DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Replacing some 2900Gi routers
- peter-h
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 60
- Thank you received: 0
02 Sep 2011 14:48 #69203
by peter-h
Replacing some 2900Gi routers was created by peter-h
I run a couple of sites. Each one has a 2900Gi router. These are used for normal internet access, with some port forwarding and some packet filtering to allow SMTP email delivery only from a small number of Messageslabs IPs. Both have WIFI enabled.
I also run an IPSEC VPN between them, which was an absolute pig to get working but we finally did it by following some appnotes on seg.co.uk. This works most of the time but every so often it hangs and the router has to be turned off and back on. It looks like a memory leak or something like that. Curiously, to get it going again it is the OUTgoing router (the one which dials-out the VPN) which needs to be power cycled, not the receiving one. Encryption is 256 bit AES.
Both also support "teleworker" VPN remote access. This uses PPTP. I could never get IPSEC working, and anyway it has to work over GPRS/3G networks of which far from all support PPTP and none AFAICT support (or work with) IPSEC. The dial-in is a winXP laptop, using the built-in VPN feature. This VPN access has similar reliability issues.
To make the VPN stuff work properly, I have installed an SMS-triggered box which can be used to power cycle the remote site!! This works well, unsuprisingly, but seems a ridiculous solution.
The ADSL modems are a D-Link at one site and a Draytek one at the other site.
ISDN is no longer used.
I have considered replacing these 2900s with Cisco boxes, which "just work" but there is no way I would be able to maintain them. I used to have some Cisco 803 ISDN routers and the config on those was so complicated I never understood it, and nobody who did understand it was around for very long. But I can "manage" the 2900s.
Ideally I would like the teleworker VPN to use HTTPS (port 443) because that will work on any GPRS/3G network. I do appreciate however there is no built-in windows support for SSH VPN so I would need some client program which provides a network port under winXP, to enable PC/Anywhere to work. OK, I know PCA is cr*p too, but it seems to work most of the time, and has the features I want like nice file transfer. The VPN features are solely for PCA use.
SEG do not reply to phone calls, which doesn't look good.
Can anybody recommend a way forward? I see they have products like the 2830 which can run two ADSL lines concurrently, or run ADSL with 3G backup. Otherwise it seems to do the same stuff, not a port 443 VPN though.
But most of all, the 2900 does all we need - except for the hanging on VPN operations so I want that completely fixed. We already have the latest firmware in the 2900s.
Money is not an issue, within reason. I would happily pay £500 per box which is 100% reliable.
The 2900s have other bugs, around the anti-hacking features. I don't recall the details but if you enabled e.g. the Teardrop attack stuff, the thing just stopped working. Obviously they never tested these.
I would appreciate any tips.
I also run an IPSEC VPN between them, which was an absolute pig to get working but we finally did it by following some appnotes on seg.co.uk. This works most of the time but every so often it hangs and the router has to be turned off and back on. It looks like a memory leak or something like that. Curiously, to get it going again it is the OUTgoing router (the one which dials-out the VPN) which needs to be power cycled, not the receiving one. Encryption is 256 bit AES.
Both also support "teleworker" VPN remote access. This uses PPTP. I could never get IPSEC working, and anyway it has to work over GPRS/3G networks of which far from all support PPTP and none AFAICT support (or work with) IPSEC. The dial-in is a winXP laptop, using the built-in VPN feature. This VPN access has similar reliability issues.
To make the VPN stuff work properly, I have installed an SMS-triggered box which can be used to power cycle the remote site!! This works well, unsuprisingly, but seems a ridiculous solution.
The ADSL modems are a D-Link at one site and a Draytek one at the other site.
ISDN is no longer used.
I have considered replacing these 2900s with Cisco boxes, which "just work" but there is no way I would be able to maintain them. I used to have some Cisco 803 ISDN routers and the config on those was so complicated I never understood it, and nobody who did understand it was around for very long. But I can "manage" the 2900s.
Ideally I would like the teleworker VPN to use HTTPS (port 443) because that will work on any GPRS/3G network. I do appreciate however there is no built-in windows support for SSH VPN so I would need some client program which provides a network port under winXP, to enable PC/Anywhere to work. OK, I know PCA is cr*p too, but it seems to work most of the time, and has the features I want like nice file transfer. The VPN features are solely for PCA use.
SEG do not reply to phone calls, which doesn't look good.
Can anybody recommend a way forward? I see they have products like the 2830 which can run two ADSL lines concurrently, or run ADSL with 3G backup. Otherwise it seems to do the same stuff, not a port 443 VPN though.
But most of all, the 2900 does all we need - except for the hanging on VPN operations so I want that completely fixed. We already have the latest firmware in the 2900s.
Money is not an issue, within reason. I would happily pay £500 per box which is 100% reliable.
The 2900s have other bugs, around the anti-hacking features. I don't recall the details but if you enabled e.g. the Teardrop attack stuff, the thing just stopped working. Obviously they never tested these.
I would appreciate any tips.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek