VPN Router On My Network

Routers VPN, DNS, Leaks
1

Hello Friends,

I have been doing a lot of research here and elsewhere, and testing and even trying pFsense and things and I’m at my wits end (and my family are the same) - and I’m wanting to come here for some sanity and advice.

I have a ZimaOS based media box (for now) that acts as my media server on a mini pc. That minipc connects directly to my Orbi router and then out to the real world of the internet.

Now … I have docker stacks for all of my “arrs” and downloaders through a complete docker stack with Gluetun as my VPN. BUT - when the system reboots, things break - restart policies break and stuff doesn’t work (and I’m having an issue with docker - we won’t go ther). BUT I need things on this box to go through a VPN for obvious reasons.

MY PLAN was to get something like a Beryl? or Brume?(vpn router) and use it as a “VPN DEVICE” that would go like this.

ZimaOS media box …. to Beryl? / Brume? …. to Orbi …. to Internet via my cable modem.

Basically using the Beryl as a “man in the middle” for privacy. (The current Orbi setup is locked in stone for family / business reasons and we don’t wanna change it - and yeah I know about double NAT if we put two routers together)

What I need is:

1 - All traffic from the ZimaOS Media device goes through the VPN out to the world for privacy.
2 - I will have Tailscale on the ZimaOS Media device for remote management of the device
3 - *I need to be able to access the ZimaOS Media device on the LOCAL LAN network with static IP

-* First question - Can this be done with one of the GLINET VPN routers (I would turn off wireless)?

  • Second question - Any suggestions on HOW to set it up with a Beryl / Brume for example? Details and would be helpful to this tired mind of mine (working on this for three weeks UGH)

Seriously … any help would be seriously appreciated by me and by my family.

I am a happy user of a GL-X3000 for another location and love GLINET devices so, I don’t mind investing in another piece of hardware here to get this to work!

THANK YOU IN ADVANCE and YES I will continue to dig here for more infomation!

3

Hi

Based on your requirements,

following should meet your needs.

Your topology would look like what you assume:

ZimaOS media box  <--> Brume/Beryl AX <--> Orbi <--> ISP modem

For sending all ZimaOS traffic through the VPN, simply enable the VPN on the Brume/Beryl AX.

Since all outbound traffic from the ZimaOS device will go through the VPN, you may want to run Tailscale on the Brume/Beryl AX rather than on the ZimaOS box to avoid routing Tailscale traffic through the VPN.
Tailscale - GL.iNet Router Docs 4

To allow LAN which connected to Orbi access to the ZimaOS device with a static IP, enabling DMZ on the Brume/Beryl AX is sufficient since it is the only device connected to it.
Port Forwarding - GL.iNet Router Docs 4

4

The support like this is why I LOVE your products! Thank you!

One final question about the last part - would the Brume be set as a router (DHCP) to hand the IP to the ZimaBox - or - via Orbi after setting the Brume to DMZ? I am “familiar” with some of that but a bit “fuzzy” on that last step

I know I’m being like a kid asking lots of questions (haha) but making sure o do this right and not disturb the family’s internet life hahahaha

5

The Brume will work in router mode and be connected to the Orbi using either DHCP or a static IP.
Then, enable DMZ on the Brume for the ZimaOS media box.

The network layout should look like this:

Orbi (LAN 192.168.1.1/24)
    <--> Brume WAN (192.168.1.x/24 via DHCP or Static IP)
Brume LAN (192.168.8.1/24, DMZ pointing to 192.168.8.x)
    <--> ZimaOS media box (WAN 192.168.8.x/24)

To avoid IP changes, set up DHCP address reservations:

  • On the Orbi, reserve an IP for the Brume WAN interface.
  • On the Brume, reserve an IP for the ZimaOS media box.

Refer: LAN - GL.iNet Router Docs 4

Devices on the Orbi LAN can access the ZimaOS media box using the Brume's WAN IP.

1 Like