Release Notes for DrayTek Vigor 3900 (UK/Ireland)

Add to my manuals
38 Pages

advertisement

Release Notes for DrayTek Vigor 3900 (UK/Ireland) | Manualzz

Release Notes for DrayTek Vigor 3900 (UK/Ireland)

Firmware Version

Release Type

Build Date

Release Date

Revision

Applicable Models

Locale

1.3.3 (Formal Release)

Critical – Upgrade recommended immediately

22

22 nd nd

March 2018

March 2018

7640

Vigor 3900

UK & Ireland Only

New Features

(None)

Improvements

1. Improvement related to frmware security

Known Issue

1. High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to

High Availability functonalityy existng HA confguraton will be cleared during the update process and it will be necessary to reconfgure High Availability afer the update

2. L2TP Tunnel - Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP

General Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with IPsec only

3. IP Filter - F/W 1.2.0 onwards changes the behaviour of the IP Filter. Afer upgrade some IP

Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htp://www.draytek.co.uk/support/guides/ kb-3900-ipflter-basics

Important Note - Upgrading Firmware

Do not upgrade directly from 1.0.5 (and earlier) to 1.3.3.

Due to diferences in the Web UI and functonality the router MUST frst be upgraded to at least

1.0.7.1 prior to upgrading to 1.3.3.

Upgrade your router to Version 1.0.7.1 or later frsty and aferwards upgrade the router to Version

1.3.3.

Upgrade Instructions

It is recommended that you take a confguraton backup prior to upgrading the frmware. This can be done from the router's system maintenance menu.

To upgrade frmwarey select 'firmware umpg rade ' from the router's system maintenance menu and select the correct fle.

Manual Upgrade

If you cannot access the router's menuy you can put the router into 'TFTP' mode by holding the

RESET whilst turning the unit on and then use the Firmware Utlity. That will enable TFTP mode.

TFTP mode is indicated by all LEDs fashing. This mode will also be automatcally enabled by the router if there is a frmware/seengs abnormality. Upgrading from the web interface is easier and recommended – this manual mode is only needed if the web interface is inaccessible.

Firmware Version

Release Type

Build Date

Release Date

Revision

Applicable Models

Locale

1.3.2 (Formal Release)

Regular – Upgrade recommended when convenient

24 th November 2017

12 th December 2017

7459

Vigor 3900

UK & Ireland Only

New Features

1. Fast NAT functonality added to improve outbound NAT throughput by bypassing frewall processing for specifed local subnet(s) going through selected WAN interfaces.

Confgured in NAT] > Fast NAT]

Improvements

1. Updated DNSMasq to improve securityy for more details please read this security advisory: htps://www.draytek.co.uk/informaton/our-technology/dnsmasq-vulnerability

2. Confgured and functoning URL/Web Category Profles could display as a blank profle in the web interface

3. Syslog output would report the rate unit as Kbps when seeng the Filtering Rate (Mbps) in

Firewall] > DoS Defense] > Switch Rate Limit] > Storm Filter]

4. Access Barrier for HTTPS management could potentally block an authentcated HTTPS management session

5. Corrected a potental error which might result in fooding a WAN interface removed from the Load Balance Pool

6. The Counter value for URL/Web Category Filter rules could not increment when blocking

HTTPS websites

7. LDAP with Bind Type set to “Regular Mode” – When clicking the Search buton for Base DNy the router would atempt to bind with Rooty which caused compatbility issues with

Windows LDAP servers

8. HTTPS fltering behaviour was incorrect when fltering with a keyword of “.”

9. Improved reliability of fltering by File Extension with the Firewall

10. High Availability failover did not occur when all WANs failed on the primary router

11. Multple subnets available through a VPN Trunk in Backup mode were unavailable when

Primary Interface VPN tunnel dropped and the Backup Interface VPN tunnel became actve

12. VPN tunnels were unable to route trafc if a PPPoE WAN was disconnectedy remained ofine for over 12 hours and was then reconnected

13. Dial Out IPsec VPN could not establish if VPN server hostname started with a number (0-9)

14. Afer upgrade from frmware 1.2.2y VPN and Remote Access] > Connecton Management] could not display profle names for IPsec VPN tunnelsy displaying a “Lack of Ptype” error

15. Web Portal could confict with IP flter rules

16. Improved Bandwidth Management] > Bandwidth Limit] rate limitng algorithm

17. AP Management broadcast packets no longer send through VPN tunnelsy this can be enabled in AP Management] > General Setup] by enabling “Pass-Through VPN”

18. Improved Web Portal login page load tmes

19. QoS profles and Firewall Filter Rules can now specify up to 200 Service Type Objects

20. IPsec VPN stability improvements

Known Issue

1. High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to

High Availability functonalityy existng HA confguraton will be cleared during the update process and it will be necessary to reconfgure High Availability afer the update

2. L2TP Tunnel - Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP

General Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with IPsec only

3. IP Filter - F/W 1.2.0 onwards Changes the behaviour of the IP Filter. Afer upgrade some IP

Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htp://www.draytek.co.uk/support/guides/ kb-3900-ipflter-basics

Firmware Version

Release Type

Build Date

Release Date

Revision

Applicable Models

Locale

1.3.1 (Formal Release)

Regular – Upgrade recommended when convenient

11 th July 2017

27 th July 2017

7156

Vigor 3900

UK & Ireland Only

New Features

1. Fast Route functonality added to improve throughput by bypassing frewall processing for specifed routed subnets (VPN tunnels etc.). Located in Routng] > Fast Route].

