DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigo 2927 VPN broken after update

  • marc_nl
  • Topic Author
  • Offline
  • New Member
  • New Member
More
22 Jun 2022 22:46 #1 by marc_nl
Vigo 2927 VPN broken after update was created by marc_nl
Last week I updated my 2927 to 4.4.0 and although I've read the release notes and checked the firewall for VPN settings (which aren't there) the update killed all my VPN connections. My backups depend on this OpenVPN connection and after reading and re-reading, I still don't understand what Draytek is meaning with the following text:"

A firewall can restrict/drop unwanted inbound WAN traffic such as VPN requests. The
router's firewall block rules can stop remote management and VPN access. It is
recommended to review the firewall settings before upgrading.



I did noticed that the date and time are reset to 1-1-2000 00:00:00 and that the self signed certificates are deleted... restoring time and certificates did nothing.
I have no rules defined for incoming traffic and under 4.3.2 everything was fine. So I tried a downgrade, but everything was still broken.

Does anybody know if there must be a rule in the firewall to allow VPN traffic?

I really love my router, but these stupid things drive me nuts! Every update something else stops working or works differently than in the release notes written. I think if I get this to work, I never update again :evil: :wink:

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
23 Jun 2022 00:35 #2 by hornbyp
Replied by hornbyp on topic Re: Vigo 2927 VPN broken after update

Marc_NL wrote:
Does anybody know if there must be a rule in the firewall to allow VPN traffic?



Previously, it was always the case that the VPN 'endpoint' was the "internet-side" of the firewall (so to speak), so you couldn't use it to prevent (rogue) inbound access to your VPN. Maybe they've done something to address that in the Vigor 2927 ?

Existing firewall rules might contain restrictions on outbound connections accessing a "LAN/DMZ/RT/VPN", but if present, they wouldn't have worked before the upgrade either...

Please Log in or Create an account to join the conversation.

More
23 Jun 2022 08:41 #3 by piste basher
Replied by piste basher on topic Re: Vigo 2927 VPN broken after update
I have a 2927ax and as far as I can tell my VPN's are working after the update.

If your clock reset and things were deleted did you use the .rst file to upgrade instead of the .all ?

(what I still don't have is the much-vaunted (by Draytek) mesh capability - very disappointing)

Please Log in or Create an account to join the conversation.

  • marc_nl
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jun 2022 09:00 #4 by marc_nl
Replied by marc_nl on topic Re: Vigo 2927 VPN broken after update
Support is not of much help; they say it may be a crappy DNS, but things worked with 4.3.0 with exactly the same setting. Yesterday I returned to 4.3.0 and (almost) everything works again... but support says it can't be the upgrade.

hornbyp wrote:

Marc_NL wrote:
Does anybody know if there must be a rule in the firewall to allow VPN traffic?



Previously, it was always the case that the VPN 'endpoint' was the "internet-side" of the firewall (so to speak), so you couldn't use it to prevent (rogue) inbound access to your VPN. Maybe they've done something to address that in the Vigor 2927 ?

Existing firewall rules might contain restrictions on outbound connections accessing a "LAN/DMZ/RT/VPN", but if present, they wouldn't have worked before the upgrade either...

Please Log in or Create an account to join the conversation.

  • marc_nl
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jun 2022 09:06 #5 by marc_nl
Replied by marc_nl on topic Re: Vigo 2927 VPN broken after update
I used the .all; If I used the .rst there was more lost than only the date and time.

There weren't other things deleted, VPN was broken and I am unable to get it to work like it used to be.

Piste Basher wrote:
I have a 2927ax and as far as I can tell my VPN's are working after the update.

If your clock reset and things were deleted did you use the .rst file to upgrade instead of the .all ?

(what I still don't have is the much-vaunted (by Draytek) mesh capability - very disappointing)

Please Log in or Create an account to join the conversation.

  • marc_nl
  • Topic Author
  • Offline
  • New Member
  • New Member
More
27 Jun 2022 12:20 #6 by marc_nl
Replied by marc_nl on topic Re: Vigo 2927 VPN broken after update
Since i got the OpenVPN working again, I noticed a few odd things;

  • My iPhone SE2 is almost working with the new config like before; I only can't reach my servers on my local network, but I have internet via VPN.

  • My laptop can connect to OpenVPN, but I can only reach the router by the VPN-lan IP; 192.168.140.1 and not by the 'real' IP of the router; 192.168.1.1 My laptop can't reach my servers in my local network and I have no internet on my laptop for as long as the OpenVPN connection exists.

The 'fun' part is... the configs and settings for both are exactly the same in te router and in the OpenVPN client. The settings in the router are the exact same ones whom with the previous 4.3.2 firmware worked perfectly. After updating to 4.4.0 and downgrading to 4.3.2 it doesn't work anymore *sigh*

I guess I have to factory reset the router again after an update and manually set all settings again... importing a backup usually results usually in the same problems.

Every f'ing update something stops working; VPN, VLAN's, dropping internet connections, spontanious resets/crahses, etc. I really like the router, but let them FIX some bugs without introducing new ones. I haven't been able to make an off-premise backup in 3(!) weeks.

Please Log in or Create an account to join the conversation.