Release Notes for DrayTek Vigor 3900 (UK/Ireland)

Release Notes for DrayTek Vigor 3900 (UK/Ireland)
Release Notes for DrayTek Vigor 3900 (UK/Ireland)
Firmware Version
Release Type
Build Date
Release Date
Revision
Applicable Models
Locale
1.3.0 (Formal Release)
Regular – Upgrade recommended when convenient
26th April 2017
17th May 2017
7020
Vigor 3900
UK & Ireland Only
New Features
1.
2.
3.
4.
5.
6.
7.
8.
Support for GRE Tunnel under [VPN and Remote Access] > [VPN Profiles] > [GRE] for
compatibility with Cisco routers
Support for IKEv2 IPsec VPN tunnels
XAuth authentication support for IPsec Remote Dial-In Teleworker VPN tunnels
Central AP Management support – manage up to 50 VigorAP access points
Central Switch Management support – manage up to 10 VigorSwitch switches
New interface with improved design for mobile devices available through:
https://<router IP>/mobile
Support for DNSSEC added in [Applications] > [DNS Security]
[NAT] > [Server Load Balance] added
Improvements
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
The router will notify when another DHCP server is detected
DHCP options can now specify DHCP Gateway IP Address
Support dynamic prefix for IPv6 LAN
WAN Interfaces will default to DHCP when enabled
High Availability Hot Standby mode can now be switched manually
Firewall now has a Guest group in [Filter Setup] to apply rules to Guest Profile users
If Firewall – Default Policy is set to Block, option added to “Block All Incoming Traffic”
Bandwidth Limit now supports “Auto Adjust to make best use of available bandwidth”
option
Bandwidth Limit & Session Limit can now be applied to User Objects, Groups & LDAP
Added VPN Disconnect Alert Delay to [Notification Object] > [Advanced Setting]
StartTLS Connection Security supported in [Mail Service Object] & Mail Alert
Added an option to disable User Login Mail Alert
Mail Alerts for WAN Status changes now include the WAN IP
HTTPS Management can now be enforced using Enforce HTTPS Management option,
forwards HTTP access attempts to the HTTPS interface
SSH interface now supports SHA2 authentication
Timezone configured in Time and Date settings now defaults to UK
Traffic Graph now displays CPU and Coprocessor usage history graphs
Added Apply Settings to VigorAP section to TR-069 configuration
Support for scheduled reboot on weekdays only
Improvements to the Fail to Ban & Access Barrier functions
LAN DNS now supports wildcards
LAN DNS profiles can now perform conditional DNS forwarding when the Type of the LAN
DNS profile is set to FORWARD
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
Dynamic DNS now supports HTTPS
Dynamic DNS now supports User Defined mode for custom API configuration
Google Domains added to Dynamic DNS
OpenDNS added to Dynamic DNS
Ping & Trace Route diagnostics can now select which WAN IP Alias to send through
Added View button to Certificate Management to view loaded certificate details
Search functionality added to:
a. IP Objects & Groups
b. Service Type Objects & Groups
c. Keyword / DNS Objects
d. User Profiles
e. VPN Profiles
f. NAT Port Redirection rules
Web Portal can now redirect to specified LAN DNS address instead of IP
[User Management] > [Web Portal] – Login History added
Clean Deadline button added to Guest Profile to renew usage time of selected account(s)
Guest Profile accounts can specify max simultaneous logins
Added Search Button in LDAP to allow users to view and select the Base DN/Group DN
LDAP now supports SSL connection to LDAP Server
Improvements to the RADIUS configuration page
[NAT] > [Port Redirection] can specify allowed Source IP Objects to allow only specified IPs to
access port forwards without making Firewall Filter Rules
Policy Route rules can select Service Type Objects instead of manually specifying ports
Policy Route rules can now specify Time Objects to apply rules during specified times only
Added a priority graph to Policy Route rules, click “(?)” to view
Support for SPF/TXT DNS Records for WAN Inbound Load Balance
VPN Profiles can now be renamed
VPN Profiles now display Status icon to indicate connection state
SSL VPN port can be configured separately from HTTPS management interface
SSL VPN can be disabled on individual WAN interfaces in [Access Control] to allow NAT Port
Redirections to be configured with that port, to the WAN interface with SSL VPN disabled
Allowed WAN interfaces for PPTP VPN server can be selected in [VPN and Remote Access] >
[PPP General Setup]
IPsec VPN can be set as Default Route/Gateway with Apply NAT Policy enabled for that VPN
User Profiles can specify allowed VPN Dial-In times by selecting Time Objects
IPsec proposal DH Group now defaults to G5 (1536-bit)
Multiple SAs (Security Associations) added to IPsec VPN profiles to specify additional Local &
Remote subnets
Central VPN Management is now able to configure SSL VPN tunnels
Known Issue
1.
