Draytek Vigor 120 + PFSense Initial Config

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Draytek Vigor 120 + PFSense Initial Config

Oubadah

666 posts

Ultimate Geek
+1 received by user: 12

Topic # 96843 4-Feb-2012 19:02

Finally got the Draytek Vigor 120 and ALIX 2D13 installed.

So far I just set the modem to "PPPoE passthrough" then put my user name, password and DNS servers into PFSense. I can get onto the internet, but I'm wondering is there any other basic setup I need to do (eg firewall)?

Now I have to start reading up on advanced configuration, but I want to make sure it's secure for the time being.

PS. Novice alert.

DrCheese

379 posts

Ultimate Geek
+1 received by user: 30

Trusted

Reply # 577323 4-Feb-2012 19:26

Have you got other devices that use the same IP address? Setting up NAT is a good idea.

David.

1080p

1332 posts

Uber Geek
+1 received by user: 152
Inactive user

Reply # 577339 4-Feb-2012 20:32

You also need to turn off the Vigor's DHCP service so it isn't trying to hand out addresses. Do this step last - configure the modem as you want it, allow it to reboot then turn off DHCP and allow it to reboot again before going back to pfSense interface.

You won't be able to access the modem directly anymore (well, you can when you have finished configuring things but that is for later) but as long as your pfSense configuration is valid you should not need to.

Oubadah

666 posts

Ultimate Geek
+1 received by user: 12

Reply # 577361 4-Feb-2012 22:09

DrCheese: Have you got other devices that use the same IP address?

The modem is 192.168.1.1 and the router is 192.168.2.1, is that right?

DrCheese: Setting up NAT is a good idea.

How?

1080p: You also need to turn off the Vigor's DHCP service so it isn't trying to hand out addresses. Do this step last - configure the modem as you want it, allow it to reboot then turn off DHCP and allow it to reboot again before going back to pfSense interface.

You won't be able to access the modem directly anymore (well, you can when you have finished configuring things but that is for later) but as long as your pfSense configuration is valid you should not need to.

OK, I've done that.

Can someone confirm that this was the right image I used for the ALIX and 1GB CF (using the wrong install wears out the CF card, right?) I used the highlighted:

And now it's auto updated it'self to 2.0.1-RELEASE (i386), that's OK?

chevrolux

3733 posts

Uber Geek
+1 received by user: 1457

Subscriber

Reply # 577365 4-Feb-2012 22:16

pfSense seems to be pretty much configured out of the box. Just put in your PPPoE details and you can start playing with it. I have it installed at home and find it great for learning how stuff works. Very powerful little program.
Can't comment on the image you used as I have it on an old PC. Zeon might be the person to tell you.

froob

473 posts

Ultimate Geek
+1 received by user: 117

Lifetime subscriber

Reply # 577369 4-Feb-2012 22:25

Yes, it looks like you've installed the right version for the ALIX 2D13 and your CF card (and the fact that it is working confirms this).

The standard firewall is already enabled when you first set up pfSense, so you probably won't need to change any more settings. If you've got DHCP running and your devices can access the internet, then your NAT is probably set up as well, and again you shouldn't need to change any settings (unless you want to punch holes in the firewall for access to a web server etc).

There are a few different firewall test websites which you can use to verify that your firewall is working.

Oubadah

666 posts

Ultimate Geek
+1 received by user: 12

Reply # 577629 5-Feb-2012 19:16

I got the custom case from PC engines with the 2d13 like what's pictured below. Actually mine has two extra small holes for antenna, but apart from that there is no real ventilation. Do you it will be cool enough?

JamesL

956 posts

Ultimate Geek
+1 received by user: 346
Inactive user

Reply # 577634 5-Feb-2012 19:33

I've been meaning to get one of those Alix boards to handle two WAN connections

What kind of cpu usage do you get under heavy wan usage?

froob

473 posts

Ultimate Geek
+1 received by user: 117

Lifetime subscriber

Reply # 577648 5-Feb-2012 20:17

I have the same case on mine (except black) and haven't had any problems with overheating. There are some tests of the router throughput here.

Zeon

3430 posts

Uber Geek
+1 received by user: 419

Trusted

Reply # 577653 5-Feb-2012 20:42

As mentioned PFsense works pretty much out of the box without needing anything special added to it.

Just a couple of things, in regards to the IP addresses, the WAN on PFsense should be automatically assigned by the PPP session. BY the sounds of it the Draytek is not in fact configured in full bridge mode? Also you generally do not need to put the DNS details in as these come in when the PPP link is established although this may not be true for every provider.

The hardware looks pretty good, able to route up to 100mbps for standard TCP connections. Should be good for a few years until we start seeing faster connections :) but yea good for home use.

chevrolux

3733 posts

Uber Geek
+1 received by user: 1457

Subscriber

Reply # 577700 6-Feb-2012 00:17

Zeon:

The hardware looks pretty good, able to route up to 100mbps for standard TCP connections. Should be good for a few years until we start seeing faster connections :) but yea good for home use.

This is the only thing that puts me off getting an Alix box. I dont really want to spend a couple hundy and get 100mb whereas I spent 30 bucks and get gigabit out the LAN side (actually has 3 gigabit NICs). Is there any embedded stuff that has gigabit ports? Or do you have to start looking at the serious dollars for commercial stuff?

1080p

1332 posts

Uber Geek
+1 received by user: 152
Inactive user

Reply # 577732 6-Feb-2012 07:50

chevrolux:
Zeon:

The hardware looks pretty good, able to route up to 100mbps for standard TCP connections. Should be good for a few years until we start seeing faster connections :) but yea good for home use.?

This is the only thing that puts me off getting an Alix box. I dont really want to spend a couple hundy and get 100mb whereas I spent 30 bucks and get gigabit out the LAN side (actually has 3 gigabit NICs). Is there any embedded stuff that has gigabit ports? Or do you have to start looking at the serious dollars for commercial stuff?

If your switch does gigabit you won't need gigabit ports on your embedded board unless you were routing a gigabit WAN interface.

RJKIng

54 posts

Master Geek
+1 received by user: 2

Reply # 577786 6-Feb-2012 10:38

This is basically the same set up as I have at home but are not using the Vigor in bridge mode. Is there an advantage to Bridge Mode?

Cheers.

froob

473 posts

Ultimate Geek
+1 received by user: 117

Lifetime subscriber

Reply # 577818 6-Feb-2012 12:26

The advantage of having the Vigor in bridge mode is that you can have a separate, more capable router control the connection and routing.

theEd

341 posts

Ultimate Geek
+1 received by user: 26

Trusted

Reply # 577876 6-Feb-2012 16:23

This is all you need to do on the Vigor:

Configure PPPoE/PPPoA Passthrough

Running the Vigor120 in passthrough allows the router to do all of the heavy lifting which takes some load off the little processor in the Vigor120 - which often translates to faster speeds. Plus it avoids any nasty double-NAT crap.