Linksys WRT3200ACM (Openwrt), Vigor130 & Vodaphone

revans · October 3, 2021, 11:00am

I have try to do this for a week now and just cannot get access to the internet.

The approach is to try and expose the Linksys WRT3200ACM directly to the internet with a Draytek Vigor130 (uk) acting as the modem. The Vigor130 is plugged into the WAN port on the WRT3200ACM.

I have tried basing the configuration on guide - https://openwrt.org/docs/guide-user/network/wan/isp-configurations

The Vigor130 is running in stock config with just the password changed.
The reading I have done seems to indicate that this should just work as comes with the tag already in place.

Today I am running a network layout which has issues but gets me internet. This uses the vodaphone router plug into the LAN. The vodaphone router has the DHCP turned off.

On the interface Luci page I can see updates on the WAN. If I set it to eth1 I get the following fault code.

   `Unknown error (USER_REQUEST)`

    followed a few seconds later by:

   `Error: Connection attempt failed`

With the config at <option ifname 'dsl0.101'> I get the error that no device is connected.

I can connect to the Vigor 130 by plugging it directly into the PC on port 192.168.2.1
What I have not figured out is how to get access to it via the LAN.

Another side note is that in the research I have done people show the modem IP / MAC in >System>Status but I cannot see it there.

I know I am asking basic questions but I am tearing my hair out and close to giving up.
Could one of you kind people advise the correct config files.
Once I am confident I have the setup correct then the next step is vodaphone.....but I think the issue is my config files

Network config file (vodaphone user name * password replaced with XXXXX)

onfig interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxxxxxxxx'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.2'
        option gateway '192.168.1.1'
        list dns '1.1.1.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option vid '1'
        option ports '5t 3 2 1 0'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '2'
        option ports '6t 4'


config dsl 'dsl'
        option annex 'b'
        option tone 'a'

config interface 'wan'
        option ifname 'dsl0.101'
        option proto 'pppoe'
        option ipv6 '0' # Vodafone UK has no IPv6. Replace '1' to enable
        option mtu '1492'
        option username 'XXX@broadband.vodafone.co.uk'
        option password ' XXXXXX'

Firewall config file

        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'WAN'
        list network 'wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option dest_port 'xxxxxx'
        option name 'xxxxxx'
        option src_dport 'xxxx'
        option target 'DNAT'
        option dest_ip 'xxxxxxxxxxxxxxxxxxxxxx'
        option dest 'lan'
        option src 'wan'
        option enabled '0'

anon80727944 · October 3, 2021, 11:14am

I think you need to put the Vigor130 in bridge mode

https://www.draytek.co.uk/support/guides/kb-vigor-130-bridge

bill888 · October 3, 2021, 11:32am

You also have to change the ifname from dsl0.101 (this is for Lantiq modem routers only), back to openwrt default for your router (eth0.2 ?), once you have the Vigor in bridge mode and vlan 101 defined as advised by @anon80727944

revans · October 3, 2021, 11:58am

Thanks both

Made the change to bridge more and set wan to eth1
Still have an issue

Can you expand on vlan 101 as I do not follow. Do I need to add a vlan to be able to connect to the Vigor130 over the network?

bill888 · October 3, 2021, 12:36pm

vlan 101 is set in the Vigor. See the images in the link provided by @anon80727944

The Vigor is supposed to emulate an openreach VDSL modem. Then you can use ANY router (without built in modem). All the router requires is PPPoE username & password to connect to Vodafone. No other settings required.

ie. The linksys does not need to know about the vlan 101. It does not have a built in xDSL modem, unlike BT Home Hub 5A modem-router running OpenWrt where you would specify dsl0.101.

Do you have any other spare router you can plug into the Vigor to confirm you can connect to Vodafone by specifying just PPPoE username & password in the router?

bill888 · October 3, 2021, 12:59pm

Just a thought. Is your OpenWrt version using DSA?

In which case, should the ifname just be 'wan' (not 'ethXXX') for its WAN ethernet port?

revans · October 3, 2021, 1:29pm

Bill - that was an outstanding idea.

I used an old tp-link TL-WR940N. All I did was put it in PPOE, add the user name and password.....then bingo the internet was work on this micro network. SO the vodaphone side of things is working and I have the correct credentials.

