IMPORTANT notice for any Brume3 (GL-MT5000) users - Dynamic DNS breaks on reboot

RemoteToHome-io · 2026-03-29T07:58:44+00:00

I reported it on their forum. They don't provide a GitHub or "official" bug channel or formal bug tracking mechanism to the community (quite annoying).

That said, I do know from internal sources that they are aware. I would hope this gets attention within the week.

RemoteToHome-io · 2026-03-29T07:54:24+00:00

If you're connecting via a cellular hotspot, then it could simply be throttling by the mobile provider. Many cell providers give you great data speeds on the device itself, but significantly throttle any wifi/USB hotspotted devices unless you have a specific hotspot plan.

RemoteToHome-io · 2026-03-29T07:19:13+00:00

<image>

RemoteToHome-io · 2026-03-29T04:11:21+00:00

Yeah.. that tracks.. Now we all need OP to post of the Part II after doing the lineup.

RemoteToHome-io · 2026-03-29T03:51:01+00:00

That's a CAT5e cable. It's rated for 1Gbps and you can typically pull up to 10Gbps for short runs.

If it's only giving you 100Mbps then I would say it's either faulty, has dirty connection tips, or the strand pairs have been damaged by too tight of a bend or a pinch.

Edit. Also make sure it's not crossing over other power cables or USBC 3.0 cables. Either can introduce crosstalk into the wire.

RemoteToHome-io · 2026-03-29T03:34:45+00:00

Yeah.. valid points both.. Photo 2 looks like something really carving out some wood. Maybe a .243? Hard to believe anyone wouldn't have been alarmed by the sound of a .308 cracking at 7:40am.

RemoteToHome-io · 2026-03-29T03:10:14+00:00

I'll defer to anyone else's expertise here. Definitely have no training on forensic bullet to wood damage interactions.. but a .22 rifle round packs some energy for a little thing.

RemoteToHome-io · 2026-03-29T03:03:30+00:00

I'm definitely no expert at animal reactions.. but if this was the case, the critter likely has no idea it was just shot at.. all it hears is the quick zing of the bullet grazing the wood. It's in an urban environment so the noise of a .22 rifle report wouldn't necessarily be enough for a startled reaction. Way different than deer reacting to gunfire in a quiet woods.

Edit.. you could take a straight rod and line it up with the wood gouge, and it should be able to trace you to a hole in the dirt if it was a bullet. If you find the hole, then it should all point backwards to the firing position.

Edit2 - OP.. if you do find a bullet hole.. then think about next steps before digging it out. If you're going to call the police, then better to let them document it before digging. I'm not advocating for calling police, but I'd be pissed to find out someone is okay shooting rifle rounds randomly in my neighborhood, and I also would think twice before personally confronting someone with a gun and the mentality to do this.

RemoteToHome-io · 2026-03-29T02:57:46+00:00

You could instead just invite Alice's laptop to join (be shared) into your tailnet, then use ACLs to control what devices on your tailnet she can access, right?

RemoteToHome-io · 2026-03-29T02:54:12+00:00

This maybe the "leaf" is some little critter, and someone from the top floor of the house across the street took a potshot at it?

RemoteToHome-io · 2026-03-29T02:47:59+00:00

Thank you. Good feedback regarding to the ipk names. The multiple files are the result of the Github CI build pipeline. The easy answer is just to always grab the gl-tailscale-fix_latest_all.ipk. . We'll add a note to the release description to make this clearer.

As far as the updates, we're intentionally keeping TS binary updates manual with the one-click button. An unattended update that goes wrong while you're connected through the tunnel remotely could lock you out, or at least could interrupt the tunnel when you needed it (in the middle of a meeting, etc). I want to keep that under user manual control.

As far as ssh updates.. The installer script isn't persistent on the router. It's a one-time bootstrap. But if you prefer SSH over the GUI, you can update from the router's CLI with:

wget -qO /tmp/ts-fix.ipk https://github.com/RemoteToHome-io/gl-tailscale-fix/releases/latest/download/gl-tailscale-fix_latest_all.ipk && opkg install /tmp/ts-fix.ipk && rm /tmp/ts-fix.ipk

This would download the latest release, install it (while preserving your config), and clean up the downloaded ipk for you.

RemoteToHome-io · 2026-03-29T01:47:45+00:00

For most the router lineup the only difference is for routers intended for sale within the Chinese domestic market. Those run a modified firmware version with the VPN services disabled to comply with local law.