Improvements

1. Resolved an issue that could stop the router from resolving DNS hostnamesy this would afect any services that resolve hostnames to IP addressesy such as Content Filteringy NTPy

Mail Alerty DNS Server etc.

2. Improvements to Samba service to ensure immunity to CVE-2017-7494

3. Updated SSH server

4. Updated App Enforcement signatures to improve handling / blocking of: a. Hotspot b. UltraSurf c. PPstream d. Google Hangouts

5. NAT] > Server Load Balance] can now balance based on “Source IP”

6. Central AP Management can select all managed VigorAPs to apply WLAN Profles / AP

Maintenance tasks

7. Resolved an issue with User Management] > Web Portal] and SMS authentcaton

8. User Management] > User Profle] > Apply All tab could not alter PPTP seengs

9. IPsec VPN tunnels could not re-establish VPN connecton over specifed “Failover to” WAN

10. Resolved an issue with IPv6 when using an IPv6 WAN confgured for DHCPv6 PD (IAID)

11. iPad / iPhone devices with iOS 10.3.1 and later could not establish IKEv2 VPN tunnel

12. XAuth VPN tunnel could not authentcate if the password contained “#” or “.” characters

13. The router could not perform DDNS update for “Strato” Dynamic DNS

14. Improved PPPoE server efciency

15. IPv6 Ping Diagnostcs would not display the ping result

16. Resolved a display issue with Switch Management’s Switch Hierarchy view

Known Issue

1.

2.

3.

High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to High Availability functonalityy existng HA confguraton will be cleared during the update process. Reconfgure High Availability afer updatng the frmware.

Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP General

Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with

IPsec only

F/W 1.2.0 onwards Changes the behaviour of the IP Filter. Afer upgrade some IP Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htp://www.draytek.co.uk/support/guides/kb-3900-ipflter-basics

Firmware Version

Release Type

Build Date

Release Date

Revision

Applicable Models

Locale

1.3.0 (Formal Release)

Regular – Upgrade recommended when convenient

26 th April 2017

17 th May 2017

7020

Vigor 3900

UK & Ireland Only

New Features

1.

2.

3.

4.

5.

6.

7.

8.

Support for GRE Tunnel under VPN and Remote Access] > VPN Profles] > GRE] for compatbility with Cisco routers

Support for IKEv2 IPsec VPN tunnels

XAuth authentcaton support for IPsec Remote Dial-In Teleworker VPN tunnels

Central AP Management support – manage up to 50 VigorAP access points

Central Switch Management support – manage up to 10 VigorSwitch switches

New interface with improved design for mobile devices available through: htps://<router IP>/mobile

Support for DNSSEC added in Applicatons] > DNS Security]

NAT] > Server Load Balance] added

Improvements

1. The router will notfy when another DHCP server is detected

2. DHCP optons can now specify DHCP Gateway IP Address

3. Support dynamic prefx for IPv6 LAN

4. WAN Interfaces will default to DHCP when enabled

5. High Availability Hot Standby mode can now be switched manually

6. Firewall now has a Guest group in Filter Setup] to apply rules to Guest Profle users

7. If Firewall – Default Policy is set to Blocky opton added to “Block All Incoming Trafc”

8. Bandwidth Limit now supports “Auto Adjust to make best use of available bandwidth” opton

9. Bandwidth Limit & Session Limit can now be applied to User Objectsy Groups & LDAP

10. Added VPN Disconnect Alert Delay to Notfcaton Object] > Advanced Seeng]

11. StartTLS Connecton Security supported in Mail Service Object] & Mail Alert

12. Added an opton to disable User Login Mail Alert

13. Mail Alerts for WAN Status changes now include the WAN IP

14. HTTPS Management can now be enforced using Enforce HTTPS Management optony forwards HTTP access atempts to the HTTPS interface

