DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2862 - 3.8.9.1_BT firmware upgrade breaks IPv6 +others?

More
29 Jun 2018 19:13 #7 by x64
Replied by x64 on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?

hopkins35 wrote:

admin3 wrote:
Hmm, I may have seen a NAT loopback problem with 3.8.9.1 so far - what kind of HTTPS issues did you see?



I have a webserver sitting behind NAT which also hosts an L2TP VPN, Remote Desktop Gateway and various other services. I have 6 WAN aliases and one of those has redirects and firewall rules setup for said server. I also have a Fingbox network monitoring appliance which requires only outbound communication on a few ports including TCP 443 (I have no firewall restrictions on outbound traffic). After flashing 3.8.9.1 HTTPS access to my webserver completely broke - the RDP Gateway was inaccessible, my website was inaccessible but all other services including the VPN functioned fine and the Fingbox stopped communicating with the cloud and went offline also. Syslog firewall monitoring showed that the firewall was passing the traffic and I'd even added a specific rule for the Fingbox to explicitly allow its traffic outbound. I was also seeing some random web browsing and certificate errors. Interestingly the Draytek's SSL VPN continued working.

I ended up flashing the firmware 3 times, the last time was so Draytek could grab my config, and each time the same problems occurred. I've not heard anything from them in a week now



Do you have any kind of IP routed subnet or your external IP range allocated to a "LAN" configuration?, or is your configuration strictly only using your public IP addresses only on the WAN interface and associated IP aliases?

The reason that I ask is that my own 2862 config (which is IPv4 only) is having issues with port redirection when combined with having a LAN configuration that also has my external range on it. I'm having to temporarily run without the external subnet to keep the rest of my config running.

I have mentioned my issue to support but have not heard back from them yet on the issue, so all I can suggest is that if you have en external LAN configured as well, you briefly disable it to see if it is interfering.

I've also seen issues with using the default rule changed to "block", but your issues do not sound like that.

Please Log in or Create an account to join the conversation.

  • hopkins35
  • User
  • User
More
29 Jun 2018 19:43 #8 by hopkins35
Replied by hopkins35 on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?

x64 wrote: Do you have any kind of IP routed subnet or your external IP range allocated to a "LAN" configuration?, or is your configuration strictly only using your public IP addresses only on the WAN interface and associated IP aliases?



No, nothing like that, my WAN IP and aliases are assigned to WAN1 and I have private address ranges assigned to LAN 1,2 & 3.

I've got no problems at all running 3.8.8.2 and flashing back solves the problems straight away

Please Log in or Create an account to join the conversation.

More
30 Jun 2018 08:28 #9 by piste basher
Replied by piste basher on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?
Interesting that Draytek UK have not loaded 3.8.9.1 for the 2925 on the download site, although it's been on the international site for some time.

Please Log in or Create an account to join the conversation.

  • prushmere
  • User
  • User
More
01 Jul 2018 07:53 #10 by prushmere
Replied by prushmere on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?

Piste Basher wrote: Interesting that Draytek UK have not loaded 3.8.9.1 for the 2925 on the download site, although it's been on the international site for some time.



Having tried it on my 2925 yesterday, I can see why! One device on my (IPV4) network couldn't even see the internet and my webserver was also no longer accessible from the outside world. The first thing I always do after installing a new firmware is to regenerate the self-signed cert. - it was having none of that either.

As someone said above, it appears to be fatally flawed for many reasons.

Please Log in or Create an account to join the conversation.

  • markus.schloesser
  • Offline
  • Junior Member
  • Junior Member
More
04 Jul 2018 12:37 #11 by markus.schloesser
Replied by markus.schloesser on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?
also having IPv6 issues here, mainly with the 2 Pixel phones of the household, so I don't know if it's the Pixels or the draytek. The issues manifest themselves in 10 seconds load times while connected to wifi, I assume the phones do a fallback to IPv4 then. temporarily dis-/enabling wifi fixes it. My wild guess is stale IPv6 addresses. I've already tried to lower RA lifetime from 1800 to 1200 sec and that does improve the situation, but does not fix it fully. Also waiting for the July patch from Google which is supposed to "fix connection issues with certain routers". 2860 with 2 Ap910c here

Please Log in or Create an account to join the conversation.

  • paulbds
  • User
  • User
More
15 Jul 2018 21:09 #12 by paulbds
Replied by paulbds on topic Re: 2862 - 3.8.9.1_BT firmware upgrade breaks IPv6?
Having similar issues with 3.8.9.1_BT

HOWEVER, I am running a 2762

Reverted back to previous firmware version and working OK

Not technical enough to locate the cause/reasons behind issues except I assumed it was the new firmware causing issues (eg Hive home heating control not working)
will follow progress on BB

ISP - BT (Infinity 2)

Paul

Please Log in or Create an account to join the conversation.