2.
3.
High Availability - Updating from a firmware version <=1.1.0.2: Due to significant
changes to High Availability functionality, existing HA configuration will be cleared
during the update process and it will be necessary to reconfigure High Availability after
the update
Disable "Force IPsec with L2TP" option in [VPN and Remote Access] > [PPP General
Setup] to allow a standard L2TP tunnel, otherwise the L2TP server will allow L2TP with
IPsec only
F/W 1.2.0 onwards Changes the behaviour of the IP Filter. After upgrade some IP Filter
rules may need to be reconfigured. Please read the "Filter Rule Actions" segment of this
guide for more information on the changes:
http://www.draytek.co.uk/support/guides/kb-3900-ipfilter-basics
Important Note - Upgrading Firmware
Do not upgrade directly from 1.0.5 (and earlier) to 1.3.0.
Due to differences in the Web UI and functionality the router MUST first be upgraded to at least
1.0.7.1 prior to upgrading to 1.3.0.
Upgrade your router to Version 1.0.7.1 or later first, and afterwards upgrade the router to Version
1.3.0.
Upgrade Instructions
It is recommended that you take a configuration backup
prior to upgrading the firmware. This can be done from
the router's system maintenance menu.
To upgrade firmware, select 'firmware upgrade' from
the router's system maintenance menu and select the
correct file.
Manual Upgrade
If you cannot access the router's menu, you can put the router into 'TFTP' mode by holding the
RESET whilst turning the unit on and then use the Firmware Utility. That will enable TFTP mode.
TFTP mode is indicated by all LEDs flashing. This mode will also be automatically enabled by the
router if there is a firmware/settings abnormality. Upgrading from the web interface is easier and
recommended – this manual mode is only needed if the web interface is inaccessible.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.2.2 (Formal Release)
22nd November 2016
13th October 2016
r6591
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
FTP connections in Active mode were not passed correctly through NAT
When using [Diagnostics] > [Data Flow Monitor] > Packet Monitor, results could not be
filtered by Host
Resolved an issue that could cause higher than normal memory usage with some router
configurations
When configuring a User Management profile for VPN with MOTP enabled, it could not
be saved without entering a password
TTL values were reported incorrectly in the [Diagnostics] > [Session Table]
Improved connectivity for Mac OS X SmartVPN clients
Known Issues
1.
2.
3.
High Availability - Updating from a firmware version <=1.1.0.2: Due to significant
changes to High Availability functionality, existing HA configuration will be cleared
during the update process and it will be necessary to reconfigure High Availability after
the update
Disable "Force IPsec with L2TP" option in [VPN and Remote Access] > [PPP General
Setup] to allow a standard L2TP tunnel, otherwise the L2TP server will allow L2TP with
IPsec only
F/W 1.2.0 onwards Changes the behaviour of the IP Filter. After upgrade some IP Filter
rules may need to be reconfigured. Please read the "Filter Rule Actions" segment of this
guide for more information on the changes:
http://www.draytek.co.uk/support/guides/kb-3900-ipfilter-basics
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.2.1 (Formal Release)
7th September 2016
24th August 2016
r6454
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
The router's Online Status can display "Remote DSL" information from a Vigor 130 or
Vigor 120v2 modem connected to the router's WAN ports
Support WAN Load Balance by Session, configured in [Routing] > [Default Route], the
default is IP-based Load Balancing
Packet Monitor facility added to [Diagnostics] > [Data Flow Monitor] to capture
WAN/LAN packets and download as a .pcap file
Web Content Filter Query Server can now be specified in [Objects Setting] > [Web
Category Object] > [Query Server] tab
Improvement
1.