15. SSH interface now supports SHA2 authentcaton

16. Timezone confgured in Time and Date seengs now defaults to UK

17. Trafc Graph now displays CPU and Coprocessor usage history graphs

18. Added Apply Seengs to VigorAP secton to TR-069 confguraton

19. Support for scheduled reboot on weekdays only

20. Improvements to the Fail to Ban & Access Barrier functons

21. LAN DNS now supports wildcards

22. LAN DNS profles can now perform conditonal DNS forwarding when the Type of the LAN

DNS profle is set to FORWARD

23. Dynamic DNS now supports HTTPS

24. Dynamic DNS now supports User Defned mode for custom API confguraton

25. Google Domains added to Dynamic DNS

26. OpenDNS added to Dynamic DNS

27. Ping & Trace Route diagnostcs can now select which WAN IP Alias to send through

28. Added View buton to Certfcate Management to view loaded certfcate details

29. Search functonality added to: a. IP Objects & Groups b. Service Type Objects & Groups c. Keyword / DNS Objects d. User Profles e. VPN Profles f. NAT Port Redirecton rules

30. Web Portal can now redirect to specifed LAN DNS address instead of IP

31. User Management] > Web Portal] – Login History added

32. Clean Deadline buton added to Guest Profle to renew usage tme of selected account(s)

33. Guest Profle accounts can specify max simultaneous logins

34. Added Search Buton in LDAP to allow users to view and select the Base DN/Group DN

35. LDAP now supports SSL connecton to LDAP Server

36. Improvements to the RADIUS confguraton page

37. NAT] > Port Redirecton] can specify allowed Source IP Objects to allow only specifed IPs to access port forwards without making Firewall Filter Rules

38. Policy Route rules can select Service Type Objects instead of manually specifying ports

39. Policy Route rules can now specify Time Objects to apply rules during specifed tmes only

40. Added a priority graph to Policy Route rulesy click “(?)” to view

41. Support for SPF/TXT DNS Records for WAN Inbound Load Balance

42. VPN Profles can now be renamed

43. VPN Profles now display Status icon to indicate connecton state

44. SSL VPN port can be confgured separately from HTTPS management interface

45. SSL VPN can be disabled on individual WAN interfaces in Access Control] to allow NAT Port

Redirectons to be confgured with that porty to the WAN interface with SSL VPN disabled

46. Allowed WAN interfaces for PPTP VPN server can be selected in VPN and Remote Access] >

PPP General Setup]

47. IPsec VPN can be set as Default Route/Gateway with Apply NAT Policy enabled for that VPN

48. User Profles can specify allowed VPN Dial-In tmes by selectng Time Objects

49. IPsec proposal DH Group now defaults to G5 (1536-bit)

50. Multple SAs (Security Associatons) added to IPsec VPN profles to specify additonal Local &

Remote subnets

51. Central VPN Management is now able to confgure SSL VPN tunnels

Known Issue

1.

2.

3.

High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to High Availability functonalityy existng HA confguraton will be cleared during the update process. Reconfgure High Availability afer the update

Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP General

Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with

IPsec only

F/W 1.2.0 onwards Changes the behaviour of the IP Filter. Afer upgrade some IP Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htps://www.draytek.co.uk/support/guides/ kb-3900-ipflter-basics

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.2.2 (Formal Release)

22nd November 2016

13th October 2016

r6591

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1.

2.

3.

4.

5.

6.

FTP connectons in Actve mode were not passed correctly through NAT

When using Diagnostcs] > Data Flow Monitor] > Packet Monitory results could not be fltered by Host

Resolved an issue that could cause higher than normal memory usage with some router confguratons

When confguring a User Management profle for VPN with MOTP enabledy it could not be saved without entering a password

TTL values were reported incorrectly in the Diagnostcs] > Session Table]

Improved connectvity for Mac OS X SmartVPN clients

Known Issues

1.

2.

3.

High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to High Availability functonalityy existng HA confguraton will be cleared during the update process and it will be necessary to reconfgure High Availability afer the update

Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP General

Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with

IPsec only

F/W 1.2.0 onwards Changes the behaviour of the IP Filter. Afer upgrade some IP Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htp://www.draytek.co.uk/support/guides/kb-3900-ipflter-basics

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.2.1 (Formal Release)

7th September 2016

24th August 2016

r6454

Vigor 3900

UK ONLY

New Features

1.

2.

3.

4.

The router's Online Status can display "Remote DSL" informaton from a Vigor 130 or

Vigor 120v2 modem connected to the router's WAN ports

Support WAN Load Balance by Sessiony confgured in Routng] > Default Route]y the default is IP-based Load Balancing

Packet Monitor facility added to Diagnostcs] > Data Flow Monitor] to capture

WAN/LAN packets and download as a .pcap fle

Web Content Filter Query Server can now be specifed in Objects Seeng] > Web

Category Object] > Query Server] tab

Improvement

1.

2.

3.

4.

5.

6.

NAT efciency improvements

SSL VPN supports Idle Timeout and Reconnect

APP-Enforcement Signature updated to improve handling of: i. IM-Google Hangouts ii. Protocol-DNS iii. HTTP iv. SSL/TLS v. Tunnel-Ultrasurf vi. VoIP-RC vii. WebHD-HTTP_Upload

Web interface response tme improved when displaying large numbers of Profles (User

Profley IP Objectsy etc)

Improved TCP SYN+FIN fltering mechanism

Auto DDoS defense added to reduce CPU load if DDoS occurs

Known Issues

1.

