Where and how to add Brume 2 in my network

Rennie · June 14, 2023, 6:42am

I want to purchase a Brume 2 and integrate it into my existing network. Goal is to use the Brume 2 as a WireGuard server (replacing the OpenVPN server on my Synology NAS) and also use the Brume 2 as an ad blocker (via Adguard Home).

Current situation:

Sagemcom modem in Bridge mode → Netgear router → TP-Link Deco → Switch → Synology NAS configured with OpenVPN server and several other devices

Where in my network can I best place the Brume 2? And which mode should I use?

LupusE · June 14, 2023, 7:01am

As the Adguard is only a DNS, you can place it whee you want in your Subnet. But the main Router (more precise DHCP server) needs to advertise this as DNS server not itself.

For Wireguard there are 2 Options:

NAT
Put the Brumme behind your main Router and set up a portforwarding (UDP!) For your configured port at the Brumme.
Direct
Just replace your Netgear router with the Brumme, and configure the services. I can imagine your Netgear has more LAN ports, so maybe you need a switch behind.

In my experience the way 1. is faster, but you will adjust and rebuild more often than you can imagine over the time. The way 2. will be more work with quite a downtime at the beginning, but with the effort, because the Brumme with its power and OpenWRT below is a reliable and good main router.

But all this depends on services you are using or want iti use n your network.

Rennie · June 17, 2023, 1:16pm

Dear LupusE, thanks for your reply. I have installed the Brume 2 behind my router Option 1 aboveP. However now I cannot reach my Synology NAS. Do I need to forward all the ports I configured on my main router in the Brume?

LupusE · June 17, 2023, 3:16pm

The answer is: it depends.
Is is hard to tell without knowing your network.

You almost never need to forward all ports. But you need to know the used ports.

If the Synology is inside your Wireguard, you definitely need no extra ports forwarded from internet to your Brumme. You just need the routing.

Most issues I’ve seen, that people try to setup a VPN within the same subnet as the LAN. … But it would be helpful to know your subnet configs.

Rennie · June 17, 2023, 4:42pm

Thank you for your quick reply. Now it’s getting a bit complicated for me. As my knowdlege does not reach that far. The Synology nas is behind the Brume 2. I did not enable the Wireguard VPN yet on the Brume and the NAS is not reacheable via the xx.yy@synology.me adress.

What do I need to provide exactly?

LupusE · June 17, 2023, 6:07pm

Without VPN the issue could be the same.

You’ve got an IP address from your provider. This is WAN.
Than you’ve got the Netgear, that translates all your LAN to your WAN. This is called ‘NAT’ (Network Address Translation).
If you start a connection from your LAN to the WAN, the Netgear knows where to rout the answer. But no request from the WAN can reach your PC, without portforwarding.

Now the Brumme makes the same in default router mode. But the WAN for the Brumme is your LAN.

So if you reached your Synology before, just set the portforwarding from WAN to the Brumme IP and on the Brumme to the Synology.
But behind a double NAT some network magic, like UPNP does not work. So just deactivate magic and define the ports.

If we are talking about the DynDNS service from your NAS, … We need more information about the authorisation. Ports, protocols, … Just use any reliable alternative.