Accessing a Modem's Web Interface through a Ubiquiti USG

Accessing a Modem's Web Interface through a Ubiquiti USG

I've since wrtitten an article with a simplier solution which only requries configuration on the USG. This means that unlike this article, it will work with modems that don't allow setting a static route. Here's a link: https://on-te.ch/mtu

I wanted to be able to access the admin page of the DrayTek modem from inside my LAN. Unfortunately, it's not terribly easy to find a way to doing this so when I found one, I decided to write it up. I use Ubiquiti's Unifi Router (known as the "Unifi Security Gateway") and a DrayTek Vigor 130 modem (both of which I highly recommend).

ubiquiti-unifi-usg
Ubiquiti's USG

The USG's are very capable devices with impressive functionality. Problem was, there is no way to enable access to the modem in the GUI. It meant that whenever I wanted to view the admin page I had to disconnect the modem from my router and connect my laptop - hardly ideal.

draytek-vigor-130
DrayTek Vigor 130

This is the setup I want to have:
draytekUSG

Side notes: This guide will work for the USG Pro (or the USG if you're using WAN2) as long as you replace eth0 with the correct port. On the USG Pro it will probably be eth2.

The DrayTek Vigor 130 differs in terms of firmware depending on the country, the UK version is very limited in terms of GUI configurability. Versions for other contries may be able to configure the static route via the GUI which works just as well.

After quite a lot of research and eventually posting on Ubiquiti's forum I found a solution. To start with, you need to change the IP of the DrayTek to something in a different subnet to your LAN, in my case the LAN is 192.168.111.0/24 so I chose 192.168.112.0/24 as the subnet for the modem with the modem being on .1. You'll need to tell the modem to use this IP which can be done through the GUI by navigating to LAN > General Setup and filling in the IP in the "IP Address" box as can be seen in this picture (though be sure to use the IP you chose):

drayTek130LANGUI

Next, you'll need to add a static route on your modem so it knows how to talk to your LAN. You'll have to connect directly to the modem as you obviously don't yet have any other way to communicate with it. For me this required accessing the modem via CLI and for simplicity I used the Web Console on the DrayTek. You want to add a route for your LAN's IP range (192.168.111.0/24 for me) that's pointing to the same IP you will assign the USG's WAN interface in the config.gateway.json in the next step. On the DrayTek this meant running the following command (192.168.112.100 is the IP I assigned to my USG's WAN interface):

Format:
ip route add <LAN IP> <Subnet Mask> <USG WAN IP> static
With my IP's:
ip route add 192.168.111.0 255.255.255.0 192.168.112.100 static

In order to be able to talk from the LAN to the WAN side of the USG I had to create a virtual network interface which in the USG's case is known as a "pseudo interface". Thankfully this is quite straightforward and can be done (temporarily) by running the following commands via SSH on the USG:

configure
set interfaces pseudo-ethernet peth0 link eth0
set interfaces pseudo-ethernet peth0 address 192.168.112.100/24
set interfaces pseudo-ethernet peth0 description "Access to modem"
commit
save
exit

(Replace 192.168.112.100/24 with IP you've chosen for the USG's WAN interface)

As with all the configuration changes you make directly on the USG it'll get removed on the next provision. In order to make it permanent you need to create (or modify) the site's config.gateway.json file (here's a "how to" for this). In this file, you need to place the following (if you've already created this file then you'll need to merge the config with the following):

{
	"interfaces": {
		"pseudo-ethernet": {
			"peth0": {
				"address": ["192.168.112.100/24"],
				"description": "Access to Modem",
				"link": ["eth0"]
			}
		}
	}
}

(Again, replace 192.168.112.100/24 with IP you've chosen for the USG's WAN interface)

Lastly, you need to trigger a provision to apply that to your USG which can be done by clicking the "Provision" button under the USG's Config in the Unifi controller in newer controller vesrions. In older versions you'll need to change a setting like creating or editing a port forward rule. Once this completes you should be able to access your modem from your LAN.

unifiConfig

I only intended for this to be a guide for the USG and DrayTek Vigor 130 but I don't see any reason why it won't work with other modems. Obviously, the process for adding a static route and configuring the modem's IP will probably differ but otherwise you should be fine - I'd love to hear how you get on.

Short link: on-te.ch/mtr

Owen Nelson

Owen Nelson

https://owennelson.co.uk

IT Systems Administrator from Northamptonshire, UK. Always on the lookout for ways to make things faster and more secure - and I enjoy getting through a fair bit of Tea along the way.

View Comments