2.

3.

High Availability - Updatng from a frmware version <=1.1.0.2: Due to signifcant changes to High Availability functonalityy existng HA confguraton will be cleared during the update process and it will be necessary to reconfgure High Availability afer the update

Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP General

Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with

IPsec only

F/W 1.2.1 Changes the behaviour of the IP Filter. Afer upgrade some IP Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for

4.

more informaton on the changes: htp://www.draytek.co.uk/support/guides/kb-3900ipflter-basics

FTP connectons do not work in "actve" modey "passive" mode works normally. This will be fxed in the next frmware release.

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.2.0 (Formal Release)

29th December 2015

3rd December 2015

r5723

Vigor 3900

UK ONLY

New Features

1.

2.

3.

4.

5.

6.

7.

8.

CPUy Memoryy Trafc Tx/Rx usage added to Notfcaton Object]y confgured under

Advanced Seeng tab

Confguraton Backup] > Analysis] displays details of router confguraton on one page

Auto Firmware Upgrade and Auto Firmware Patch now available to simplify update process

User Management] > Web Portal] new features: a. Can use SMS as an authentcaton method (requires internet SMS provider confgured) b. Opton to block mobile devices if required c. Customise login & background images in Portal Page Setup

MAC/Vendor Object now supported for use with IP Filter

SMB Server now available under USB Applicaton] menu for fle sharing of connected

USB storage

Now supports SHA2_256 for IPsec VPN tunnel authentcaton

SSL VPN port can now be confgured as a separate port from HTTPS Management under

System Maintenance] > Access Control]

Improvement

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

Improvements to the design and functonality of Applicatons] > High Availability]

Corrected an issue with Port Redirecton which could occur afer upgrading to 1.1.x frmware

Firewall] > Filter Counter] indicates how many sessions have matched each rule

General improvements to Firewall] menus and syslog output

Improvements to HTTPS fltering when using Web Content Filtering

Specify Remote IP / Host Name to limit Remote Dial-In VPN connectons to that WAN

IP / Hostname only

Bandwidth Limit can now apply to PPTP Remote Dial-In VPN clients

Diagnostcs] > ARP Cache Table] now has an opton to quickly create an IP Object for listed IP address

Supports Sufx Type in IPv6 Object confguraton

Time Schedule in Filter Rules can now force sessions to clear when the schedule takes efect

Spotfy can now be blocked with the Applicaton Filter

Can specify which WAN interfaces can be used for remote management

Improvements to Trafc Graph and Data Flow Monitor

QoS Class was not displayed in the Session Table

15.

16.

17.

18.

Support for "esendex" SMS Provider

Custom SMS Provider opton to defne API seengs manually for SMS providers not listed

Improved the SOA Serial Format for Inbound Load Balance DNS response

External Devices can now list up to 200 items

Known Issues

1.

2.

3.

Due to signifcant changes to High Availability functonalityy existng HA confguraton will be cleared during the update process and it will be necessary to reconfgure High

Availability afer updatng to 1.2.0

Disable "Force IPsec with L2TP" opton in VPN and Remote Access] > PPP General

Setup] to allow a standard L2TP tunnely otherwise the L2TP server will allow L2TP with

IPsec only

F/W 1.2.0 Changes the behaviour of the IP Filter. Afer upgrade some IP Filter rules may need to be reconfgured. Please read the "Filter Rule Actons" segment of this guide for more informaton on the changes: htp://www.draytek.co.uk/support/guides/kb-3900ipflter-basics

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.1.0.1 (Formal Release)

9th September 2015

27th August 2015

r5461

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1.

2.

3.

4.

5.

6.

7.

8.

Corrected an issue that could cause Port Redirecton to not work afer upgrading the frmware from 1.0.9 or earlier

Syslog to USB was not writng to USB afer restartng the router

It was not possible to modify the max failed Telnet Login atempts before the router bans the IP

Netbios names were not displaying in the ARP cache table correctly

Improvements to certfcate handling for the router's HTTPS interface

DNS Sufx (DHCP Opton 15) support added for remote dial-in VPN clients

Upgraded OpenSSL to 0.9.8zg for security updates

Resolves an WAN connectvity issue that could occur afer afer an extended duraton

Known Issues

1. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access] > PPP General Setup].

2. The upgrade may afect Port Redirecton entries if the router's confguraton has been upgraded from 1.0.7.1 or previous frmware. To resolve this issuey please use 1.2.0 frmware.

If the router has been factory reset or was installed with 1.0.8 or later frmwarey port redirecton will work normally.

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.1.0 (Formal Release)

6th August 2015

24th July 2015

r5322

Vigor 3900

UK ONLY

New Features

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

SSL VPN LAN to LAN tunnel (Supported from DrayTek Vigor 2960 / 3900 1.1.0 frmware and Vigor 2860 / 2925 3.8.x frmware).

