.2.XX

I gave GL-MV1000 the IP 192.168.2.4 . What do you mean with LAN IP ?

I used Network Drive Function from Windows 10.

What IP address do you use to access and log into the router Admin Panel? The default is 192.168.8.1.

I changed the ip for admin login to 192.168.2.4 to the same subnet as my main Router (Gateway 400 Zyxcel). The Main Router / Gateway is 192.168.2.1.

My Synology NAS is 192.168.2.3

Is your mask correct on allowed IPs? Shouldn’t they be /24 ?

192.168.2.0/1, 128.0.0.0/1

The router’s WAN subnet and LAN subnet have to be different in order to do routing. There is no routing when devices are on the same subnet and the devices use ARP to resolve layer 3 IP address to Layer 2 MAC address. Each subnet has to be on a different switch, or on a different VLAN on 1 managed switch, in order to work properly.

I do not have knowledge about the Zyxel Gateway 400 on how you can set up the Brume.

Okay , i unterstand.

It’s on a HP Aruba 2530-48G Switch, there i can setup VLAN.

So the WAN Port from Brume have to be in a Different VLAN or the LAN Port ?

I have to give Brume 192.168.8.1 to work properly?

If the Brume WAN port is moved to 192.168.8.1, then it will not have connectivity to the Internet which is on 192.168.2.xxx subnet.
If the Brume LAN port is moved to 192.168.8.1, then it will not have connectivity to the Synology NAS and other servers/devices on 192.168.2.xxx subnet.

Is the HP Aruba switch connected directly to a Zyxel LAN port? I am not clear regarding:

Ideally, the Brume WAN should be connected to the Internet with a Public IP, then the Brume LAN can be connected to the internal network on the 192.168.2.xxx subnet. Alternatively, if the Brume WAN can somehow be connected to the Zyxel with an Private IP that is not on the 192.168.2.xxx subnet, then that should work also. My understanding is that the Zyxel does not have DMZ capability that may have accomplished that.