I have the Brume-W GL-MV1000W and for a long time it was a great VPN gateway device, paired with Mullvad, which was a great turn-key option for a good VPN with port forwarding. Despite being limited to five ports, at least they were reserved and the ports were easily obtained through the account UI (to add the port forward into the Brume-W itself and any downstream applications).
I'm exploring if I can get ProtonVPN working with my Brume-W in the same way. With the available documentation, I've been able to get the Brume-W configured with ProtonVPN under Wireguard in a standard configuration. However, when I look at the ProtonVPN port forwarding documentation (How to manually set up port forwarding | Proton VPN), it looks like a terminal script is needed to first allocate a port, and then to loop to keep the port allocation for the duration of the session.
Has anyone been able to accomplish the above on any GLiNet device? This is starting to seem beyond the capabilities of the Brume-W GL-MV1000W, but I'm hoping someone has solved this. I really like my Brume-W as a tidy little VPN hardware gateway with a reliable kill switch, and I would rather not have to cobble together a Raspberry Pi solution just to be able to run this port forwarding script. Thanks in advance to any helpful input!
Thanks for replying! So if I'm following right, your suggestion is to try installing the OpenWrt over the GliNet firmware on the Brume-W, and that should give me command line access and access to natpmpc. Is that right?
I use wireguard / openvpn port forwarding with Flint 2 and it works fine for my servers behind CGNAT though I have used Torguard and as of recently switched to AirVPN. I use the default GliNet firmware…
Hold up. natpmpc is available in the OWRT 23.05.x feeds. I don't see why it would be in the default GL.iNet ones. if you can opkg update && opkg install natpmpc that should give you enough to script that while loop required to keep the port open.
If it is not in the GL.iNet opkg feed, we'd have to ping, oh, say, @bruce (Hi, Bruce!) of GL support to ask them to compile version 20230423-xxx (or newer) & add it to their repo.
FOLLOWUP: It's v20150609-3 in the default OWRT v23.05.x feeds. Can GL.iNet backport v20230423-xxx to theirs? v20230423-r1 is available in the default OWRT feeds for SNAPSHOT so it's probably available in OWRT v24.10.
Here, this is a modification of Proton VPN's example to make it more appropriate to run on your device (ie: POSIX-compliant, logging):
#!/bin/sh
# requires natpmpc 20230423-xxx or newer
# 'logread -e proton-vpn' will show any logged errors
# https://protonvpn.com/support/port-forwarding-manual-setup
while true; do
natpmpc -a 1 0 udp 60 -g 10.2.0.1
natpmpc -a 1 0 tcp 60 -g 10.2.0.1 || { logger -p notice -t proton-vpn 'error with port forwarding (via natpmpc)' ; break ; }
sleep 45s
done
exit 0
logread -e proton-vpn will show any logged errors.
I need this for my GL-AR300M16-ext as well. Wondering if I can just install natpmpc myself from the command line? Or will that send me into dependency hell?
If it became available as part of the latest firmware we’d love you forever @bruce!