Internal RADIUS server under User Management] > RADIUS].

APP Enforcement supported app list added under Objects Seengs] > APP Support List].

Added auto/manual APP Signature Upgrade seeng page in System Maintenance] >

APP Signature Upgrade].

System Maintenance] > Access Control] Improvements: a. Validaton Code in Access Control tab to improve web admin security;o b. Fail to Ban seeng page to automatcally block IP addresses afer failed login atempts;o c. Access Barrier seeng page to protect router services (WUIy FTP etc) from brute force atack.

Added Switch Rate Limit seeng page in Firewall] > Dos Defense].

Added NAT] > Connecton Timeout] to allow altering the session tmeout of diferent trafc types i.e. TCPy UDP etc

Wake on LAN can now operate on a schedule by confguring profles in Applicatons] >

Wake on LAN] > Schedule Wake on LAN]

Diagnostcs] > MAC Address Table] added.

Diagnostcs] > User Status] addedy to show PPPoE / Web Portal / VPN / SSL Proxy users in one locaton.

LAN] > LAN DNS] now supports wild-card strings and CNAME records for individual

LANs using the Specifed LAN opton.

Routng] > Policy Route] Improvements: d. Priority optons (Normaly Highy Top) for more fexible routng.

e. Country Objects as destnaton addresses.

f. Failover optons for target IP ping failure.

Support for Multcast via VPN.

Router's web interface can now notfy of new frmware upgrades available.

Improvement

1.

2.

3.

4.

5.

Improved DDoS protecton.

SSL VPN seengs now available under VPN and Remote Access] > PPP General Setup].

PPTP Dial-In VPN Profle (LAN to LAN) now supports multple remote subnets.

LDAP/RADIUS support for the router's SSL Proxy facility.

User Management] > Web Portal] > Portal Page Setup] now supports uploading an

HTML fle as the bulletn message.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20.

Packet Inspecton seengs added under Firewall] > Filter Setup] > Default Policy]

User Management] > User Profle] > Apply All] improved to allow multple choice.

Port Statstcs now shown under Diagnostcs] > Trafc Statstcs].

Session Informaton added to Diagnostcs] > Trafc Graph].

Vendor Informaton added to Diagnostcs] > ARP Cache Table].

Daily / Period tmout seengs added to Web Portal under User Management] > Web

Portal] > General Setup].

Bind IP to MAC can now be applied to specifc subnets.

Supported added for VPN routng through GRE over IPSec tunnel (VPN Trunk).

Keep VPN Seeng opton added to Central VPN Management] > CPE Management].

Alert interval of temperature sensor now confgurable under USB Applicaton] >

Temperature Sensor] > General Setup].

The router could not use a DNS server located on the LAN for DNS queries under some circumstances.

Trafc was unable to pass between LAN and PPPoE server clients.

Web Content Filter category selecton page improvements.

IP Filter now shows a counter display for matched packets.

Policy Route increased to 120 entriesy Statc Route increased to 200 entries.

Known Issues

1. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access] > PPP General Setup].

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.0.9.1 (Formal Release)

16th February 2015

2nd February 2015

r4765

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1. The IGMP Proxy feature's compatbility with some ISPs that use PPPoE has been improved.

2. Support for the Bandluxe C330 USB 3G modem.

3. SSL VPN now changes tunnel MTU in relaton to the WAN MTU.

4. PPTP Dial-In User VPN connectons could not access the internet under some circumstances.

5. Policy Route was not working with return path trafc.

6. The IPsec opton "Auto Dial Out if WAN1 Down" was stll taking efect afer being disabled in the WUI.

7. The router's memory usage was higher than normal when using the Data Flow Monitor.

8. The Access Control List was not working correctly under some circumstances.

9. Improvements to ensure immunity to Ghost/CVE-2015-0235

Known Issues

1. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and Remote

Access >> PPP General Setup.

2. VPN Trunk tunnel should not be used with a profle name over 15 characters.

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.0.9 (Formal Release)

24th December 2014

1st December 2014

r4542

Vigor 3900

UK ONLY

New Features

1.

2.

3.

4.

5.

Supports USB 4G/LTE. Check USB]- Modem support list] in the router's web interface for details.

Supports USB disk /FTP server.

Supports saving Syslog to USB disk.

Supports Policy Route (replacing Load Balance Rule and Address Mapping menus).

IPSec VPN tunnel can now be confgured to pass or block NetBios packets.

Improvement

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

Disabled HTTPS SSL 3.0 for CVE-2014-3566y this can be confgured from the System

Maintenance] > Management] page.

Connecton request notfcatons from Vigor ACS were not authentcated

Could not establish IPv6 statc connecton.

Allow downloading/uploading private key (for Host to LAN VPN by X.509).