2.
3.
4.
5.
6.
NAT efficiency improvements
SSL VPN supports Idle Timeout and Reconnect
APP-Enforcement Signature updated to improve handling of:
i. IM-Google Hangouts
ii. Protocol-DNS
iii. HTTP
iv. SSL/TLS
v. Tunnel-Ultrasurf
vi. VoIP-RC
vii. WebHD-HTTP_Upload
Web interface response time improved when displaying large numbers of Profiles (User
Profile, IP Objects, etc)
Improved TCP SYN+FIN filtering mechanism
Auto DDoS defense added to reduce CPU load if DDoS occurs
Known Issues
1.
2.
3.
High Availability - Updating from a firmware version <=1.1.0.2: Due to significant
changes to High Availability functionality, existing HA configuration will be cleared
during the update process and it will be necessary to reconfigure High Availability after
the update
Disable "Force IPsec with L2TP" option in [VPN and Remote Access] > [PPP General
Setup] to allow a standard L2TP tunnel, otherwise the L2TP server will allow L2TP with
IPsec only
F/W 1.2.1 Changes the behaviour of the IP Filter. After upgrade some IP Filter rules may
need to be reconfigured. Please read the "Filter Rule Actions" segment of this guide for
4.
more information on the changes: http://www.draytek.co.uk/support/guides/kb-3900ipfilter-basics
FTP connections do not work in "active" mode, "passive" mode works normally. This will
be fixed in the next firmware release.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.2.0 (Formal Release)
29th December 2015
3rd December 2015
r5723
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
5.
6.
7.
8.
CPU, Memory, Traffic Tx/Rx usage added to [Notification Object], configured under
Advanced Setting tab
[Configuration Backup] > [Analysis] displays details of router configuration on one page
Auto Firmware Upgrade and Auto Firmware Patch now available to simplify update
process
[User Management] > [Web Portal] new features:
a. Can use SMS as an authentication method (requires internet SMS provider
configured)
b. Option to block mobile devices if required
c. Customise login & background images in Portal Page Setup
MAC/Vendor Object now supported for use with IP Filter
SMB Server now available under [USB Application] menu for file sharing of connected
USB storage
Now supports SHA2_256 for IPsec VPN tunnel authentication
SSL VPN port can now be configured as a separate port from HTTPS Management under
[System Maintenance] > [Access Control]
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Improvements to the design and functionality of [Applications] > [High Availability]
Corrected an issue with Port Redirection which could occur after upgrading to 1.1.x
firmware
[Firewall] > [Filter Counter] indicates how many sessions have matched each rule
General improvements to [Firewall] menus and syslog output
Improvements to HTTPS filtering when using Web Content Filtering
Specify Remote IP / Host Name to limit Remote Dial-In VPN connections to that WAN IP
/ Hostname only
Bandwidth Limit can now apply to PPTP Remote Dial-In VPN clients
[Diagnostics] > [ARP Cache Table] now has an option to quickly create an IP Object for
listed IP address
Supports Suffix Type in IPv6 Object configuration
Time Schedule in Filter Rules can now force sessions to clear when the schedule takes
effect
Spotify can now be blocked with the Application Filter
Can specify which WAN interfaces can be used for remote management
Improvements to Traffic Graph and Data Flow Monitor
QoS Class was not displayed in the Session Table
15.
16.
17.
18.
Support for "esendex" SMS Provider
Custom SMS Provider option to define API settings manually for SMS providers not listed
Improved the SOA Serial Format for Inbound Load Balance DNS response
External Devices can now list up to 200 items
Known Issues
1.
2.
3.
