Reply
Highlighted
New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7
Accepted Solution

Maintaining access to Vigor 130 from USG

Second attempt at this post as my previous thread appears to have disappeared from the forum.

 

I have a USG Pro 4 connected to a DrayTek Vigor 130 modem on WAN 1.  I had no problem setting up PPPoE on the USG and have a solid connection to the internet.

 

What I don't have is access to the Vigor web interface when it is connected to the WAN port - even though I have assigned a static IP to the modem on the same subnet at the laptop (ethernet) I am trying to connect from.  Direct connection between the laptop and Vigor works but I shoudn't need to swap cables every time I need to update the Vigor firmware.

 

I found a post on the ER config -  Maintaining access to the DrayTek Vigor 130 web -interface

 

but even attempting this from the USG in CLI results in failure as the UniFi controller resets the config.

 

Thanks in advance.


Accepted Solutions
New Member
Posts: 3
Registered: ‎02-23-2018
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

Why is my previous post gone ?

The one on that reamonn reply'd on Monday 11.06.2018 (in english 06-11-2018).

Actual between Post 13 and 14.

 

I edited this post yesterday and only replaced one of the pictures (3-4 times) to remove unnessecary information like personal links in the favorites-bar.

View solution in original post


All Replies
SuperUser
Posts: 16,494
Registered: ‎06-18-2010
Kudos: 5254
Solutions: 1751

Re: Maintaining access to Vigor 130 from USG

To clarify: you tried the CLI changes and it failed? Or, the CLI changes worked, but the controller overwrites the changes?

If the latter:

https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-w...
I did it my way .... Man Happy
New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Maintaining access to Vigor 130 from USG

I got as far as adding the IP addess to the WAN port (eth2 for the WAN if I remember correctly) before the contoller removed it.  The modem was on a different subnet at this stage, as recommended.

 

I also telnet'd in to the modem (from Mac terminal, not the USG ssh session) and added the route to the modem config.

 

To be honest, I would rather do this from the UniFi controller than the CLI.

Member
Posts: 186
Registered: ‎03-23-2015
Kudos: 94
Solutions: 6

Re: Maintaining access to Vigor 130 from USG

That guide works well - just use the config.gateway.json to add the ip on the WAN interface, add firewall rules in the controller to ensure route back works and important: add routes to your main network on the vigor -rRuns well here.

You have to use the config.gateway.json to add the IP - there is no nother way to have it saved.
Member
Posts: 137
Registered: ‎03-18-2017
Kudos: 91
Solutions: 4

Re: Maintaining access to Vigor 130 from USG

Would love this to be in the UI as well.

 

I receive my internet IP via DHCP from my ISP, so setting a static ip to eth0 fails - the USG says is cannot assign a static ipv4 address whilst it is configured for DHCP.  Does anyone know how to access the modem in this configuration?

 

With my old asus router, a single command via telnet opened access to the Vigor's maintenance page.

Emerging Member
Posts: 63
Registered: ‎08-17-2016
Kudos: 15
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

[ Edited ]

@silibum wrote:
That guide works well - just use the config.gateway.json to add the ip on the WAN interface, add firewall rules in the controller to ensure route back works and important: add routes to your main network on the vigor -rRuns well here.

You have to use the config.gateway.json to add the IP - there is no nother way to have it saved.

You only need to add an IP via config.gateway.json. There's no firewall rules that will prevent access when you use pppoe - the WAN interface is ppp0, not eth0.

 

As mentioned, you do however need to add a route on the vigor to reach back into your LAN via the USG which you've already done.

 

config.gateway.json to do this (edit: on a USG, not USG Pro 4 - might be "eth2" as OP suggests, I don't have one to check):

 

{
        "interfaces": {
                "ethernet": {
                        "eth0": {
                                "address": [
                                        "<ip_of_usg_on_wan_subnet>/24"
                                ]
                        }
                }
        }
}

 

Member
Posts: 122
Registered: ‎12-24-2016
Kudos: 21
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

 

I tried to make my Vigor GUI accessable from inside, but have no success so far.

Vigor is at: 192.168.100.1

USG on internal LAN at: 192.168.0.1

 

1. generated a json on my controller to provide ip to eth0 on USG

2. IP is setted up and I can ping the Vigor from USG CLI:

 

 

Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface    IP Address                        S/L  Description                 
---------    ----------                        ---  -----------                 
eth0         192.168.100.2/24                  u/u         

 

                     

 

I can ping the Vigor from USG CLI:
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_req=1 ttl=255 time=0.457 ms
64 bytes from 192.168.100.1: icmp_req=2 ttl=255 time=0.284 ms
64 bytes from 192.168.100.1: icmp_req=3 ttl=255 time=0.293 ms

 

 

3. setting up a static route in the GUI:

Bildschirmfoto 2017-12-15 um 14.26.22.png

 

But Vigor GUI is still not accessable.