Shows the VPN Type/Form felds on VPN History web page.

Improved handling for Duplicated Routes (with Statc Route Metric). When the statc route metric is <=10y the priority of that statc route will be greater than a VPN route.

Support QoS for VoIP trafc from LAN.

Support "Ping to Keep Alive" feature for detectng whether an IPsec tunnel is able to pass trafc

Support WAN Port and IP Alias optons for PPTP Dial Out connectons.

Support for RFC 4638 (accommodatng an MTU/MRU larger than 1492 for PPPoE protocol WAN connectons).

Added STUN server opton to TR-069 seengs.

Added Jumbo Frame seeng under LAN]- Switch]- Jumbo Frame] to edit Maximum

Frame size.

Added a "Clear" buton for the DDNS seengs page.

Bind IP to MAC can now export or import a list of IP / MAC addresses.

Sytem Maintenance] > Access Control] can now be confgured to accept pings from the

WAN on specifed WAN interfaces.

Added “OVH” as service provider for DDNS seeng.

Supports Range-to-many Port Redirecton.

Improve login page customizaton for Web Portal setup.

Changed mechanism of deletng objects.

Known Issues

1.

2.

You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access >> PPP General Setup.

VPN Trunk tunnel should not be used with a profle name over 15 characters.

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.0.8.2 (Formal Release)

15th August 2014

13th June 2014

r3968

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1. PPTP connecton stability improved

2. Web Portal stability improved

3. Improved: Remove management port seeng which may occupy port redirecton.

4. Improve the stability of High Availability functon.

5. Add telnet tmeout if login not completed in 60 seconds

6. CPU usage is too high when data fow monitor is enabled.

7. Improved interoperability with SSL VPN client

8. A problem of WCF license occurred when HA is enabled.

9. CVM can't perform confguraton backup.

10. NAT Loopback to LAN More Subnet doesn’t work.

11. DNS for PPTP Remote dial-in is not assigned according to the LAN Profle.

12. Reboot with Customized Confguratons bug.

13. When frewall default policy (block) is usedy HTTP is stll available for access.

14. Web portal stll supports URL redirect when login mode is disabled.

15. Packet count error when PPTP acceleraton is enabled.

16. mOTP User profle cannot be saved without Password.

17. WAN Priority Bits doesn’t work.

18. Time object error corrected

19. WAN]> Switch mode]> double tag] error corrected

20. Upgrade OpenSSL to 0.9.8za for security updates.

21. Update WCF (Web Content Filter) to account for Commtouch name change to Cyren.

22. High Availability improvements

23. DDNS failover 3G WAN improvements

Known Issues

1. VPN Trunk tunnel doesn't work well when the profle name is more than 15 characters.

2. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access]> PPP General Setup]

Firmware Version

Release Date

Applicable Models

Locale

1.0.8 (Formal Release)

11th March 2014

Vigor 3900

UK ONLY

New Features

1. Same WAN VLAN ID can be used in diferent WAN interfaces. (WAN >> General Setup Mode:

Advancey Switch Mode: Double Tag)

2. QoS for multple WANs.

3. SNMP v3.

4. Country block for Firewall.

5. WCF white list.

6. LAN DNS server.

7. BGP routng protocol.

8. SSL VPN in tunnel mode

9. Support Web Portal and Hotspot (Guest profle) in User Management.

10. Support PPTP acceleraton for PPTP WAN/Remote Dial-in/LAN to LAN

11. QoS retag opton added

12. VPN dial-out failover if WAN disconnected.

13. Support VPN LAN to LAN for overlap/duplicate subnets.

14. Display the last UP/DOWN log of VPN profle.

15. Add default policy for Firewall and default block policy can be applied.

16. Add IPv6 frewall seengs.

17. Add DNS object.

18. Add a remote capture telnet command (rc)y for trafc monitor and wireshark remote capture.

19. Add front panel and VPN status on the dashboard.

Improvements

Web User Interface changes

1. Menu User Managemen]> General Setup] renamed User Management]> Web Portal]

2. Move IP Routng] from to Routng]> Status Route] and rename as LAN/WAN Proxy ARP]

3. Move Inter-LAN Route] to LAN]> General Setup] from LAN]> Statc Route]

4. Move status page to the frst tab of each functon menu.

Others

5. Support RADIUSy LDAPy Local authentcaton in User Management.

6. Support NAT opton for IPsec LAN to LAN.

7. Support LDAP profle in Firewall.

8. Support rato confguraton for VPN Load Balancing.

9. Port number seeng for Access Control in WAN IP alias can be passed to LAN by default.

10. Notfcaton object can be recorded on Syslog through the confguraton on

Applicatons]> SMS/Mail Alert Service]