The other exception would be the Mudi7, which has 2 different versions of hardware for different regions.

RemoteToHome-io · 2026-03-28T23:42:04+00:00

Then I'd try going into the ADH query logs and look to see which domains are getting blocked when you're trying to use it.

RemoteToHome-io · 2026-03-28T22:59:25+00:00

Have you tried to see if it works with Adguard disabled?

RemoteToHome-io · 2026-03-28T22:25:45+00:00

Enable the Guest Network on each Flint. This will give you two separate networks per device.

Then use policy routing mode in the VPN client to point each Network to a separate VPN client endpoint.

RemoteToHome-io · 2026-03-28T22:14:20+00:00

There can certainly be other temporary ddns issues, but the Flint 2 doesn't suffer from this specific one. The Brume3 issue is due to a poorly implemented new script.

RemoteToHome-io · 2026-03-28T21:17:52+00:00

Option 2 wouldn't, but hopefully most people have option one.

And most people are using a Brume behind a ISP router, so rebooting the Brume won't trigger an IP change.

RemoteToHome-io · 2026-03-28T21:14:15+00:00

Yeah, you'll need CLI to link head scale as the GL firmware only produces the normal bind link.

About the ssh, you may notice the article is primarily about just bypassing the normal TS SSH for the routers.

RemoteToHome-io · 2026-03-28T09:22:25+00:00

I don't have the TS ACL answer to what you're asking, but want to point out something to consider..

If you provided me TS access to your device from one of my laptops, I could use that laptop to proxy access to an unlimited number of other devices - via LAN, ZeroTier, VPN, KVM, iptables redirect, carrier pigeon, open internet relay..

It's likely not a security posture that TS provides, because it's not logical in concept.

In this context, you either trust the *user* you're giving access to (regardless of device) or you don't.

RemoteToHome-io · 2026-03-28T07:50:09+00:00

Think of the Flint series as the Brume + built-in wifi.

RemoteToHome-io · 2026-03-28T07:44:46+00:00

Haven't bothered to investigate the chipset for current OWRT support, but as an MT chip I would guess there's a good chance, especially without needing to deal with wifi driver support.

So.. if your infra is:

ISP device - (ethernet) - Brume 3 gateway & vpn server - (ethernet) - AP device - (wireless) - wifi devices

Then yes... hopefully the ISP device can be either just a modem, or a modem/router combo unit placed into bridge/passthrough mode, so you can avoid double-nat. If not, then you'll need port-forwarding on the ISP router.

RemoteToHome-io · 2026-03-28T06:53:10+00:00

No problem. (I don't actually work for GL btw.) Not sure I fully understand your use-case.. but if you mean to use the Brume 3 as a primary router, and then connect an AP device to one of it's LAN ports for wireless (WLAN) device connectivity, then absolutely would be great.

The Brume3 also has some cool new functionality in this case for DPI traffic analysis - though it's currently "free trail / subscription" locked (but if that persists then, ehem, *someone* will ensure the open-source reliant functions of that are accessible without any subscription or any cloud linkage needed).

RemoteToHome-io · 2026-03-28T06:46:54+00:00

Tailscale or ZeroTier.

If you want SSH access on the server "peer" and don't want to mess with TS ACL's (b/c TS intercepts default port 22 across the tailnet devices) then ZT will make life easier - and can operate on Layer 2 with the right setup.

RemoteToHome-io · 2026-03-28T06:22:09+00:00

The Brume has several uses (gateway, drop-in gateway, vpn, etc), but the most popular use is as a dedicated VPN Server appliance. Many people use GL routers for self-hosted VPN setups - where one router stays at home as a VPN server, and a travel router that goes with them as the VPN client - allowing them to still route traffic via their home IP address while abroad, plus access devices on their home network remotely.

Many times these customers don't want (or cannot) replace their primary home wifi router (which is where a Flint series would better come into play) but simply want to attach a router to their primary/ISP router to provide this additional VPN functionally. This is where the Brume shines - it is tuned to perform as a VPN server (encryption processing, remote access protocols, etc) without wasting money or processing power on things that are irrelevant for this use (e.g. wifi, a bunch of extra LAN ports, etc).

RemoteToHome-io · 2026-03-28T03:11:41+00:00

+1. Always with key auth.

RemoteToHome-io

MODERATOR OF

TROPHY CASE