Geek Alert:
GB3MX has been relocated to Workington, but there’s a twist—the internet there is locked down tighter than Fort Knox. So, I had to get creative…
I set up the repeater to VPN dial into my home network, allowing me to forward ports through my own router. Easy, right? Well… not quite.
The Problem:
My trusty DrayTek 2862 Business Router was blocking TAP tunnel ARP broadcasts. That meant my remote VPN-connected Pi4 couldn’t be seen on the local network.
The Solution:
I ditched the DrayTek and built an open-source pfSense router using a mini PC with 3 LAN ports and a serial display. Installed pfSense via serial console using PuTTY (old school style!), and then… I had to rebuild my entire network from scratch.
We’re talking:
25 open ports
56 static MAC/IP bindings
32 firewall rules
2 OpenVPN servers
Dual WAN setup (I rely on both for work)
After 3 intense days of network wrangling, VPN over TAP is finally working flawlessly—and GB3MX now behaves like it’s hosted locally, even though it’s remote.
3 days in and it’s rock-solid.
Mission accomplished. 