Due to significant changes to High Availability functionality, existing HA configuration
will be cleared during the update process and it will be necessary to reconfigure High
Availability after updating to 1.2.0
Disable "Force IPsec with L2TP" option in [VPN and Remote Access] > [PPP General
Setup] to allow a standard L2TP tunnel, otherwise the L2TP server will allow L2TP with
IPsec only
F/W 1.2.0 Changes the behaviour of the IP Filter. After upgrade some IP Filter rules may
need to be reconfigured. Please read the "Filter Rule Actions" segment of this guide for
more information on the changes: http://www.draytek.co.uk/support/guides/kb-3900ipfilter-basics
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.1.0.1 (Formal Release)
9th September 2015
27th August 2015
r5461
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
Corrected an issue that could cause Port Redirection to not work after upgrading the
firmware from 1.0.9 or earlier
Syslog to USB was not writing to USB after restarting the router
It was not possible to modify the max failed Telnet Login attempts before the router
bans the IP
Netbios names were not displaying in the ARP cache table correctly
Improvements to certificate handling for the router's HTTPS interface
DNS Suffix (DHCP Option 15) support added for remote dial-in VPN clients
Upgraded OpenSSL to 0.9.8zg for security updates
Resolves an WAN connectivity issue that could occur after after an extended duration
Known Issues
1. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in [VPN and
Remote Access] > [PPP General Setup].
2. The upgrade may affect Port Redirection entries if the router's configuration has been
upgraded from 1.0.7.1 or previous firmware. To resolve this issue, please use 1.2.0 firmware.
If the router has been factory reset or was installed with 1.0.8 or later firmware, port
redirection will work normally.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.1.0 (Formal Release)
6th August 2015
24th July 2015
r5322
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
SSL VPN LAN to LAN tunnel (Supported from DrayTek Vigor 2960 / 3900 1.1.0 firmware
and Vigor 2860 / 2925 3.8.x firmware).
Internal RADIUS server under [User Management] > [RADIUS].
APP Enforcement supported app list added under [Objects Settings] > [APP Support List].
Added auto/manual APP Signature Upgrade setting page in [System Maintenance] >
[APP Signature Upgrade].
[System Maintenance] > [Access Control] Improvements:
a. Validation Code in Access Control tab to improve web admin security;
b. Fail to Ban setting page to automatically block IP addresses after failed login
attempts;
c. Access Barrier setting page to protect router services (WUI, FTP etc) from brute
force attack.
Added Switch Rate Limit setting page in [Firewall] > [Dos Defense].
Added [NAT] > [Connection Timeout] to allow altering the session timeout of different
traffic types i.e. TCP, UDP etc
Wake on LAN can now operate on a schedule by configuring profiles in [Applications] >
[Wake on LAN] > [Schedule Wake on LAN]
[Diagnostics] > [MAC Address Table] added.
[Diagnostics] > [User Status] added, to show PPPoE / Web Portal / VPN / SSL Proxy users
in one location.
[LAN] > [LAN DNS] now supports wild-card strings and CNAME records for individual
LANs using the Specified LAN option.
[Routing] > [Policy Route] Improvements:
d. Priority options (Normal, High, Top) for more flexible routing.
e. Country Objects as destination addresses.
f. Failover options for target IP ping failure.
Support for Multicast via VPN.
Router's web interface can now notify of new firmware upgrades available.
Improvement
1.
2.
3.
4.
5.
Improved DDoS protection.
SSL VPN settings now available under [VPN and Remote Access] > [PPP General Setup].
PPTP Dial-In VPN Profile (LAN to LAN) now supports multiple remote subnets.
LDAP/RADIUS support for the router's SSL Proxy facility.
[User Management] > [Web Portal] > [Portal Page Setup] now supports uploading an
HTML file as the bulletin message.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
Packet Inspection settings added under [Firewall] > [Filter Setup] > [Default Policy]
[User Management] > [User Profile] > [Apply All] improved to allow multiple choice.
Port Statistics now shown under [Diagnostics] > [Traffic Statistics].
Session Information added to [Diagnostics] > [Traffic Graph].