11. Support Local/RADIUS/LDAP authentcaton for PPTP/L2TP/PPPoE

12. Inter-LAN route priority changed so that IP flter can control

13. Support connecton failover for TR-069.

14. Display router name in web page ttle.

15. IPsec VPN dial-in connecton with all WANs is supported in default.

16. Support RFC3021.

17. Combine IM/P2P/Protocol object to App Object for blocking more Apps.

18. Management Access Control List increased up to 16 entries

19. Support peer identty for IPsec RSA authentcaton.

20. Support password encode opton for confguraton backup.

21. Support more special characters in username for user profle.

22. Number of SSL web proxy/VNC/RDP profles increased to 30

23. Support customized DDNS.

24. Support acceleraton of fragmented UDP packets (maximum 1628 bytes).

25. Support DHCP opton 95 (LDAP server)y 161(FTP server)y and 162 (File path)

26. Support more subnet DHCP servers in Bind IP to MAC.

27. Support DHCP relay over LAN/Non-Direct-Connected LAN.

28. Support DHCP relay seengs for PPTP/L2TP/PPPoE.

29. Support open port to the host in remote VPN network.

30. Default route cannot work well when two WAN IPs are in the same IP network.

Firmware Version

Release Date

Build Date

Revision

Applicable Models

Locale

1.0.7.1 (Formal Release)

13th November 2013

12th November 2013

r3067

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1. Support USB-WAN for WAN Profle under the Seeng tab in Applicaton>> Dynamic DNS.

2. Support WCF (web content flter) in High Availability (HA) applicaton.

3. Modify the mechanism for IP fltery "if no further match" acton.

4. Add a subnet mask seengy 255.255.255.254y for WAN IP confguraton.

5. Added opton disable negotaton for Fiber WAN under the Interface tab in WAN>>Switch.

6. ‘space’ special character can be used in the username for LDAP

7. QoS IP rule can apply the packets passing through both Local IP and Remote IP.

8. Improved PPTP service mechanism for multple simultaneous LAN to LAN dial-ins

9. Corrected: Can not block / unblock some IPs on Diagnostcs>>Data Flow Monitor.

10. Corrected issue with ICMP packets larger than 8138 bytes over IPSec LAN to LAN tunnel.

11. Corrected: The user can not access Internet when QoS queue weight is set as “0”.

12. Corrected: Lower the priority of Inter-LAN routng functon.

13. Corrected: LAN DHCP packets do not respond while LAN DHCP Server is OFF.

14. Corrected: Can’t accept L2TP VPN from (None) default route WAN.

15. Corrected: RADIUS client (Vigor router) sends wrong NAS IP address (127.0.0.1).

16. Corrected trafc status of DHCP over IPsec in VPN Connecton Management.

17. ARP detecton may fail when WAN TX trafc is full.

18. Corrected: SMS can't be sent out when L2TP over IPsec is up and down.

Known Issues

1. VPN Trunk tunnel doesn't work well when the profle name is more than 15 characters.

2. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access]> PPP General Setup]

Firmware Version

Revision

Release Date

Build Date

Applicable Models

Locale

1.0.7 (Formal Release)

2733

2nd Sept 2013

27th Aug 2013

Vigor 3900

UK ONLY

New Features

1. Support Central VPN Management (CVM). Up to 16 devices can be managed.

2. Support 3G backup/load balance.

3. Support inbound load balance.

4. Support VPN Trunk failover mode.

5. Support PPPoE quota seeng and MAC address flter.

6. Support USB temperature sensor. htp://www.draytek.co.uk/products/usbthermometer.html

7. Support SMSy Email Alert and Notfcaton object profles for WAN/VPN connecton and USB temperature sensor.

Improvement

1. Improved: Support SmartMonitor users up to 500.

2. Improved: VPN Trunk throughput and stability.

3. Improved: By default disable insecure SSL Encrypton Key Algorithms

4. Improved: Support DHCP relay on VPN.

5. Improved: Add Actve Standby mode for High Availability (HA).

6. Improved: QoS redesigned

7. Improved: Username reported to Syslog

8. Improved: Add opton 60(Vendor ID)y 61(Client ID) for WAN DHCP mode.

9. Improved: Add default maximum session number for Session limit.

10. Improved: Add fow control seengs for Switch.

11. Improved: Add user defned optons for DHCP server.

12. Improved: Improve DMZ functon.

13. Improved: Add log and force update functon for DDNS.

14. Improved: Add Force L2TP with IPsec policy opton enabled in default.

15. Improved: Corrected causes for high CPU usage being displayed in Web UI

16. Improved: Stability in TR-069.

17. Improved: Firmware upgrade speed.

18. Fixed: Time object cannot work correctly when daylight saving is enabled.

Known Issues

1. VPN Trunk tunnel doesn't work well when the profle name is more than 15 characters.

2. You need to disable "Force IPsec with L2TP" optons for pure L2TP tunnel in VPN and

Remote Access]> PPP General Setup]

Firmware Version

Release Date

Build Date

Applicable Models

Locale

1.0.6.1 (Formal Release)

