Reply
Highlighted
New Member
Posts: 32
Registered: ‎12-16-2016
Kudos: 9

Re: Maintaining access to Vigor 130 from USG

[ Edited ]

There is a variation to this which is part of the current setup for igmp:

"interfaces":{
      "ethernet":{
         "eth0":{
            "address":[
               "192.168.2.100/24"
            ],

 

Emerging Member
Posts: 81
Registered: ‎06-14-2018
Kudos: 28

Re: Maintaining access to Vigor 130 from USG

[ Edited ]

Finally ... got it working, once I had a complete understanding of what is visible to what and how to enable that visibility!! Used snippets of advice from here and elsewhere, so thanks to all who contributed.

 

So, for completeness, here's my environment and here's what I did:

UK-based. NOTE: The V130 shipped here in the UK for UK use is not the same as the V130 used in other territories, so please be aware that the methods outlined here may not apply to V130 modems obtained outside the UK.

Modem: Vigor V130 (UK version) with firmware 3.8.2_BT. Web UI IP: 192.168.2.1 (the default).
ISP: BT - Infinity 2. FTTC. VDSL2. PPPoE. I need access to BT TV (IPTV)
Router: Ubiquiti USG (3 port) running 4.4.22. Local IP: 192.168.1.1
Controller: CloudKey running 5.8.24. Local IP: 192.168.1.12

 

STEP 1 - set up for BT TV (IPTV service)
========================================
Firstly, to gain access to BT TV (an IPTV service), the Vigor 130 needs to be put into "Bridge Mode". The instructions for this are on the Draytek UK support website.

 

Briefly,
- plug a laptop ethernet port directly into the modem LAN port
- set the laptop's IP address manually to 192.168.2.10, mask 255.255.255.0, DNS 8.8.8.8 (for example)
- once connected, browse to 192.168.2.1 - the Vigor's web interface
- log in using admin / admin (username / password)
- navigate to Internet Access >> MPoA / Static or dynamic IP, and configure like this ...

 

v130bridge1.png

 

- note: for BT, the MTU should be 1492, not the default of 1500
- hit OK and let it reboot

 

STEP 2 - set up an IGMP proxy on the Ubiquiti USG (for BT TV IPTV service)
==========================================================================
- disconnect V130 from the laptop and reconnect to the USG -> put the network back to "normal".

Note: I had previously been using a BT Openreach VDSL2 modem, so had already been through the steps of setting up an IGMP Proxy on the USG, so I didn't need to do it again. For help in this, follow THIS excellent guide.

 

STEP 3 - set up a pseudo interface on the WAN side of the USG as a V130 gateway to the LAN
==========================================================================================
So, having got all the BT TV IPTV channels working reliably, now to enable access to the Vigor V130 web interface, despite the modem being in Bridge Mode. Incidentally, even Vigor Tech Support told me that it could not be done!! Wrong.

 

Firstly, edit the same config.gateway.json file that was used to set up the IGMP Proxy (as above). The file is on the Unifi Controller!

Again, follow the same instructions to edit the config.gateway.json file and saving it in the right place. For my setup, it ended up looking like this:

{
   "firewall": {
      "source-validation": "disable"
   },
    "protocols": {
        "igmp-proxy": {
            "interface": {
                "eth0": {
                    "alt-subnet": [
                        "0.0.0.0/0"
                    ],
                    "role": "upstream",
                    "threshold": "1"
                },
                "eth1": {
                    "alt-subnet": [
                        "192.168.1.0/24"
                    ],
                    "role": "downstream",
                    "threshold": "1"
                }
            }
        }   
    },
    "interfaces": {
        "ethernet": {
            "eth0": {
                "address": [
                    "10.255.255.255/32"
                ],
                "mtu": "1508",
                "duplex": "auto",
                "firewall": {
                    "in": {
                        "name": "WAN_IN"
                    },
                    "local": {
                        "name": "WAN_LOCAL"
                    }
                },
                "pppoe": {
                    "0": {
                        "default-route": "auto",
                        "firewall": {
                            "in": {
                                "name": "WAN_IN"
                            },
                            "local": {
                                "name": "WAN_LOCAL"
                            }
                        },
                        "mtu": "1492",
                        "name-server": "auto",
                        "password": "bt",
                        "user-id": "bthomehub@btbroadband.com"
                    }
                },
                "speed": "auto"
            },
            "eth1": {
                "address": [
                    "192.168.1.1/24"
                ],
                "duplex": "auto",
                "firewall": {
                    "in": {
                        "name": "LAN_IN"
                    },
                    "local": {
                        "name": "LAN_LOCAL"
                    },
                    "out": {
                        "name": "LAN_OUT"
                    }
                },
                "speed": "auto"
            },
            "eth2": {
                "disable": "''",
                "duplex": "auto",
                "speed": "auto"
            }
        },
        "pseudo-ethernet": {
            "peth0": {
                "address": ["192.168.2.2/24"],
                "description": "Access to Draytek V130 Modem GUI",
                "link": ["eth0"]
            }
        },
"loopback": { "lo": "''" } } }


The bit in bold red, towards the bottom, is the bit required to provide for talking to the V130 from the LAN. It establishes an IP 192.168.2.2/24 on the WAN side of the USG - this is the same subnet occupied by the V130 web interface (which is on 192.168.2.1).