Vendor Information added to [Diagnostics] > [ARP Cache Table].
Daily / Period timout settings added to Web Portal under [User Management] > [Web
Portal] > [General Setup].
Bind IP to MAC can now be applied to specific subnets.
Supported added for VPN routing through GRE over IPSec tunnel (VPN Trunk).
Keep VPN Setting option added to [Central VPN Management] > [CPE Management].
Alert interval of temperature sensor now configurable under [USB Application] >
[Temperature Sensor] > [General Setup].
The router could not use a DNS server located on the LAN for DNS queries under some
circumstances.
Traffic was unable to pass between LAN and PPPoE server clients.
Web Content Filter category selection page improvements.
IP Filter now shows a counter display for matched packets.
Policy Route increased to 120 entries, Static Route increased to 200 entries.
Known Issues
1. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in [VPN and
Remote Access] > [PPP General Setup].
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.0.9.1 (Formal Release)
16th February 2015
2nd February 2015
r4765
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
The IGMP Proxy feature's compatibility with some ISPs that use PPPoE has been improved.
Support for the Bandluxe C330 USB 3G modem.
SSL VPN now changes tunnel MTU in relation to the WAN MTU.
PPTP Dial-In User VPN connections could not access the internet under some circumstances.
Policy Route was not working with return path traffic.
The IPsec option "Auto Dial Out if WAN1 Down" was still taking effect after being disabled in
the WUI.
7. The router's memory usage was higher than normal when using the Data Flow Monitor.
8. The Access Control List was not working correctly under some circumstances.
9. Improvements to ensure immunity to Ghost/CVE-2015-0235
Known Issues
1. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in VPN and Remote
Access >> PPP General Setup.
2. VPN Trunk tunnel should not be used with a profile name over 15 characters.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.0.9 (Formal Release)
24th December 2014
1st December 2014
r4542
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
5.
Supports USB 4G/LTE. Check [USB]-[Modem support list] in the router's web interface
for details.
Supports USB disk /FTP server.
Supports saving Syslog to USB disk.
Supports Policy Route (replacing Load Balance Rule and Address Mapping menus).
IPSec VPN tunnel can now be configured to pass or block NetBios packets.
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
Disabled HTTPS SSL 3.0 for CVE-2014-3566, this can be configured from the [System
Maintenance] > [Management] page.
Connection request notifications from Vigor ACS were not authenticated
Could not establish IPv6 static connection.
Allow downloading/uploading private key (for Host to LAN VPN by X.509).
Shows the VPN Type/Form fields on VPN History web page.
Improved handling for Duplicated Routes (with Static Route Metric). When the static
route metric is <=10, the priority of that static route will be greater than a VPN route.
Support QoS for VoIP traffic from LAN.
Support "Ping to Keep Alive" feature for detecting whether an IPsec tunnel is able to
pass traffic
Support WAN Port and IP Alias options for PPTP Dial Out connections.
Support for RFC 4638 (accommodating an MTU/MRU larger than 1492 for PPPoE
protocol WAN connections).
Added STUN server option to TR-069 settings.
Added Jumbo Frame setting under [LAN]-[Switch]-[Jumbo Frame] to edit Maximum
Frame size.
Added a "Clear" button for the DDNS settings page.
Bind IP to MAC can now export or import a list of IP / MAC addresses.
[Sytem Maintenance] > [Access Control] can now be configured to accept pings from the
WAN on specified WAN interfaces.
Added “OVH” as service provider for DDNS setting.
Supports Range-to-many Port Redirection.
Improve login page customization for Web Portal setup.
Changed mechanism of deleting objects.
Known Issues
1.
2.
You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in VPN and
Remote Access >> PPP General Setup.
VPN Trunk tunnel should not be used with a profile name over 15 characters.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.0.8.2 (Formal Release)
15th August 2014
13th June 2014
r3968
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
PPTP connection stability improved
Web Portal stability improved
Improved: Remove management port setting which may occupy port redirection.
Improve the stability of High Availability function.
Add telnet timeout if login not completed in 60 seconds
CPU usage is too high when data flow monitor is enabled.