 

What doing wrong?

Cheers Markus

Controller on Ubuntu: 5.10.5 | USG Pro - 4GB RAM: 4.4.36 | 2 x UAP-AC-Pro: 4.0.16 | 1 x UAP-AC-Mesh: 4.0.16 | 1x UAP-AC-Lite: 4.0.16 | 3x US-8-xx: 4.0.16 | Vigor 130: 3.81.2 | VDSL: 100/40
Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1328
Solutions: 351

Re: Maintaining access to Vigor 130 from USG

You need to add a route from the Vigor to the USG *on the Vigor* itself.

Member
Posts: 122
Registered: ‎12-24-2016
Kudos: 21
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

that does the trick, thanks!

Cheers Markus

Controller on Ubuntu: 5.10.5 | USG Pro - 4GB RAM: 4.4.36 | 2 x UAP-AC-Pro: 4.0.16 | 1 x UAP-AC-Mesh: 4.0.16 | 1x UAP-AC-Lite: 4.0.16 | 3x US-8-xx: 4.0.16 | Vigor 130: 3.81.2 | VDSL: 100/40
Veteran Member
Posts: 4,671
Registered: ‎03-11-2013
Kudos: 1418
Solutions: 87

Re: Maintaining access to Vigor 130 from USG

Hi Guys

 

There is a lot of confusion on this topic because - 

 

the Vigor 130 sold in the USA is not configured the same way as in the UK, they should be given different numbers and are effectively different devices.

 

 

UK VERSION

 

 

The DrayTek Vigor 130 is an ADSL and VDSL modem with an Ethernet connection;
it is not a router but a true ADSL/VDSL Ethernet Modem (bridge). The Vigor 130 provides
compatibility with all current UK VDSL/ADSL technologies;
it has been extensively tested and tuned to provide a robust and reliable DSL connection. By providing a PPPoE bridge, the connected device (firewall, router or PC) can log into the Internet
(your ISP) directly and have full control over the Internet connection - that makes the Vigor 130
a unique product. You can connect any device to the Vigor 130 which has a PPPoE client facility,
which includes PCs, most Ethernet-WAN routers and the Apple
Airport/Time Capsule™ products.

 

 

US VERSION

 

The Vigor130 is an IPv6 ready compact VDSL2 router with ADSL2/2+ fallback for SOHO 
and residential broadband access requirement. This compact router is capable to manage
the latest VDSL2 feed and backward compatible with the existed ADSL line if the infrastructure
is not ready yet. Multi-PVC function makes the triple-play deployment with ease. The Vigor130 can satisfy the
different services such as Data/Video/VoIP/Management provided by ISPs by the single
VDSL2/ADSL WAN port. And its Gigabit Ethernet LAN port allows devices in the LAN network
to get faster data transmission for essential applications. Besides powerful firewall protection against malicious Denial of Service (DoS) attacks,
the Vigor130 is designed with more advanced security feature such as
Stateful Packet Inspection (SPI) to offer network reliability by detecting attacks and
prohibits malicious penetrating packets from entering internal network. For preventing
access to inappropriate websites, the Vigor130 offers URL filtering to set the
customized rules.

We need different instructions for different markets. No wonder we are all confused.

SuperUser
Posts: 13,734
Registered: ‎10-06-2013
Kudos: 4583
Solutions: 1039

Re: Maintaining access to Vigor 130 from USG

I have been labouring this point regarding the different world market versions on another thread that has been running this last week.

UK Comms & Links Engineer.


Come on you lot, Feel free to 'Mark as Solution' At least click the Kudos button. Thanks.


Top Solution Authors Leaderboard
New Member
Posts: 1
Registered: ‎12-01-2016

Re: Maintaining access to Vigor 130 from USG

Hi mbj1703,

 


@mbj1703wrote:

that does the trick, thanks!


could you post your route where & which you insert in the vigor to reach the GUI, based on the properties you mentioned above?

 

That would be great.

Thanks

Member
Posts: 122
Registered: ‎12-24-2016
Kudos: 21
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

In the LAN section go to static route and add your internal network

Cheers Markus

Controller on Ubuntu: 5.10.5 | USG Pro - 4GB RAM: 4.4.36 | 2 x UAP-AC-Pro: 4.0.16 | 1 x UAP-AC-Mesh: 4.0.16 | 1x UAP-AC-Lite: 4.0.16 | 3x US-8-xx: 4.0.16 | Vigor 130: 3.81.2 | VDSL: 100/40
New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Maintaining access to Vigor 130 from USG

This is the clearest instuctions yet, thanks.

 

The Vigor GUI for the UK version is much more limited than your screen grab with no option for static routes.  There is however a gateway address option if DHCP is activated - would this work?

