GL.iNet Brume 2 Security Gateway Review

The GL.iNet Brume 2 Security Gateway is marketed as a lightweight VPN Gateway for remote access.

Running on Open Source OpenWrt firmware that supports thousands of ready-made plugins such as WireGuard, OpenVPN, Dynamic DNS (DDNS), Tor Anonymity and AdGuard Home all managed from within a custom Admin Panel front-end.

Brume 2 is available with two different case options, a lavender colour ABS plastic (GL-MT2500) or the frosted aluminium alloy (GL-MT2500A) featured in this review.

Though both models share identical hardware specifications, physical dimensions and functionality, the ABS plastic GL-MT2500 version weighs only 60g in comparison to the 157g aluminium alloy GL-MT2500A case.

A lower price point on the ABS plastic case may be alluring among budget conscious consumers, however, the aluminium alloy case is significantly more durable — current online retail pricing is $59.00 and $79.00 respectively.

Contents of the retail box includes everything required, a GL-MT2500A, 5V/2A USB Type-C interchangeable wall plug power adapter, an Ethernet cable and instruction cards.

The Brume 2 GL-MT2500A enclosure is extremely compact, weighing only 157g with external dimensions of the unit measuring 70 x 70 x 22 mm. Design suggests the device is intended to sit stationary on a flat surface, so there aren't any mounting holes on the backside of the housing or an included bracket to allow for wall mounting — overall construction is sturdy so no need to worry about also tossing it in a travel bag.

Top side of the device features LED indicators for at-a-glance status of the System and VPN.

I have a few observational gripes regarding the LEDs though. First, System LEDs illuminate either blue or white depending on device status, white is too subtle against the frosted aluminium case and makes it very difficult to view in a well lit environment. Comparatively the white LED may be a better contrast against the lavender colour ABS plastic (GL-MT2500) case, but I do not have the ABS version on hand to confirm this.

Secondly, the VPN status indicator is a little confusing as it's configured to turn on only when a VPN Client is active, instead of when a VPN Server is enabled or both client & server. This is intentional to prevent users from accidentally connecting to the Internet without an active VPN client connection. Good news is that this functionality most likely can be adjusted with a future firmware update. It would be great to have the ability to control the VPN LED behavior, for example illuminate solid for client, slow flash for server, fast flash for both client & server.

I've reached out to GL.iNet regarding this matter and they have informed me that this has caused confusion among other users and my feedback has been forwarded to their product team.

Neither of these grievances are substantial issues, but certainly can be improved upon.

Facing frontward starting on the left side is a Gigabit Ethernet (1GbE) LAN port, a 2.5 Gigabit Ethernet (2.5GbE) WAN port, USB 3.0 (Blue) port and a 5V/2A USB Type-C power port.

The USB port can be used for tethering a device such as a smartphone or USB Modem, in addition to network storage supporting Samba, WebDAV and DLNA protocols.

Right side of the unit features a multi-function repair/reset button if you cannot access the web-based admin interface. GL.iNet documentation doesn't clarify what exactly the "network repair" function attempts to perform, but a reset will reset the device firmware back to factory default settings.

Opening up the enclosure we get a better look at the Printed Circuit Board (PCB). Brume 2 is powered by a MediaTek MT7981B SoC (Filogic 820 platform) dual-core ARM Cortex-A53 64-Bit processor with base frequency of 1.3 GHz. On-board is 8GB of Samsung eMMC storage (KLM8G1GETF-B041), 1GB of Nanya DDR4 Memory (NT5AD512M16C4-JR) and of course the aforementioned 2.5GbE WAN / 1GbE LAN ports.

The hardware thermal design of the unit is passive cooling and though fully enclosed without any ventilation, the entire housing acts as a heatsink, barely warm to the touch while under operation. Nothing to be concerned with as the hardware is also backed by 1 year warranty.

Software

Initial setup consists of a few steps to get up and running. Simply connect the device to your network or directly to a PC/laptop, navigate to the Admin Panel address from a web browser to choose a preferred language and set your Admin password. Configuration on the other hand is where you'll spend majority of your time as the GL.iNet Brume 2 Security Gateway has an overabundance of use cases thanks to OpenWrt supporting thousands of ready-made software packages.

OpenWrt is popular Open Source router firmware that the Brume 2 runs, more specifically OpenWrt 21.02 with Linux Kernel 5.4.211 alongside a custom Admin Panel (version 4.1.1) front-end.

From a user experience perspective the GL.iNet custom Admin Panel is absolutely one of the best router interfaces I've ever used. Everything is purposefully thought-out, from the well organized menu hierarchy to a visually appealing design that is both responsive and consistently intuitive — no unnecessary elements that leave you bewildered.

All functionally you'd expect from a device of this nature is present and then-some. DHCP server, Multi-WAN, Drop-in Gateway mode, MAC Clone, IGMP Snooping, IPv6 support, NAT, Firewall with Port Forwarding, Open Ports, and DMZ — it's all there.

That being said, keep in mind the Brume 2 doesn't have WiFi so we're limited to Router or Bridge mode, other network modes such as Access Point, Extender and WDS are not an option. If you're interested in seeing all options, I've included screenshots of the navigation menu expanded in the photo gallery towards the bottom of this review article.

On the software side of things, OpenWrt offers several thousand packages to extend the functionality of your device. Simply browse, manage, and update these packages from within the Admin Panel.

Everyone has a different use cases so I encourage you experiment, but you'll definitely want to checkout the more useful preinstalled packages such as Dynamic DNS (DDNS) if you do not have a static public IP address, or AdGuardHome (similar to piHole) to block ads while surfing the Internet from any device connected to your network.

GL.iNet has shown diligence addressing vulnerabilities and bug fixes with routine firmware updates, and typically has at least 2 years of coverage for their devices. Firmware updates can be applied via Admin Panel, either automatically or manually. Advanced users familiar with OpenWrt also have the option to use the LuCI web interface for device administration.

If for whatever reason you find yourself requiring assistance or have questions, GL.iNet provides email support, an official forum and also excellent device specific documentation on their website.

Performance

System hardware resources were more than sufficient as load averages fluctuated between low to moderate for both CPU and memory under concurrent LAN & VPN mixed usage. Power consumption was recorded at: Idle 1.3W, Average 1.9W, Maximum 2.2W.

My Internet connection is FTTH (Fiber-To-The-Home) 1Gbps/250Mbps, throughput testing was ran against a hosted iPerf3 server from a Linux Desktop PC connected to a switch. I've verified the Brume 2 is able to achieve advertised VPN speeds for both WireGuard Server and OpenVPN Server. Excellent for hosting a VPN Server at home, or running a software-defined wide area network (SD-WAN) for small-medium business (SMB). I'd recommend choosing WireGuard over OpenVPN strictly for the performance gains though.

Brume 2 is also capable of VPN Cascading which is running both a VPN Server and VPN Client simultaneously, however, I personally do not use a VPN service provider so this function was not evaluated.