So that begs the question.....what is wrong with my Linksys WRT3200ACM settings.

revans · October 3, 2021, 1:35pm

if I change the ifname to wan it does not see the Vigor130

bill888 · October 3, 2021, 1:49pm

I presume if you were to save your openwrt settings and factory reset it, the wan interface is defined as 'eth1'?

A reference to 'eth1.2' here, but the wrt3200acm is running 18.06 though
https://forum.openwrt.org/t/wan-link-problems-on-18-06-2-with-wrt3200acm/35625/7

Are there any error messages in the system log?

anon80727944 · October 3, 2021, 1:54pm

How about resetting OpenWrt to defaults and make the bare minimum WAN changes via the GUI to get it to work with the Vigor130 and your ISP, before adding all sorts of rules, NAT, VLANs, bridges, etc. as opposed to copy pasting a network configuration file from the following link which is outdated. https://openwrt.org/docs/guide-user/network/wan/isp-configurations

revans · October 3, 2021, 2:57pm

I was worried this would be what I needed to do.

There is a lot setup in my home network. There is a home lab with along with integrations to turn kids WiFi on and off... etc....... it all took ages to get sorted.

Interestingly there is a second wrt3200AC on the house which is a wifi access point. What I might do is reset that and see if I can get it working before wiping the main router.

Just need to read up on how to re-set the device. As this router has re-set button I guess I just push that.

If anybody has any ideas on avoiding the thermo nuclear option please let me know.

Guess this is the price of learning as you go. Ultimately I need to sort this out before I get any deeper in.

It will probably take me a few days to do this so there will be gap before I give an update.

bill888 · October 3, 2021, 3:05pm

In LuCI, go to System > Backup/Flash Firmware. There is a Reset button.

fwiw, if the second wrt3200ac is running same version of Openwrt, is there a possibility you did not delete the redundant/untouched WAN interface? See if that shows 'eth1'.

revans · October 3, 2021, 3:21pm

Unfortunately it looks like I deleted the wan on access point.

anon80727944 · October 3, 2021, 4:10pm

If you have a complicated network with advanced routing, there are much better options than OpenWrt. OpenWrt is good for what it does. Keeping cheap consumer grade routers out of landfills, well after OEMs stop supporting them, or add features OEMs are unwilling to invest additional re$ource$ once they have your coin$ from initial purchase. That is why most consumer grade router OEMs are switching to monthly/yearly extortion fee based business models, selling advanced security protection which can be easily obtained for free.

Consider stepping up your game and switch to open source enterprise class firewall software from https://pfsense.org

It runs on almost any x86 hardware. Or you can buy an appliance directly from Netgate or https://protectli.com

Then relegate OpenWrt to dumb APs

slh · October 4, 2021, 2:40am

What you're trying to set up is trivial - however what makes following this a tad difficult, are the widely differing approaches necessary for <=19.07.x (swconfig based) or >=21.02 (DSA). Therefore I strongly suggest to update and start fresh (the wrt3200acm is a dual-firmware device, as long as you don't sysupgrade more than once, your original/ old firmware and its configuration remains untouched on the inactive partition set).

See Bananapi R2 snapshot build: no pppoe dialin and Configuration Issues OpenWRT 19.07.3 and DrayTek Vigor 130 - #4 by slh for reference of how to set this up using swconfig, DSA follows the same approach, with just minor (but essential) differences regarding the interface names and switch setup. Despite all this, I'd strongly recommend against throwing time into 'learning the old ways', just for being rewarded of having to do it the new/ DSA a few weeks/ months down the line.

revans · October 4, 2021, 10:36am

slh - when you say start fresh you mean with a newer version of openWRT?

I do not understand your reference to DSA......I guess I will have to do some reading around that subject. Thank you for the links.

Thank you for reminding me about the other partition. It currently has the stock Linksys firware but I could just load this new install that.

slh · October 4, 2021, 10:39am

I mean 21.02.x at this point.

revans · October 11, 2021, 6:31pm

In the end I moved to using PFSense as the firewall and DHCP server. Openwrt is looking after the dumb router/wifi AP.

It all seems to be working well.

My double NAT and other issues have been solved.

The instructions for the Vigor 130 worked like a charm on the PFsense.

No doubt of I had re flashed with the new release of Openwrt things would have worked.... but I decided to go a different way as others had suggested.

I regard this thread as solved

anon80727944 · October 11, 2021, 7:44pm

Congrats! See you over at the pfsense forums.

system · October 21, 2021, 7:45pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.