Improved interoperability with SSL VPN client
A problem of WCF license occurred when HA is enabled.
CVM can't perform configuration backup.
NAT Loopback to LAN More Subnet doesn’t work.
DNS for PPTP Remote dial-in is not assigned according to the LAN Profile.
Reboot with Customized Configurations bug.
When firewall default policy (block) is used, HTTP is still available for access.
Web portal still supports URL redirect when login mode is disabled.
Packet count error when PPTP acceleration is enabled.
mOTP User profile cannot be saved without Password.
WAN Priority Bits doesn’t work.
Time object error corrected
[WAN]>[Switch mode]>[double tag] error corrected
Upgrade OpenSSL to 0.9.8za for security updates.
Update WCF (Web Content Filter) to account for Commtouch name change to Cyren.
High Availability improvements
DDNS failover 3G WAN improvements
Known Issues
1. VPN Trunk tunnel doesn't work well when the profile name is more than 15 characters.
2. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in VPN and
[Remote Access]>[PPP General Setup]
Firmware Version
Release Date
Applicable Models
Locale
1.0.8 (Formal Release)
11th March 2014
Vigor 3900
UK ONLY
New Features
1. Same WAN VLAN ID can be used in different WAN interfaces. (WAN >> General Setup Mode:
Advance, Switch Mode: Double Tag)
2. QoS for multiple WANs.
3. SNMP v3.
4. Country block for Firewall.
5. WCF white list.
6. LAN DNS server.
7. BGP routing protocol.
8. SSL VPN in tunnel mode
9. Support Web Portal and Hotspot (Guest profile) in User Management.
10. Support PPTP acceleration for PPTP WAN/Remote Dial-in/LAN to LAN
11. QoS retag option added
12. VPN dial-out failover if WAN disconnected.
13. Support VPN LAN to LAN for overlap/duplicate subnets.
14. Display the last UP/DOWN log of VPN profile.
15. Add default policy for Firewall and default block policy can be applied.
16. Add IPv6 firewall settings.
17. Add DNS object.
18. Add a remote capture telnet command (rc), for traffic monitor and wireshark remote
capture.
19. Add front panel and VPN status on the dashboard.
Improvements
Web User Interface changes
1.
2.
3.
4.
Menu [User Managemen]>[General Setup] renamed [User Management]>[Web Portal]
Move [IP Routing] from to [Routing]>[Status Route] and rename as [LAN/WAN Proxy ARP]
Move [Inter-LAN Route] to [LAN]>[General Setup] from [LAN]>[Static Route]
Move status page to the first tab of each function menu.
Others
5.
6.
7.
8.
9.
10.
Support RADIUS, LDAP, Local authentication in User Management.
Support NAT option for IPsec LAN to LAN.
Support LDAP profile in Firewall.
Support ratio configuration for VPN Load Balancing.
Port number setting for Access Control in WAN IP alias can be passed to LAN by default.
Notification object can be recorded on Syslog through the configuration on
[Applications]>[SMS/Mail Alert Service]
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
Support Local/RADIUS/LDAP authentication for PPTP/L2TP/PPPoE
Inter-LAN route priority changed so that IP filter can control
Support connection failover for TR-069.
Display router name in web page title.
IPsec VPN dial-in connection with all WANs is supported in default.
Support RFC3021.
Combine IM/P2P/Protocol object to App Object for blocking more Apps.
Management Access Control List increased up to 16 entries
Support peer identity for IPsec RSA authentication.
Support password encode option for configuration backup.
Support more special characters in username for user profile.
Number of SSL web proxy/VNC/RDP profiles increased to 30
Support customized DDNS.
Support acceleration of fragmented UDP packets (maximum 1628 bytes).
Support DHCP option 95 (LDAP server), 161(FTP server), and 162 (File path)
Support more subnet DHCP servers in Bind IP to MAC.
Support DHCP relay over LAN/Non-Direct-Connected LAN.
Support DHCP relay settings for PPTP/L2TP/PPPoE.
Support open port to the host in remote VPN network.
