VDSL router using USG
- Thread starter baron02
- Start date
Soldato
- Joined
- 24 Sep 2015
- Posts
- 4,001
I've got the web interface on my Draytek 130 reachable from my LAN address space. There's probably a few ways of achieving it, but this is what I did.
1 - I needed to change the management IP on the 130 as when I'm working from home my VPN client secures a route to 192.168.2.0/24 so I had to disconnect my VPN session to reach the 130. I connected an ethernet cable between my laptop and the 130, logged in, changed IP to 192.168.3.1/24 and rebooted it.
2 - You need to add a static route on the 130 so that it can route back to your LAN address space (192.168.8.0/24 in my case). I don't understand why but if you add a static route to 0.0.0.0 on the 130 then you'll be able to ping the 130 but the web interface won't load. So just add a route to the specific /24 (or whatever your're using). Telnet into the 130 and issue this command:
3 - Check the route has been added by doing 'ip route status' and you should see something like this:
4 - Next you need to add a static IP address on eth0 on the USG. You can do this via SSH but the IP address will get removed when the USG checks in with the controller so I'd suggest stopping the Unifi controller so you have control over when the IP address is dropped. If you wanted to do it via SSH then the command you need is:
Check if commands took by looking at the output of 'show interfaces ethernet eth0' and you should see the IP shown in the first line.
5 - The better way to add the IP address to the USG is via a config.gateway.json file on the Unifi controller. It's a faff but it works and the address doesn't get removed. SSH into your Unifi controller then go to the sites/default directory in the Unifi installation directory. Your path may be different but for me it is /var/lib/unifi/sites/default/
6 - Create a file called config.gateway.json. This is mine, your may need to adjust the IP address for eth0 and the PPPoE credentials. The x's shown in the PPPoE username are my BT landline phone number.
7 - You need to force the USG to reprovision. Rebooting it isn't sufficient. The way I do it is to add a port forwarding rule and then remove it.
8 - Done. You should be able to reach the 130 web interface from your LAN address space.
1 - I needed to change the management IP on the 130 as when I'm working from home my VPN client secures a route to 192.168.2.0/24 so I had to disconnect my VPN session to reach the 130. I connected an ethernet cable between my laptop and the 130, logged in, changed IP to 192.168.3.1/24 and rebooted it.
2 - You need to add a static route on the 130 so that it can route back to your LAN address space (192.168.8.0/24 in my case). I don't understand why but if you add a static route to 0.0.0.0 on the 130 then you'll be able to ping the 130 but the web interface won't load. So just add a route to the specific /24 (or whatever your're using). Telnet into the 130 and issue this command:
Code:
ip route add 192.168.8.0 255.255.255.0 192.168.3.2 3 static3 - Check the route has been added by doing 'ip route status' and you should see something like this:
Code:
Codes: C - connected, S - static, R - RIP, * - default, ~ - private
S~ 192.168.8.0/ 255.255.255.0 via 192.168.3.2, IF0
C~ 192.168.3.0/ 255.255.255.0 is directly connected, IF04 - Next you need to add a static IP address on eth0 on the USG. You can do this via SSH but the IP address will get removed when the USG checks in with the controller so I'd suggest stopping the Unifi controller so you have control over when the IP address is dropped. If you wanted to do it via SSH then the command you need is:
Code:
configure
set interfaces ethernet eth0 address 192.168.3.2/24
commitCheck if commands took by looking at the output of 'show interfaces ethernet eth0' and you should see the IP shown in the first line.
5 - The better way to add the IP address to the USG is via a config.gateway.json file on the Unifi controller. It's a faff but it works and the address doesn't get removed. SSH into your Unifi controller then go to the sites/default directory in the Unifi installation directory. Your path may be different but for me it is /var/lib/unifi/sites/default/
6 - Create a file called config.gateway.json. This is mine, your may need to adjust the IP address for eth0 and the PPPoE credentials. The x's shown in the PPPoE username are my BT landline phone number.
Code:
{
"interfaces": {
"ethernet": {
"eth0": {
"address": [
"192.168.3.2/24"
],
"duplex": "auto",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
}
},
"pppoe": {
"0": {
"default-route": "none",
"firewall": {
"in": {
"name": "WAN_IN"
},
"local": {
"name": "WAN_LOCAL"
}
},
"mtu": "1492",
"name-server": "none",
"password": "internet",
"user-id": "[email protected]"
}
},
"speed": "auto"
},
"eth1": {
"address": [
"192.168.8.1/24"
],
"duplex": "auto",
"firewall": {
"in": {
"name": "LAN_IN"
},
"local": {
"name": "LAN_LOCAL"
},
"out": {
"name": "LAN_OUT"
}
},
"speed": "auto"
},
"eth2": {
"disable": "''",
"duplex": "auto",
"speed": "auto"
}
},
"loopback": {
"lo": "''"
}
}
}7 - You need to force the USG to reprovision. Rebooting it isn't sufficient. The way I do it is to add a port forwarding rule and then remove it.
8 - Done. You should be able to reach the 130 web interface from your LAN address space.
Last edited:
Soldato
- Joined
- 24 Sep 2015
- Posts
- 4,001
I'd noticed that the dashboard view in my controller was showing amber for internet connectivity and whilst it was showing throughout it didn't show latency or speedtest results. After some research when the config.gateway.json file is in place the USG can't do any DNS resolution. When the USG can't ping ping.ubnt.com it assumes the internet connection is down and you get the results I mentioned.
I've temporarily removed config.gateway.json and the controller view is working properly now. I don't see why it wouldn't work though, I've gone through the USG configuration line by line and don't see anything that should cause this. In both cases (when it's working and when it isn't) the only mention in the config of DNS is in the DHCP server.
Strange.
I've temporarily removed config.gateway.json and the controller view is working properly now. I don't see why it wouldn't work though, I've gone through the USG configuration line by line and don't see anything that should cause this. In both cases (when it's working and when it isn't) the only mention in the config of DNS is in the DHCP server.
Strange.