Accessing a DrayTek Vigor 130 Modem in Bridge Mode on a Unifi Dream Machine Pro (UDMP)

The DrayTek Vigor 130 is a very popular ADSL / VDSL2 modem as it can be set to act in bridge mode. When connected to a router, the router itself is responsible for making the connection and the modem passes through the WAN IP. This avoids double-NAT scenarios where the modem passes a local IP address to the router, rather than the real WAN IP address. The Vigor 130 has a single LAN port, and by enabling bridge mode, the modem itself is no longer accessible. With a little bit of work and a few static rules, it is possible to restore access to the admin interface.

When configuring UDMP, SSH will need to be enabled with a known password set. In my particular setup, I don’t use 192.168.2.x for any networks configured through my UDMP so I can use the modem’s default IP address.

Enabling Bridge Mode on the Vigor 130

Out of the box the modem will have a default IP address of 192.168.2.1 and assign any connected device an IP address in the 192.168.2.x range using its built in DHCP server. To use the modem with the UDMP, it should be switched to bridge mode. To do this, plug a laptop or PC into the LAN port of the modem and wait for it to receive an IP address. Navigate to http://192.168.2.1 and log in using the default username ‘admin’ and default password ‘admin. (If you wish to change the IP address scheme, now is the time to do it by clicking “LAN” and then altering the values in the “LAN IP Network Configuration”. Modify the routing commands below to reflect any changes you choose to make to the IP address here).

To enable bridge mode on the modem, follow the instructions in the DrayTek Knowledgebase. First, click on “Internet Access” then “MPoA / Static or dynamic IP”. At the top of the page is a radio button, switch it to “Enable”. Ensure that the “Enable Bridge Mode” checkbox is ticked at the bottom of the page and click “OK”. The modem will reboot and will be in bridge mode. The WAN connection can now be configured using the UDMP.

• 

Static Routing Setup

At the moment, the Vigor modem has no way to communicate directly with the UDMP, and the UDMP doesn’t know anything about the Vigor modem itself. To resolve this we need to:

• Assign an IP address to the WAN port of the UDMP
• Set up a static route on the UDMP to allow communication with the modem
• Set up a static route on the modem to allow communication back to the UDMP

Assigning an IP Address to the WAN Port of the UDMP

The WAN port itself on the UDMP doesn’t have an IP address set against it. In order for the modem to have somewhere to talk to, we need to set an IP address against it.

Begin by logging into the UDMP with your SSH client of choice. Assign an IP address from the same subnet as the modem to the WAN port (eth8) of the UDMP using the following command (if you adjusted the IP address of your modem, change the IP addresses in the below commands as appropriate):

ip address add 192.168.2.2/24 dev eth8

Setting Static Route from UDMP to Vigor Modem

So that the UDMP knows how to communicate with the modem, the next stage is to configure a static route. Add the appropriate route using the following command:

ip route add 192.168.2.0/24 dev eth8

Setting Static Route from Vigor Modem to UDMP

The final stage is to tell the modem how to communicate back to the UDMP. This is set on the modem by using it’s telnet client. Connect to the modem from the SSH client by issuing the command:

telnet 192.168.2.1

The modem will ask you to log in using the same credentials as the web interface. Once logged in, set up the static route on the modem by issuing the command:

ip route add 192.168.1.0 255.255.255.0 192.168.2.2 static

You should now be able to access the modem’s login page by navigating to it’s IP address.

Rebooting or Upgrading the UDMP

It is important to note that the changes made on the UDMP will be lost if it is restarted, or if an update is applied. A set of third party tools available on GitHub called udm-utilities that will allow you to run scripts on system-boot. This will allow you to apply the IP address and route automatically.