How to reach PPPoE bridge from Mikrotik

When using a Mikrotik router (or any other decent home router) as your PPPoE client, it’s good to be able to keep access to the ADSL/VDSL modem in-line to allow diagnostics, additional configuration etc. To avoid a situation where the router is essentially double-NATing all the packets going across the WAN link, the ideal setup is a secondary IP address on the router’s WAN interface, that is handled separately.

Below is a crude drawing of my home setup. The Draytek Vigor 130 is acting as a VDSL modem, bridging the PPPoE connection across to the Mikrotik¬†RB2011UAS-2HnD-IN which is ‘dialing’ the PPPoE connection back to my ISP. The ISP dishes out an IP address which lands directly on the router, passing through the Draytek. On the LAN side of the router, is a pretty boring DHCP subnet (with DNS setup as mentioned here).

To setup the router/modem to allow access to both (without unplugging the router to get back to the modem) – you can do the following:

First, add an IP address to the modem:

(On Draytek, using GUI, added

Now, add the corresponding interface on the Mikrotik (access via SSH, note below is only 2 lines of config):

/ip address
add address= comment="To get to VDSL modem" interface=ether1-gateway network=

This will add the other end of the /30 network to the ether1-gateway (physical) interface on the Mikrotik router.

Now, all we need to do is tell the router that it’s OK to NAT on that address, on that interface:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway

If all went to plan, you should be able to ping from your Mikrotik:

[admin@burnett-home] > ping
HOST                                     SIZE TTL TIME  STATUS                                56 255 0ms                                56 255 0ms
    sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

All done, now you can browse to both the router IP for GUI config, and get to the VDSL modem’s config page as well.

Help on this one came from the DD-WRT wiki.

6 thoughts on “How to reach PPPoE bridge from Mikrotik”

  1. Acostumbro cada noche buscar webs para pasar un buen momento leyendo y de esta forma me he tropezado vuestro articulo. La verdad me ha gustado la web y pienso volver para seguir pasando buenos momentos.

  2. Hi James,
    thanks a lot for your post. I have configured the Mikrotik and the Vigor130 as the same. I can ping the address from the Vigor130, but I can not reach the GUI Interface from the browser.
    Do you have any idea?

    Kind regards Denis

    1. Hallo Denis

      Thanks for finding it. From the Mikrotik CLI (or terminal app) can you ping the IP you set on the Vigor130? Does that link between them work?

      It should, and if so, the router knows a path to the Vigor, so your PC connected to the Mikrotik via wifi or LAN cable should have a default route to the router – and it should ‘just work’.

      Let me know


  3. Hello James,

    thanks for your feedback. Yes, I can ping the Vigor from the Mikrotik (Winbox Access). I have a Route in the different subnet to the Vigor. But I can not access the Vigor with the GUI (access in a browser application). Is a back route in the Vigor necessary? Or a NAT rule in the Mikrotik?
    The Vigor has the IP and the Mikrotik Port the with a different subnet behind for the LAN

    Thanks a lot, Denis

    1. That’s a good point, the Vig will need a route back to your /24 subnet (where your router/LAN devices are).. I might have overlooked this, sorry the post was 4 years and several variants of hardware ago (I still use the Mikrotik router till this day though!)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.