II. Resetting & Router Firmware
ExpiredBackup and Restore the configuration of a DrayTek Vigor router
Taking backups of the router's configuration is recommended; It's good practice to take a backup so that if major change to the router, such as making significant configuration changes (VLAN, Firewall changes, etc), needs to be reversed it can be done so quickly. It is also good practice to make sure that there is a copy of the backup prior to a firmware update.
Store backups securely
The ".cfg" configuration backup file taken from a DrayTek Vigor router running DrayOS firmware (Vigor 2830, Vigor 2860 etc) is encrypted so that it cannot be read in any way and can only be used to load configuration settings onto a DrayTek Vigor router. Loading this configuration will restore all configuration details (detailed in the FAQ below) of the router that the configuration backup was taken from, with the original router's management password.
Although DrayTek Vigor router configuration files are encrypted, configuration files should be stored securely to protect network and user account security. In addition to ensuring backups are stored securely, this can be further mitigated by securing the configuration with a password, so that it can only be loaded onto a router when the correct password is supplied, which is explained in the "Configuration Backup and Restoration" section below.
Article Sections
Click on a link to jump to the relevant section for your product:
Configuration Backup and Restoration |
Guidance on how to backup and restore configuration files from DrayTek Vigor routers. |
Backing up Certificates |
How to back up and restore the router's certificates. Certificates stored on the router are not backed up in the router's configuration file. |
Frequently Asked Questions |
Answers to some common questions relating to backing up a DrayTek router's configuration:
|
Configuration Backup and Restoration
Taking a Configuration Backup from a DrayTek Vigor router
To back up the configuration of a DrayTek Vigor router running DrayOS firmware, access the router's web interface and go to [System Maintenance] > [Configuration Backup]. Click the Backup button to download the router's configuration file through the browser:
Save the configuration file through the web browser onto the computer when prompted:
Password Protection
DrayTek routers with firmware versions 3.7.8 and later have the option to encrypt the configuration file with a password, which requires the password to be supplied to load the router's configuration file. Clicking the "Protect with password" option will then show the password entry fields.
Restoring a configuration backup file onto a DrayTek Vigor router
To restore the saved configuration of a DrayTek Vigor router, go to [System Maintenance] > [Configuration Backup] and click "Browse..." to locate the configuration file on the computer. Click the Restore button to load the configuration on the router.
The "Restore configuration except the login password" option can restore the configuration of the router with its factory default management password of "admin" if the configuration file was taken from the same router hardware that it is being loaded on to.
If the configuration backup file has been renamed from its original filename, the router will promrpt to confirm whether the configuration file should be loaded. If the configuration file is the correct one for the router, click OK to continue the configuration loading process.
Restoring password protected configuration backup files
If the configuration file has been protected with a password, a pop-up prompt will appear to enter the password. This password must be entered to continue to the load the configuration backup on the router.
Once the configuration file has been loaded onto the router, the configuration will over-write all settings currently configured on the router. The settings from the configuration backup will take effect once the router is restarted, including the IP address of the router, VLAN and password settings.
Click the Restart button to reboot the router with the new configuration.
Backing up Certificates
Certificates that have been generated on the router and signed by a Trusted Certificate Authority must be backed up separately from the router's main configuration file. This is because the router uses a private key that is separate from the router's main configuration when generating the Certificate Signing Request (CSR). More information on generating and signing certificates can be found here.
Because the private key is used to validate certificates, loading a signed certificate without the corresponding private key is not possible, the router will not allow certificates to be imported that do not have a matching private key or certificate signing request.
The backup of the router's certificates is stored as an encrypted .cfg file and is specific to DrayTek routers with DrayOS firmware, the individual certificates and private keys cannot be extracted.
Creating a Certificate Backup
To back up a router's certificates, go to [Certificate Management] > [Certificate Backup]. Enter a password to encrypt the certificate backup with, which will be required to restore the backup and click the Backup button to download the router's certificates:
This will download the certificates as a .cfg file to the web browser:
Restoring a Certificate Backup file
To restore a DrayTek router certificate backup, go to [Certificate Management] > [Certificate Backup]. Click the "Browse..." button to locate and select the file, enter the password that the backup was taken with and click the Restore button to load the backup onto the router.
If the password is correct for the certificate backup, the router will display a confirmation that the certificates have loaded successfully.
The loaded certificates will then be visible with the correct state in the [Certificate Management] > [Local Certificates] section:
Frequently Asked Questions
What is stored in a DrayTek Vigor router .cfg (config) file?
All settings of the router, including:
- Router administration passwords
- WAN configuration settings with ISP account usernames and passwords
- VPN profiles with usernames and passwords
- Wireless configuration with wireless pass-phrases and access control list entries
- User Management (RADIUS & 802.1X) user accounts and passwords
- USB User Management user accounts and passwords
- Vigor ACS-SI TR-069 configuration with username and password settings
- The router's Self-Signed Certificate for HTTPS management & SSL VPN
- All other settings that can be configured on the router, such as Firewall, NAT settings, QoS configuration and IP Objects
What is not stored in the router's configuration file:
- Local Certificates stored on the router - These must be backed up separately as described in the "Backing up Certificates" section. Comprised of a "Private Key" that is created when generating a Local Certificate and the signed certificate resulting from a Certificate Signing Request - Explained Here.
Loading a signed certificate without the associated "Private Key" will result in the certificate being un-usable by the router and the router will be unable to load the certificate. - Trusted CA Certificates that have been loaded on to the router
- Custom Login Page Logo images that have been uploaded to the router
- GlobalView Web Content Filter license information - Globalview licensing is per device (or per High Availability group, where one router is active at any one time) and is activated on the Vigor router through the DrayTek MyVigor system
- App Enforcement license information - This is linked to the router automatically through the DrayTek MyVigor system
What does "Warning: Config filename mismatched" indicate?
This error message will display when the configuration file has been renamed in any way, the configuration file can still be loaded onto a router without issue.
Is there a plain-text version of the router configuration available?
No, the router's main configuration cannot be saved or extracted in a plain-text format.
Loading configuration files on different DrayTek Vigor router hardware
This configuration file can be loaded onto the same router or a replacement router of the same series i.e. Vigor 2860n to Vigor 2860ac. Any settings that were unavailable on the original router, such as additional wireless configuration settings, are populated automatically with the DrayTek factory default settings for that model.
It is possible to load a backed up configuration from an older model DrayTek Vigor router such as the Vigor 2820 onto a newer Vigor router of similar series, such as a Vigor 2860, to simplify the process of upgrading between router models. This is explained in depth here: Transferring configuration backups between routers.
MyVigor Licenses including GlobalView WCF
Licenses such as the GlobalView Web Content Filter are linked to the router hardware that the license was activated on; loading the configuration file on different router hardware will not move the GlobalView license entitlement to the new router. In situations where the original router hardware is lost or unavailable, it is recommended to contact the support team for assistance.
DrayTek Vigor routers that support High Availability and are configured for "Hot Standby" mode, where only one router is active at any one time, can be configured to share the same Web Content Filter license. This is explained in depth in the "MyVigor License Sharing" section of the High Availability - Hot Standby mode setup guide.
How do you rate this article?
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.