accessing modem gui via wan port

[skyeci2018]

Hi,

I wondered if anyone can help or answer a query I have please.

I wish to use a draytek vigor 130 vdsl modem (uk version) but it only has one Ethernet port. It would be great if I could access the modems gui via my lan but this would mean having to get opnsense to allow me to see the modems lan address via the wan port.

I know draytek routers and some asus routers can do this with the right commands so wondered if it would be at all possible via opnsense. I would like to be able to see the modem stats for my vdsl line without having to disconnet my qotom due to the modems 1 ethernet port...

any help or clarification appreciated.

thanks

[NightShade]

There should not be a major issue accessing the modem through the router at all.  Have you set things up and tried doing so yet?  The biggest thing is you do not want both to be using the same ip address scheme.  For instance I use a cable modem and it's internal IP address for diagnostics is 192.168.100.1   So as long as I do not use ANY address that can potentially translate to such it should be fine.  I use a 10.XXX.XXX.XXX address for my internal lan so there has never been an issue.  I can use any 192.168.XXX.XXX or 172.16.XXX.XXX  to 172.31.XXX.XXX ip address as well as long as you do not use 192.168.100.XXX in my case https://en.wikipedia.org/wiki/Private_network

The major issue that you may however come across is when the modems are setup to also act as a DHCP server/router.  Most of the time those also have multiple LAN ports as well as WiFi Access.  Not knowing if that is the case or not I can't help a ton however most of the time they can be set into a bridge mode and the above should also work.  You will also benefit of not having a double NAT with a modem in bridge mode when they want to act as a router as well.

[bartjsmit]

You will have to allow RFC 1918 addresses on your WAN connection and set up a NAT since the modem won't have a route to your internal network.

Bart...

[marjohn56]

I think you can set up a static route in the vigor to get around the NAT issue.


I've also had it working using VLAN 5. I read that somewhere on the Vigor docs but can't find it again now.

[Davesworld]

I actually have two Vigor 130s running in balanced and was able to get gui access to both of them which is considerably more complicated than a single wan. First, what type of wan connection, dhcp static or PPPoE. The latter can be done but it takes even more work. https://forum.opnsense.org/index.php?topic=8616.msg38219#msg38219

If you have PPPoE (I hope you don't, it's not great) you can actually add an ethernet interface using the device that PPPoE is using and assign it as for example, 192.168.1.2. When using PPPoE the interface shows as something like pppoe_igb0 or something like that, in the example you would then assign igb0 as a network interface and make the fixed ip in the same subnet as your modem's failsafe ip address.

If you are not using PPPoE and are using Squid ( I don't anymore) just the virtaul ip assigned to the wan and a browser using the proxy will work. The ways I outlined above will always work with  no proxy needed.

[marjohn56]

it will be IPoE -Bridged to the router and the router uses DHCP option 61 to login. So what method would you use, oh guru of the vigor 130s?

[Davesworld]

If the router uses DHCP then the virtual IP, floating rule and NAT should be fine.

[marjohn56]

Looking at your post then setting up a VIP should work nicely, although a VLAN would work. I found the VLAN settings for the 130.


Your method is much simpler though and requires no messing with the 130 per say.

[marjohn56]

You are going to use PPPoE passthrough rather than bridge?

There's no PPPoE involved, it's IPoE. There are no PPPoE password/usernames. All that info is sent in the dhcp request to the BNG.

[marjohn56]

If the router uses DHCP then the virtual IP, floating rule and NAT should be fine.

I don't have a 130, but Ned ( SkyECI2018 ) is one of my testers so I'm trying to help him. I have set up a laptop with an address of 192.168.2.1 and it's sat on my LAN segment ( different range entirely, I use 10.*.*.0 ). I then have my test OPNsense router that has a WAN address of 10.4.11.254 and a LAN net of 192.168.1.0/24


I've tried your settings but cannot get a ping to work from the LAN side of my test router.


It shows in your post that the VIP has the same address as the Vigor, is that right?

[Davesworld]

No, my virtual IP is in the same subnet as the Vigor but one different for example the Vigor is 192.168.1.1 and the VIP on the WAN of OPNsense is 192.168.1.2. This also alllows for a mask of 30. I'm not using VLAN. I also disabled the DHCP server on the Vigor even though it is already in bridge mode. I'm also only using the first Multi-PVC/VLAN entry in the modem.

[marjohn56]

Ned ( SkyECI ) I hope your reading this.

[marjohn56]

Thanks @davesworld - I've got it working testing against my laptop pretending to be a vigor and it's working fine. Don't know what I did wrong last night but tonight all is good.


I've sent Ned a PM so he can check it out himself.

[youngman]

Thanks @davesworld - Great stuff!

I'd forgotten what my Vigor130 interface even looked like!  :o

[Davesworld]

You are all welcome. It's unnerving not to be able to see if your modem is still synced at the right speed much less do firmware updates.