Default route cannot work well when two WAN IPs are in the same IP network.
Firmware Version
Release Date
Build Date
Revision
Applicable Models
Locale
1.0.7.1 (Formal Release)
13th November 2013
12th November 2013
r3067
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
Support USB-WAN for WAN Profile under the Setting tab in Application>> Dynamic DNS.
Support WCF (web content filter) in High Availability (HA) application.
Modify the mechanism for IP filter, "if no further match" action.
Add a subnet mask setting, 255.255.255.254, for WAN IP configuration.
Added option disable negotiation for Fiber WAN under the Interface tab in WAN>>Switch.
‘space’ special character can be used in the username for LDAP
QoS IP rule can apply the packets passing through both Local IP and Remote IP.
Improved PPTP service mechanism for multiple simultaneous LAN to LAN dial-ins
Corrected: Can not block / unblock some IPs on Diagnostics>>Data Flow Monitor.
Corrected issue with ICMP packets larger than 8138 bytes over IPSec LAN to LAN tunnel.
Corrected: The user can not access Internet when QoS queue weight is set as “0”.
Corrected: Lower the priority of Inter-LAN routing function.
Corrected: LAN DHCP packets do not respond while LAN DHCP Server is OFF.
Corrected: Can’t accept L2TP VPN from (None) default route WAN.
Corrected: RADIUS client (Vigor router) sends wrong NAS IP address (127.0.0.1).
Corrected traffic status of DHCP over IPsec in VPN Connection Management.
ARP detection may fail when WAN TX traffic is full.
Corrected: SMS can't be sent out when L2TP over IPsec is up and down.
Known Issues
1. VPN Trunk tunnel doesn't work well when the profile name is more than 15 characters.
2. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in [VPN and
Remote Access]>[PPP General Setup]
Firmware Version
Revision
Release Date
Build Date
Applicable Models
Locale
1.0.7 (Formal Release)
2733
2nd Sept 2013
27th Aug 2013
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
5.
6.
Support Central VPN Management (CVM). Up to 16 devices can be managed.
Support 3G backup/load balance.
Support inbound load balance.
Support VPN Trunk failover mode.
Support PPPoE quota setting and MAC address filter.
Support USB temperature sensor. http://www.draytek.co.uk/products/usbthermometer.html
7. Support SMS, Email Alert and Notification object profiles for WAN/VPN connection and USB
temperature sensor.
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
Improved: Support SmartMonitor users up to 500.
Improved: VPN Trunk throughput and stability.
Improved: By default disable insecure SSL Encryption Key Algorithms
Improved: Support DHCP relay on VPN.
Improved: Add Active Standby mode for High Availability (HA).
Improved: QoS redesigned
Improved: Username reported to Syslog
Improved: Add option 60(Vendor ID), 61(Client ID) for WAN DHCP mode.
Improved: Add default maximum session number for Session limit.
Improved: Add flow control settings for Switch.
Improved: Add user defined options for DHCP server.
Improved: Improve DMZ function.
Improved: Add log and force update function for DDNS.
Improved: Add Force L2TP with IPsec policy option enabled in default.
Improved: Corrected causes for high CPU usage being displayed in Web UI
Improved: Stability in TR-069.
Improved: Firmware upgrade speed.
Fixed: Time object cannot work correctly when daylight saving is enabled.