- save the new config.gateway.json in the correct place on the CONTROLLER (e.g. /srv/unifi/data/sites/default/config.gateway.json on a CloudKey). Again, follow the IPTV guide for doing this in THIS link.
- force a provision of the USG via the Unifi web interface. It will use the new config.gateway.json that you have just placed on the Controller.

 

Following the re-provision of the USG, everything should work just as it did before. However, you still won't have access to the Vigor 130 GUI. There is one more step required.

 

STEP 4 - provide a static route from the V130 into the LAN
==========================================================
The final step involves creating a static route on the V130 to provide a route back to the LAN. To do this:
- connect a laptop directly to the V130 LAN port, exactly as I did in step 1, but DO NOT log in to the Vigor 130's Web Interface.
- Instead, start ssh session to the V130: e.g. "ssh admin@192.168.2.1". The password is "admin" too. Or you can use telnet.
- at the V130 command prompt, type "ip route add 192.168.1.0 255.255.255.0 192.168.2.2 static". This provides a route back to the 192.168.1.x subnet (my LAN) via the gateway address 192.168.2.2 which was set up via the config.gateway.json changes made in step 3.
- verify that the route is there using "ip route staus"
- exit the ssh session
- unplug the laptop, plug in the USG, putting the whole network back to its normal, working state.


You should now be able to open a browser, type in address http://192.168.2.1 and you should be presented with the Vigor 130's GUI configuration login page.

 

That's it. Good luck !!

 

New Member
Posts: 1
Registered: ‎08-13-2018
Kudos: 2

Re: Maintaining access to Vigor 130 from USG

[ Edited ]

I understand that this topic is closed, but I think some users (including myself) don't like the deep configuration of the gateway, in order to access the interface (which is probably done only a couple of times). Therefore I found a workaround that works quite well for me personally:

  1. Assign an IP to the WAN interface of the USG that is in the subnet of the first LAN of the Vigor via the Gateway CLI (See LAN -> General Setup -> 1st IP Address in the vigor), e.g. 
    sudo ifconfig eth0 192.168.178.2
  2. Now you should be able to reach the device from your USG
  3. Quit the CLI session and open a SOCKS5 proxy over the SSH to your gateway using 
    ssh -D 8123 -f -C -q -N admin@yourgateway

    A good How-to on the whole SOCKS setup can be found here

Now you should be able to reach the vigor using it's IP, as long as the SOCKS proxy is opened.

 

Maybe this is a nicer workaround than the complex configuration of the gateway.

 

Cheers!

New Member
Posts: 32
Registered: ‎11-15-2016
Kudos: 4

Re: Maintaining access to Vigor 130 from USG

Has the eth0 become something else on the new controllers and firmware?  Using the simple json approach using eth0, it assigned the ip but that replaced the actuall PPPoE connection settings and changed the connection to static.  I thought I read that for the USG I should be using WAN rather than eth0?

 

Anyone got this up on a latest firmware'd USG?

 

Thanks,

 

Chris

New Member
Posts: 38
Registered: ‎01-10-2018
Kudos: 6

Re: Maintaining access to Vigor 130 from USG

@cjtcherrington

 

Thank you very much for your awsome tutorial.

 

I've got an update from my ISP from 50 to 100MBit/s and thought I could test IPS. The USG went offline and I had trouble to get internet working again for hours. 

 

After a while the USG was back online and ready for use, but no internet. I had to change the cable from the Vigor for setup and for testing on the USG. I nearly changed 30 times the wires. Now that it is working again I setup this route to reach the Vigor with the USG.

 

One thing was not working for me and this was the static route in ssh, becaus I've got an error that no SSL-Key exists. But I just created the roule in the Web interface.

 

Thanks man!

New Member
Posts: 14
Registered: ‎12-24-2015

Re: Maintaining access to Vigor 130 from USG

 

Nice one, many thanks - this works well.  I guess this is not persistent but is very useful for the odd access to the Vigor 130.

Reply