Question about new Drop In Gateway feature

I am very intrigued by the new Drop In Gateway feature. According to the network topology map here:

the Gl-Inet router is to be connected directly to the main router and there are no devices connected to the GL-Inet router. Yet the GL-Inet router is able to affect all other devices on the local network. I don’t understand how the GL-Inet router affects devices that are not connected to it.

At a guess, all local clients must be reconfigured via DHCP to use the Drop In gateway device as their default gateway, thus forcing all internet traffic to go through GL-Inet device. Is this correct?

I use a different DHCP server than that which is on my router (the DHCP server is on a local switch). I don’t want to use the GL-Inet device as a DHCP server. Will Drop In Gateway work if I just reconfigure my current DHCP server to tell all clients that the default gateway is the GL-Inet device?

Final question: Can the GL-Inet device acting as a Drop In Gateway be configured to get its LAN address from my DHCP server or does the GL-Inet device insist on being in charge of its own LAN address?

The current documentation describes a scheme for version 4.1 firmware that uses ARP spoofing to get clients to send traffic to Drop In Gateway. This solution is not very stable.
In version 4.2, we will change it to another solution that uses DHCP. This solution requires the user to either disable DHCP on the main router to use DHCP on Drop In Gateway, or to modify the gateway (DHCP Option 3) that the DHCP server on the main router sends to the client as the Drop In Gateway IP.

@ yuxin.zou I am not a big fan of the implementation in firmware v.4.2 as this adds the whole network dependency on the GL-iNet device.
With Drop In Gateway on firmware v.4.1 I was able to manually select devices that can use GL-iNet router as a dedicated VPN gateway.

Is there any plan to have maybe both implementations in the future firmware?
At the moment I am stuck with firmware v.4.1 as this is exactly what I need in my networking setup.


1 Like

We have no plans to re-add the ARP spoofing method yet. Drop In Gateway with ARP spoofing is prone to unstable audio and video calls and games. This problem cannot be solved. A feature that causes network instability after a simple setup is much more costly for us.
However, we will discuss releasing Drop In Gateway with ARP spoofing as a plug-in.

Drop In Gateway with ARP spoofing as a plug-in?.. is the plug-in already available?

It’s not on the list of development plans at the moment…

I bought the Brume 2 so that I can get certain clients onto a VPN server, but not all. Currently with firmware 4.2, all clients are routed through the VPN, which slows internet access considerably for most of the users, when only a few need the VPN. Is this the only way under 4.2?

Should I downgrade to firmware 4.1 in order to get the ARP spoofing method working? You mentioned that it is unstable. In what way is it unstable?

So it adds latency at the very least, dropouts at the worst, impacting VoIP, Zoom & similar… & ‘online gaming services’.

In simple terms, ARP spoofing works by periodically sending fake ARP packets to the clients. But the main router is also sending correct ARP packets. This causes the ARP cache on the clients to change constantly. When it changes, it is easy to have intermittent disconnections.

I think current implemantation is better than ARP spoofing, but It’s not need DHCP by GL-inet’s VPN gateway.
all I need to do is route to the VPN gateway with my main router.
GL-inet’s VPN gateway can’t disable DHCP by current implementation.