I don't know if they do this, but I'd be happy for the dev guys to run realtime diags on the router while we use it if they want.

As long as it doesn't significantly impact the VDSL/wired Ethernet stuff, we are happy to live with stuttering wifi for a while during any tests they want to conduct.

I've had a further reply to them asking for more details and logs, so we're getting somewhere. I've not had a chance to do this at home yet. Although I've tried every amount of SSIDs, security modes, channels...etc. The logs might help although I did look at my log dumps previously and couldn't see anything, perhaps they can.

Perhaps some of you could do the same:

---

Hello,

Thanks for your email. Can you tell me how many SSID's you are using and the wireless settings for each SSID. Eg security mode, channel.

Along with this can you capture syslogs when the drops in wireless occur. These logs may help diagnose the issue.

Syslog capture guide

http://www.draytek.com/index.php?option=com_k2&view=item&id=2678&Itemid=293&lang=en

Regards,


http://www.support.draytek.co.uk

@faris and floobe:

GRE is Cisco proprietary and will only work between Cisco devices.
IPSec however isn't. I never managed to get an IPSec tunnel up, either by remote dial-in or to a Cisco ASA 5510.
Only L2TP works, which is an entirely different way of routing.

@faris

I've asked about real-time debugging before (like 'debug' on Cisco via the terminal), but there doesn't seem to be that option.
Only the Syslog explorer or the Syslog tool.
Shame

Thanks Toby.

[Again, this is OT but....I can get an pptp tunnel open with the third party VPN server, but not L2TP, and I want L2TP with IPsec policy]

Hi Faris,

with regards to IPSec L2TP, first go to 'IPSec General Setup', enter a pre-shared key (unless you're using certificates) and uncheck everything but AES.
Then, go to 'Remote Dial-in User', and enter:
- Enable this account (Idle timeout = 0)
- L2TP with IPSec Policy (Must)
- Specify Remote Node (leave Remote Client IP AND Peer ID both empty)
- Select where you want your IP address to come from (normally default LAN if you want LAN access)
- Enter a user name and password (no mobile-one-time password)
- Set IKE Authentication Method to Pre-Shared Key (and enter the same key as in the General VPN set-up)
- IPSec Security method, only check AES, peace Local ID empty

This gives me a IPSec L2TP tunnel from iPhone, Win 7 (with built-in VPN, no Draytek Smart VPN) and Ubuntu.

Unfortunately, I haven't been able to establish a pure IPSec Tunnel (either Remote-Dial-in or to a Cisco ASA 5510); I've posted a so far unanswered query in the VPN forum.

I do think Draytek's VPN setup with third party hard/software could be a lot better. If the above doesn't solve it for you, some cheaper TP-Link routers now allow up to 10 IPSec tunnels. Needless to say that they're not as powerful as Draytek, but if you're on a small network, it might offer better compatibility than the current Draytek implementation.
There is also the new Cisco RV series, which is worth looking at.

I'm trialling the 2860 as an alternative to the 800 series ((much) more bang for the buck) for my company's new branch, but six months on, the trial has been declared unsuccessful, not least because of the IPSec problems.