 

Also, for people like myself who are not fluent in CLI - how do I transfer the json file I created in a plain text editor over to the USG?

 

I have created the config.gateway.json and tweaked to eth2 as per previous suggestions for the USG Pro 4 but am unable to copy it into the cloudkey.

 

I also tried creating a json file (in /srv/unifi/data/sites/default) in an ssh session from Mac terminal, but am unable to edit the file with Terminal.  I even tried going through a unifi switch debug terminal and ssh-ing into the cloudkey - which gave me an edit command but I was not able to navigate to /srv/unifi/data/sites/default.

 

Maybe I'll just give up and carry on patching directly to the Vigor when firmware updates are released....

New Member
Posts: 3
Registered: ‎02-23-2018
Solutions: 1

Re: Maintaining access to Vigor 130 from USG


@Reamonn wrote:

There is however a gateway address option if DHCP is activated - would this work?

 

I found the labeling "Gateway" misleading, too.

"Source" would be better

 


@Reamonn wrote:

Also, for people like myself who are not fluent in CLI - how do I transfer the json file I created in a plain text editor over to the USG?


I use WinSCP for this purpose.
It's like a NortonCommander.
My connect-settings are:

2018-06-11 23_01_26-Anmeldung.png

New Member
Posts: 3
Registered: ‎02-23-2018
Solutions: 1

Re: Maintaining access to Vigor 130 from USG

Why is my previous post gone ?

The one on that reamonn reply'd on Monday 11.06.2018 (in english 06-11-2018).

Actual between Post 13 and 14.

 

I edited this post yesterday and only replaced one of the pictures (3-4 times) to remove unnessecary information like personal links in the favorites-bar.

New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Maintaining access to Vigor 130 from USG

Kudos to t-huber - and very annoying that your previous post has disappeared.

 

This is probably my final appeal for help on this.  Feels like I am close to a solution but have hit a brick wall.

 

I used the json config from an earlier post and successful squirted that into the USG PRO 4 with WinSCP after testing it on JSONLint, giving the WAN port on eth2 (for PRO4 rather than eth0 for a USG?) the ip address:

 

Screen Shot 2018-06-30 at 15.32.30.png

 

I can ssh into the USG (192.168.1.1), can ping the Vigor 130 (192.168.0.253) from the USG, and I can telnet into the Vigor to enter the static route back to the USG:

 

Screen Shot 2018-06-30 at 15.13.00.png

 

I can ping local IP address from the telnet session.  

 

But I cannot ping the Vigor from anywhere other than the USG SSH session and cannot access the web GUI.

 

 I even tried setting a static route on the controller - once the static route setting on the Vigor failed, but I was trying anything by that stage.

 

Screen Shot 2018-06-30 at 17.01.28.png

 

Thanks in advance.

New Member
Posts: 35
Registered: ‎03-10-2016
Kudos: 58

Re: Maintaining access to Vigor 130 from USG

[ Edited ]

I've already done this. The default route on your Vigor 130 is (always) set to the WAN (of your Vigor) and not your LAN (of your Vigor). This will result in that the returning route of you trying to access the web GUI management is going somewhere else where you want it to go.  Therefor you must not forget to add a route on the Vigor 130 to your LAN (and the subnet of your managing network). Once you add that route and finish the JSON (to keep the routes towards your Vigor 130 on management) you will be able to reach your Vigor 130 web GUI management.

UAP-AC-LITE:    4.0.10.9653
US-8-60W:     4.0.10.9653
USG-PRO: 4.4.36
UniFi SDN: 5.9.29 (Debian, local ESXi VM)
New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Maintaining access to Vigor 130 from USG

I did - see:

 

"I can telnet into the Vigor to enter the static route back to the USG:"

 

using:

 

ip route add 192.168.1.1 255.255.255.0 192.168.0.253 static

 Results (again) from 'ip route status' on the Vigor:

 

Screen Shot 2018-06-30 at 15.13.00.png

New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Maintaining access to Vigor 130 from USG

I'm going to give @t-huber the accepted solution as his mysteriously deleted post was the only one that had suggested using the pseudo-ethernet setup in the json file.

 

I did find a blog external to the forums that was also very useful.  I won't include a link in case it breaks any house rules but the author's name was Owen Nelson.

 

For anyone else you has struggled with this, here is the json config that worked for me (on USG PRO 4):

Screen Shot 2018-06-30 at 19.34.26.png

 

And the static route set on the Vigor 130 was:

 

ip route add 192.168.1.0 255.255.255.0 192.168.0.100 static

 

Good luck.

 

P.S. Ubiquiti - your UniFi GUI is a joy to use in every other way so could you not add this funtionality to the controller rather that let people like me mess around with json files?  I almost regreted getting a USG instead of an EdgeRouter over this.

 

Reply