10th April 2013

25th March 2013

Vigor 3900

UK ONLY

New Features

(None)

Improvement

1. NAT Port Redirecton Rule for FTP server didn't work with two WAN connecton

2. Customized web content message would disappear afer rebootng the router

3. Improvements to VPN Trunk tunnel where profle name are long

4. PPTP connecton display error in VPN Graph for syslog utlity

5. PPTP WAN could not dial-up if the server was set with a domain name

6. Fixed issue with ping to VPN remote network working afer clicking WAN DHCP Renew

Buton via web user interface

7. Fixed Session limit rule notapplying the correct limit due to subnet mask caculaton error

8. Fixed that WAN status displays “up” when the WAN cable is unplugged and WAN detect mode is set with “(None)”

9. Corrected an issue with SNMP set/get Community seeng

10. Resolved that VPN trafc wouldn't fow while one of the VPN GRE tunnels is disconnected

11. Corrected issue preventng some vLAN users from accessing Internet via Browser

12. Improved DHCP renewal interoperability

13. Fixed LAN VLAN confguraton issues afer restoring the web confguraton

14. Corrected WAN1 MAC address used

15. Improved SIP ALG feature

16. Fixed that IPSec tunnel uptme would not reset afer VPN reconnecton

17. Corrected PPTP sessions problem that would prevent new network connectons being setup

18. Corrected that a PC from remote subnet could't access Internet via PPTP LAN to LAN tunnel

19. Improvments to IPv6 trafc handling via AICCU

20. Improved load balance where multple PPPoE connectons have the same gateway

21. Corrected issue where multple WAN disconnectons could prevent VPN Trunk from reconnectng

22. Added informaton for remote network connected with GRE over IPsec to Routng Table

23. Corrected issue where enabling Perfect Forward Secrecy in VPN client could prevent connecton

24. Display issue with transmited/received (TX/ RX) packets in Connecton Management fxed for VPN clients behind NAT

25. Improved parameters stability for TR-069

26. Improved throughput between diferent VLANs

27. Added sending ARP for WAN Alias IP to WAN Gateway when connected

28. Added support for VPN on Alias WAN IP and IP Routng IP

29. Add mail alert when VPN is up

30. High availability improvements

Known Issues

1. VPN Trunk tunnel profle names should be kept to less than 15 characters.

Firmware Version

Release Date

Build Date

Applicable Models

Locale

1.0.6 (Formal Release)

2nd Jan 2013

6th Nov 2012

Vigor 3900

UK ONLY

New Features

1. VPN(IPSEC) Routng Acceleraton

2. Supports PPPoE server for LAN PC connecton

3. Support VPN Alarm via E-mail & Syslog

4. Support VPN Graph for syslog utlity

5. Support PPP mode for IPv6

6. Support domain name for IPSec/PPTP dial-out

Improvements

1. URL flter can block HTTPS connecton by host keyword

2. WCF support htps block by web category

3. Add QQ account flter for Firewall

4. WAN4 is regarded as physical DMZ port

5. Add tme schedule for session limit and bandwidth limit

6. Web content flter (WCF) stability improvements

7. Data fow monitor resource allocaton improvements

8. DHCP server cannot work when Mult-LANs is confgured

9. Hosts under routng LAN can not access into the router

10. Confguraton backup may fail

11. UPnP improved

12. Changing web port could prevent User management from working

13. WebUI server security improvements

14. IPsec RX/TX packets count may have error afer entering phase2 rekey

15. L2TP connecton status error afer disconnecton.

1. 16 Cannot create IPsec VPN in aggressive mode when selectng AES as IKE phase 1 encrypton.

16. PPTP dial-in may fail while using statc IP mode.

17. VPN load balance may not work afer connecton reconnects

18. SSL Applicaton doesn't work when HTTPS port is not set with 443.

19. Support PPTP dial on demand and idle tmeout.

20. Support URL flter rules move up/down.

21. Support VLAN priority in LAN/WAN interface.

22. Support QoS packet by DifServ (DSCP/TOS) for outgoing packet.

23. Let the user profle password support more special characters in standard ASCII table.

24. Show the IP binding with MAC in DHCP table.

25. Mail Alert Send test e-mail buton added

26. Add 36 regions tme zone optons for NTP.

27. Improve user management login process.

28. Add Common Name Identfer feld in LDAP confguraton.

29. Add an opton for DDNS to select Internet IP or WAN IP.

Known Issues

1. VPN Trunk tunnel profle names must be less than 15 characters.

Firmware Version

Release Date

Applicable Models

Locale

1.0.5 (Formal Release)

4th Sept 2012

Vigor 3900

UK ONLY

First Firmware Release

Known Issues

- Devices on non-NAT subnets are unable to access the routers management interface

[END OF FILE]

advertisement

Was this manual useful for you? Yes No
Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Related manuals

Download PDF

advertisement