Question about new Drop In Gateway feature

I am very intrigued by the new Drop In Gateway feature. According to the network topology map here:

the Gl-Inet router is to be connected directly to the main router and there are no devices connected to the GL-Inet router. Yet the GL-Inet router is able to affect all other devices on the local network. I don’t understand how the GL-Inet router affects devices that are not connected to it.

At a guess, all local clients must be reconfigured via DHCP to use the Drop In gateway device as their default gateway, thus forcing all internet traffic to go through GL-Inet device. Is this correct?

I use a different DHCP server than that which is on my router (the DHCP server is on a local switch). I don’t want to use the GL-Inet device as a DHCP server. Will Drop In Gateway work if I just reconfigure my current DHCP server to tell all clients that the default gateway is the GL-Inet device?

Final question: Can the GL-Inet device acting as a Drop In Gateway be configured to get its LAN address from my DHCP server or does the GL-Inet device insist on being in charge of its own LAN address?

The current documentation describes a scheme for version 4.1 firmware that uses ARP spoofing to get clients to send traffic to Drop In Gateway. This solution is not very stable.
In version 4.2, we will change it to another solution that uses DHCP. This solution requires the user to either disable DHCP on the main router to use DHCP on Drop In Gateway, or to modify the gateway (DHCP Option 3) that the DHCP server on the main router sends to the client as the Drop In Gateway IP.

@ yuxin.zou I am not a big fan of the implementation in firmware v.4.2 as this adds the whole network dependency on the GL-iNet device.
With Drop In Gateway on firmware v.4.1 I was able to manually select devices that can use GL-iNet router as a dedicated VPN gateway.

Is there any plan to have maybe both implementations in the future firmware?
At the moment I am stuck with firmware v.4.1 as this is exactly what I need in my networking setup.


1 Like

We have no plans to re-add the ARP spoofing method yet. Drop In Gateway with ARP spoofing is prone to unstable audio and video calls and games. This problem cannot be solved. A feature that causes network instability after a simple setup is much more costly for us.
However, we will discuss releasing Drop In Gateway with ARP spoofing as a plug-in.

Drop In Gateway with ARP spoofing as a plug-in?.. is the plug-in already available?

It’s not on the list of development plans at the moment…

I bought the Brume 2 so that I can get certain clients onto a VPN server, but not all. Currently with firmware 4.2, all clients are routed through the VPN, which slows internet access considerably for most of the users, when only a few need the VPN. Is this the only way under 4.2?

Should I downgrade to firmware 4.1 in order to get the ARP spoofing method working? You mentioned that it is unstable. In what way is it unstable?

So it adds latency at the very least, dropouts at the worst, impacting VoIP, Zoom & similar… & ‘online gaming services’.

In simple terms, ARP spoofing works by periodically sending fake ARP packets to the clients. But the main router is also sending correct ARP packets. This causes the ARP cache on the clients to change constantly. When it changes, it is easy to have intermittent disconnections.

I think current implemantation is better than ARP spoofing, but It’s not need DHCP by GL-inet’s VPN gateway.
all I need to do is route to the VPN gateway with my main router.
GL-inet’s VPN gateway can’t disable DHCP by current implementation.

I let my question here because it is related to the drop in gateway feature.
I’ve read the doc about this feature, but I must admit I don’t understand anything.

First, here is my context and requirements:

  • I have a freebox Ultra. I don’t want to get rid of its WifI features and of its WiFi 7 repeater.
    So one of my requirements is to keep the freebox ultra as a router.
  • I love the adGuard feature of the Gl.Inet routers. So I want to keep my Flint 2 as a connection option in my network.
  • I’d like the multi-WAN feature on the Flint 2 to failover to a tethering connection for all clients on my local network (while the Flint 2 is configured as a drop-in gateway)

My current setup is this:

  • Main routeur is the freebox Ultra with DHP enabled on the 192.168.1.x subnet
  • Second router is Flint2 with its WAN port connected to the Freebox LAN. Flint has also his DHCP enabled on the 192.168.8.x subnet.

I would like to enable communication between clients connected to both routers without restrictions.

  • For example, I want to be able to access the Freebox server file sharing from a device connected to the Flint 2, and access devices connected to the Flint 2 from a device connected to the Freebox Ultra. (With local name resolution.)
  • I would also like all clients connected to both routers to be able to use the AdGuard feature on the Flint

The Gl.Inet documentation states that I should disable DHCP on the main router when configuring the Flint 2 as a drop-in gateway with the “all devices in” option. However, my Flint 2 is currently getting its internet connection through its WAN interface, which is configured as a DHCP client of the Freebox Ultra.

How will the Flint 2 get its IP address if I disable DHCP on the Freebox Ultra?
How does it work when drop-in gateway is activated?

Additionally, how should I configure the Freebox Ultra to delegate DHCP to the Flint 2’s DHCP server over its WiFi and LAN connected client ?

I hope I’ve been able to make myself clear despite my poor english.
Thank for your understanding.

DHCP is only for assigning IP addresses. If you disable it, you will have to give your Flint2 a static one. It could be just the one you currently use.

All in all, I would not recommend keeping the Freebox’ Wi-Fi enabled. I don’t know those boxes, and it might create additional issues. Best way always: Stuck with just one router or use all the other ones as access points only.

Im am not even sure if Drop-in + Multi-WAN works, I don’t think so tbh.

1 Like

Brume 2 is limited to 150Mbps when using OpenVPN and 355Mbps when using Wireguard, in theory.
Usually it is much slow than this.