Network upgrade Draytek Vigor 167 Modem
In the first part, I reported on how I additionally secured my home network using a firewall with OPNSense. But that was only the first step.
Introduction
The first part was about additionally securing my home network and further separating the different areas, i.e. having a separate network, e.g. for WLAN or the LAN. And it’s particularly important to protect the areas that are accessible from the Internet, such as my Nextcloud or my password manager. This works quite well with OPNSense, but I have tried several times to operate my FritzBox 7590 in modem mode only. However, I wasn’t able to do this and it would also have had the disadvantage that I would no longer have been able to use my telephony.
So I had to get an external modem that I could then connect to the OPNSense firewall.
Initial situation
Up to now, I have operated the Fritzbox before the OPNSense and set up the OPNSense as a so-called exposed host, as you can see here.
This means that the Fritzbox acts as a gateway to the Internet, but still with an IP address from the reserved, private area. In addition, the WLAN was not secured.
Draytek Vigor 167
The Draytek Vigor 167 is no bargain in this sense and costs almost always just under €100. The device can be set up both as a modem and as a router. On delivery, it is configured as a modem. A switch is recommended for use as a router, as the device only has 2 GB Ethernet connections.
But setting it up is really child’s play. Plug the included DSL cable into the connection on both the tAE socket and the Draytek. Then set the WAN port in OPNSense to PPOE dial-in and enter the access data there. Then switch on the modem and after a short wait a different IP address should appear on the WAN port.
So you don’t need to go to the web interface of the device to configure anything there. The routing didn’t work for me, so I deleted my old WAN port in OPNSense and created a new one with the dial-in data. After that it worked immediately.
User interface
Nevertheless, you should access the interface once to change the IP address and, of course, the password.
But apart from that, the Draytek Vigor modem is really easy to set up, or rather, for the major DSL providers, no setup is actually required, apart from storing the access data in the firewall.
The Draytek Vigor is a really good modem for DSL that requires practically no setup. Now the Fritzbox 7590 can be connected as normal as a client in the IP network and I finally have my own network for the WLAN area.
The network now looks exactly as I imagined it. What remains is the telephony, but more about that in Part 3.
