Unable to access PPPoE modem UI in bridge mode

I am unable to access admin panel of my Zyxel DX3200-B0 VDSL2 PPPoE modem which is in PPPoE Bridge mode (LAN1 as RFC 1483) and connected to WAN port of Xiaomi 4A Gigabit router running OpenWRT 21.02.2.

Setting Zyxel modem to the Bridge mode has disabled most of the router features of the modem, but DHCP remained enabled and I left it stay that way. Then I followed this guide to the exact that I even changed modem's IP address to 192.168.100.1 but no success, address unreachable. Tried different clean browsers too...

The only way I was able to access admin UI of Zyxel modem was to run a DHCP client interface which interrupted internet connection of PPPoE-WAN. And then I disabled DHCP server on Zyxel modem, now I can't even access it over DHCP client interface.

What are my options now?

Oh I should mention that IPV4 and IPV6 other firewalls (WAN to LAN, LAN to WAN) are disabled on the modem side.

Try (to port) the DD-WRT manual (to OpenWrt)!

Put an additional static IP directly onto the Ethernet device connected to the modem.
ip addr add 192.168.100.2/24 dev wan
Here since the modem is 192.168.100.1, we'll set the router to hold 192.168.100.2 and a subnet large enough to cover both of them. This also installs a route to the modem in the routing table, so you can reach it from any machine on the LAN as well. This will last until the next reboot*, or until you reverse the action with ip addr del. If you want to make it permanent, I think the @wan syntax still applies:

config interface 'modem'
    option proto 'static'
    option device '@wan'
    option ipaddr '192.168.100.2/24'

But try the temporary way first.
Another approach is to use DHCP like you did, but use the peerdns and defaultroute options at 0 so that it does not try to use the control interface of the modem as the default path to the Internet. That will continue to go through the ppp interface.

  • which can be considered a good thing, since modems often aren't very secure, malware running on the LAN has been known to try to attack them. If you make the modem a network interface, place it in the wan firewall zone so that the modem can't attack the router or the LAN.

How is this different than the official guide of OpenWRT? I do not get it.

Thank you for your interest and time for explaining, but could you please also explain how this practice is different than the official guide?

Because I was too noob to find the OpenWrt version for the same! :sweat_smile:
And of course, I failed to read your opening post with that link. Shame on me. :see_no_evil:

What I wrote is exactly what is described on that page, other than using the newer CIDR (/24) notation which is now supported instead of 4-byte netmasks.

And this is exactly my config as I indicated that I followed the official guide to the exact, but I am unable to reach the modem.

In the meantime, I have disabled Bridge mode on the modem and changed WAN-PPPoE interface to WAN-DHCP Client. All good, I can access modem admin without internet drop, but I am unsure if this is an appropriate approach.

Which is the most appropriate setup for the best performance?

PPPoE bridge or typical DHCP client router?

A DHCP configuration ends up routing through the modem (double NAT) but pppoe demands more from the CPU in your router. This may or may not limit the speed that can be achieved.

I would suggest using ip addr add to temporarily add an IP address. The old methods using UCI may no longer work.

Indeed PPPoE was high on CPU it was impacting SQM.

I will stay on DHCP client mode and I can access the modem with no additional config.

Thank you, @mk24

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.