Known Issues
1. VPN Trunk tunnel doesn't work well when the profile name is more than 15 characters.
2. You need to disable "Force IPsec with L2TP" options for pure L2TP tunnel in [VPN and
Remote Access]>[PPP General Setup]
Firmware Version
Release Date
Build Date
Applicable Models
Locale
1.0.6.1 (Formal Release)
10th April 2013
25th March 2013
Vigor 3900
UK ONLY
New Features
(None)
Improvement
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
NAT Port Redirection Rule for FTP server didn't work with two WAN connection
Customized web content message would disappear after rebooting the router
Improvements to VPN Trunk tunnel where profile name are long
PPTP connection display error in VPN Graph for syslog utility
PPTP WAN could not dial-up if the server was set with a domain name
Fixed issue with ping to VPN remote network working after clicking WAN DHCP Renew
Button via web user interface
Fixed Session limit rule notapplying the correct limit due to subnet mask caculation error
Fixed that WAN status displays “up” when the WAN cable is unplugged and WAN detect
mode is set with “(None)”
Corrected an issue with SNMP set/get Community setting
Resolved that VPN traffic wouldn't flow while one of the VPN GRE tunnels is disconnected
Corrected issue preventing some vLAN users from accessing Internet via Browser
Improved DHCP renewal interoperability
Fixed LAN VLAN configuration issues after restoring the web configuration
Corrected WAN1 MAC address used
Improved SIP ALG feature
Fixed that IPSec tunnel uptime would not reset after VPN reconnection
Corrected PPTP sessions problem that would prevent new network connections being setup
Corrected that a PC from remote subnet could't access Internet via PPTP LAN to LAN tunnel
Improvments to IPv6 traffic handling via AICCU
Improved load balance where multiple PPPoE connections have the same gateway
Corrected issue where multiple WAN disconnections could prevent VPN Trunk from
reconnecting
Added information for remote network connected with GRE over IPsec to Routing Table
Corrected issue where enabling Perfect Forward Secrecy in VPN client could prevent
connection
Display issue with transmitted/received (TX/ RX) packets in Connection Management fixed
for VPN clients behind NAT
Improved parameters stability for TR-069
Improved throughput between different VLANs
Added sending ARP for WAN Alias IP to WAN Gateway when connected
Added support for VPN on Alias WAN IP and IP Routing IP
Add mail alert when VPN is up
30. High availability improvements
Known Issues
1. VPN Trunk tunnel profile names should be kept to less than 15 characters.
Firmware Version
Release Date
Build Date
Applicable Models
Locale
1.0.6 (Formal Release)
2nd Jan 2013
6th Nov 2012
Vigor 3900
UK ONLY
New Features
1.
2.
3.
4.
5.
6.
VPN(IPSEC) Routing Acceleration
Supports PPPoE server for LAN PC connection
Support VPN Alarm via E-mail & Syslog
Support VPN Graph for syslog utility
Support PPP mode for IPv6
Support domain name for IPSec/PPTP dial-out
Improvements
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
1.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
URL filter can block HTTPS connection by host keyword
WCF support https block by web category
Add QQ account filter for Firewall
WAN4 is regarded as physical DMZ port
Add time schedule for session limit and bandwidth limit
Web content filter (WCF) stability improvements
Data flow monitor resource allocation improvements
DHCP server cannot work when Multi-LANs is configured
Hosts under routing LAN can not access into the router
Configuration backup may fail
UPnP improved
Changing web port could prevent User management from working
WebUI server security improvements
IPsec RX/TX packets count may have error after entering phase2 rekey
L2TP connection status error after disconnection.
16 Cannot create IPsec VPN in aggressive mode when selecting AES as IKE phase 1
encryption.
PPTP dial-in may fail while using static IP mode.
VPN load balance may not work after connection reconnects
SSL Application doesn't work when HTTPS port is not set with 443.
Support PPTP dial on demand and idle timeout.
Support URL filter rules move up/down.
Support VLAN priority in LAN/WAN interface.
Support QoS packet by DiffServ (DSCP/TOS) for outgoing packet.
Let the user profile password support more special characters in standard ASCII table.
Show the IP binding with MAC in DHCP table.
Mail Alert Send test e-mail button added
Add 36 regions time zone options for NTP.
Improve user management login process.
28. Add Common Name Identifier field in LDAP configuration.
29. Add an option for DDNS to select Internet IP or WAN IP.
Known Issues
1. VPN Trunk tunnel profile names must be less than 15 characters.
Firmware Version
Release Date
Applicable Models
Locale
1.0.5 (Formal Release)
4th Sept 2012
Vigor 3900
UK ONLY
First Firmware Release
Known Issues
- Devices on non-NAT subnets are unable to access the routers management interface
[END OF FILE]
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising