USB tethering, pfsense router, and a VPN

I have the GL-MT300N-V2, an Android phone, and a Netgate SG-1100 pfSense router. USB tethering with the Netgate has proven to be a struggle, hence my purchase of the MT300N which makes tethering a breeze. My intention is to use the MT300N as a fully transparent device between the phone and the Netgate router, so I can experiment with the pfSense VPN server options without the MT-300N interfering in any way. I’ll be using my office or home internet service with a laptop as the VPN client. The goal in mind is to be able to eventually do this on-site at my customers’ locations after I get more familiar with the pfSense router’s many capabilities.

I’ve come across two threads, here and here, that have given me some ideas to try.

Here’s my current setup.

USB tether to GL-MT300N-V2 (usb0) → LAN (eth0.1) to Netgate WAN → Netgate LAN to laptop

I’ve unchecked the Authoritative DHCP setting in Luci. My laptop has a 192.168.1.x IP assigned from the Netgate. Incidentally, I can access administration in both the Netgate ( and the MT300N ( Very convenient, and I’m not sure why the authors of the threads I mentioned couldn’t do this. If I unplug the laptop and connect to the MT300N wifi I wind up with a 192.168.8.x IP address, and can only access the MT300N administration, which makes sense. Now comes my dilemma.

I want to access a VPN server on the Netgate, from another PC on my office or home internet service, without having to configure any firewall rules on the MT300N or have it otherwise interfere with the tunnel. Should I achieve this by changing the protocol in Luci at Network → Interfaces → Tethering → General Setup? Should I instead bridge usb0 to eth0.1 at Network → Interfaces → Tethering → Physical Settings and also disable the DHCP server on the LAN (eth0.1) interface under the Advanced Settings tab? There is another DHCP setting in Luci for eth0.1 to “Ignore interface” under the General Setup tab. At first glance this seems redundant, but I’m hoping someone here knows which of these settings is best for my use case.


There is some network knowledge in it. In your router, the device can be accessed from LAN-> WAN, this is no problem, but if you reverse, access from WAN-> LAN will not work unless you do some special settings.