Draytek Weirdness – What to watch out for
This is my site Written by Grant on May 1, 2012 – 12:34 am

I resell Draytek routers as I like their feature set and their price is usually 1/4 that of a comparable Cisco, Watchguard or Sonicwall.  They have excellent VPN termination features as well as supporting multiple VPN passthrough and enterprise features such as RADIUS authentication on VPN and WiFi, WLAN on WiFI, SSL VPN and basic traffic shaping and QOS.   Besides the power supplies, the hardware itself is remarkably reliable for cheap Taiwanese kit.  The $20 wall-wart power supply units they supply really are the bottom of the barrel quality-wise – I always supply a spare to customers!

This great feature set and decent hardware quality comes at another cost – Draytek routers have some very bizzarre quirks.

I present some of them here as they are not acknowledged bugs, however I have repeatedly noticed them over the past ten years on all sorts of Draytek models — most models have all the quirks – they have not been fixed with the regular upgrades Draytek provides.

  • Interface Stalling – I have noticed management inteface slow downs, stalling and plain unresponsiveness on all models, from the lowly 2700e to the rack mount 3300V and latest V3200 quad wan – so it does not seem to be limited to models with slow CPUs  A reboot usually fixes this issue — and while I have reported it numerous times to Draytek tech support they just say “try rebooting” – I have even invited a Draytek tech to login to a router that was running like a dog and the tech said “it’s fine for me” suggesting it was my slow internet link.
  • Unresponsive – not answering management from internet or VPN not connecting. I notice this a lot – especially on routers that just run for months and months without any management or VPN logins — you can ping them and they are alive but wont answer to web or VPN – give it 5 minutes and try again and all is OK. It’s like they need a ‘wake up’ or bit of random “port knocking” — once responding they run just fine.
  • Changing some IPsec profile settings kills the entire IPsec profile — if you modify some of the settings in a IPSEC LAN-2-LAN profile you might find that profile no longer wants to reconnect — something in the flash saving routine seeems to destroy the saveds PSK passphrase. I find that by re-entering the Pre Shared Key again fixes the issue and the tunnel comes up instantly. You may want to re-enter the PSK on both remote and local ends to be 100% sure you have them identical.
  • On Multi-WAN routers a WAN drop on one interface can cause active PPTP sessions on other WAN interfaces to die and require PPTP redial to re-establish the connection
  • Firewall logic faulty when using multiple “inverted/negated” IP addresses — Draytek has a weird notion of using “negated” IP addresses – for example you can write “!” which means “all IPs except” – this is pretty handy when locking down a service like RDP or TELNET to a particular IP — however while their concept of IP Objects does allow for “inverting”, if you combine inverted IP objects (either in an IPGroup or used individually) they dont work – confirmed by Draytek support on a Whirlpool blog post:

So if you notice any of these anomalies you are not alone!  And you are not going mad!!  Some make me frustrated as hell when they happen but the Draytek devices are still quite capable for their price!

One Response »

  1. Wow, and I thought the Draytek’s might have been a lot more solid than the Cisco/Linksys RVxxx series. I’ve seen the same type of quirks in these units. Luckily, they have some hidden features that have allowed me to script a daily reboot. No more slow down problems for me…

Leave a Reply