Hi guys
Very excited since I just received my Beryl 3000!
Since I’m rather new to the security side of things I have two small questions:
- I was contemplating if a VPN would be worth it? In 8 months I’ll be leaving for a year long trek around Asia so I would assume a VPN would be beneficial then, but until then I’m not sure the reduced speed is worth the added security.
- I read a little bit on the privacy guides and on Sun Knudsen’s youtube about Mullvad’s free DNS over HTTPS and DNS over TLS. And while I will admit I don’t have a deep knowledge of this, I was wondering if this was possible to use with my Beryl or if something like Adguard already takes care of this. If it is possible, could someone provide me a quick rundown on where to look? I assume it would be Adguards upstream DNS?
Thanks for the help guys!
Cheers
Setting up DoH or DoT is pretty simple on the routers web interface:
- On the webpage, click the “network” tab in the side bar, then “DNS”
- change mode to “Encrypted DNS” and choose whichever encryption type you want to use.
- Select either Cloudflare or NextDNS if using DoT, or add one or more DNS servers if using DoH. Cloudflare and NextDNS are good options here too, but there’s plenty to choose from.
Regarding your VPN question, the Beryl AX can sustain about 300 mbps in either server or client mode using Wireguard. Most places you travel to will not have internet service that even comes close to 300 mbps, and if there is faster internet available, its pretty much irrelevant unless your work requires you to upload hundreds of gigabytes of data every week.
I have two Beryls and they work great. Good speeed.
Server and client
*
Thanks for the guide! Does that mean I dont have to do anything in the adguard settings? I had setup the adguard upstream dns to the mullvad one but I guess that was wrong 
Oops I missed your part about adguard home. Since that becomes your dns server, you’ll have to set the upstream dns servers in the adguard home settings page and enable dnssec. Go to the settings page link in the adguard home tab of the routers web interface, click the three lines in the top left of the page and select settings > dns settings; from there, copy and paste the address for either tls or https into the “upstream dns servers” box, or use another one of your choice, then check the box for DNSSEC below, and test the servers to make sure it’s configured correctly.
At night, I sometimes hit GIG speeds.
So I think I succeeded in adding the mullvad dns to the upstream but the encryption is not turning on:
Try switching it to port 853 and see if the box is still grayed out. Thats the port for TLS instead. It’s possible the routers web interface is running on port 443.
Edit: I just verified on my router than the web interface does run on port 443, so unless you can disable that it seems like you’ll have to use TLS instead.
