DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
4.4.5 now available on 2865. But....
- txrx
- Offline
- Junior Member
Less
More
- Posts: 19
- Thank you received: 0
10 Jul 2024 16:53 #103462
by txrx
Replied by txrx on topic Re: 4.4.5 now available on 2865. But....
Hi,
I posted herehttps://forum.draytek.co.uk/viewtopic.php?t=25184&start=40 in the other thread as 4.4.5 seems to be causing issues with a number of routers. I'm currently running 4.4.5.3 RC1 on a 2865 and at least the reboots have stopped. I haven't been able to test everything that's been reported but at least it's a start. The router seems to behaving itself but time will tell as this is a RC build so anything can happen.
I posted here
Please Log in or Create an account to join the conversation.
- pharcyder
- Topic Author
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
10 Jul 2024 21:01 #103464
by pharcyder
Replied by pharcyder on topic Re: 4.4.5 now available on 2865. But....
I too have the 4.4.5.3RC1 firmware on my 2865 now from Support. It fixes the Bind to IP comment corruption and the Wireguard Client Config Creator......but all my Wireguard connections no longer work. Existing L2L and Remote Dial Wireguard accounts no longer work, even if I re-create the accounts. IPSec works just fine.
Rolling back to 4.4.3.2 and everything works fine.
Rolling back to 4.4.3.2 and everything works fine.
Please Log in or Create an account to join the conversation.
- pharcyder
- Topic Author
- Offline
- Member
Less
More
- Posts: 165
- Thank you received: 1
11 Jul 2024 11:23 #103465
by pharcyder
Replied by pharcyder on topic Re: 4.4.5 now available on 2865. But....
Just to put this to bed, 4.4.5.3_RC1_BT actually does resolve all my issues seen with 4.4.5.x
What's happened is the behaviour of the Firewall seems to have changed between 4.4.3.2 and 4.4.5.x. I had a WAN-> LocalHost Any, Any, Any rule that blocked all incoming connections to protect me from bad actors trying to establish a VPN from 'those countries'. Under 4.4.3.2, this allowed me to establish L2L VPNs using Wireguard to 3rd party sites no problem.
Under 4.4.5.x though, the same WAN-> LocalHost rule blocked *outgoing* Wireguard L2L connections. I put in an explicit Allow rule and its started working again.
So my Wireguard issues are fixed
Wireguard Client Configurator is fixed.
Bind to IP Comment corruption is fixed
Too soon to tell if the Router crashes are fixed.
What's happened is the behaviour of the Firewall seems to have changed between 4.4.3.2 and 4.4.5.x. I had a WAN-> LocalHost Any, Any, Any rule that blocked all incoming connections to protect me from bad actors trying to establish a VPN from 'those countries'. Under 4.4.3.2, this allowed me to establish L2L VPNs using Wireguard to 3rd party sites no problem.
Under 4.4.5.x though, the same WAN-> LocalHost rule blocked *outgoing* Wireguard L2L connections. I put in an explicit Allow rule and its started working again.
So my Wireguard issues are fixed
Wireguard Client Configurator is fixed.
Bind to IP Comment corruption is fixed
Too soon to tell if the Router crashes are fixed.
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 215
- Thank you received: 19
11 Jul 2024 12:26 #103466
by HodgesanDY
Replied by HodgesanDY on topic Re: 4.4.5 now available on 2865. But....
What I’d like to see, is the local host rule working for internal VPN L2L connections where the remote network’s router GUI can always be accessed from the opposing end.
There doesn’t seem to be any rule that can stop this, well not that I’ve found yet. Even if you set the management access config settings to only allow specific LAN IPs (all WAN management access disabled already, obviously), if you’re on the remote LAN, you can always access the opposing LAN’s router GUI and actually log in! This only seems to be the case for L2L connections, ‘Remote Dial-in’ users can be locked down.
Why they didn’t just add the ‘VPN’ option to the new ‘Local Host’ rule in the firewall is beyond me.
There doesn’t seem to be any rule that can stop this, well not that I’ve found yet. Even if you set the management access config settings to only allow specific LAN IPs (all WAN management access disabled already, obviously), if you’re on the remote LAN, you can always access the opposing LAN’s router GUI and actually log in! This only seems to be the case for L2L connections, ‘Remote Dial-in’ users can be locked down.
Why they didn’t just add the ‘VPN’ option to the new ‘Local Host’ rule in the firewall is beyond me.
Please Log in or Create an account to join the conversation.
- pharcyder
- Offline
- Junior Member
Less
More
- Posts: 24
- Thank you received: 2
18 Jul 2024 17:10 - 18 Jul 2024 17:10 #103496
by pharcyder
Replied by pharcyder on topic Re: 4.4.5 now available on 2865. But....
Router is very stable. No issues.Just to put this to bed, 4.4.5.3_RC1_BT actually does resolve all my issues seen with 4.4.5.x
What's happened is the behaviour of the Firewall seems to have changed between 4.4.3.2 and 4.4.5.x. I had a WAN-> LocalHost Any, Any, Any rule that blocked all incoming connections to protect me from bad actors trying to establish a VPN from 'those countries'. Under 4.4.3.2, this allowed me to establish L2L VPNs using Wireguard to 3rd party sites no problem.
Under 4.4.5.x though, the same WAN-> LocalHost rule blocked *outgoing* Wireguard L2L connections. I put in an explicit Allow rule and its started working again.
So my Wireguard issues are fixed
Wireguard Client Configurator is fixed.
Bind to IP Comment corruption is fixed
Too soon to tell if the Router crashes are fixed.
Last edit: 18 Jul 2024 17:10 by pharcyder.
Please Log in or Create an account to join the conversation.
- ianfretwell
- Offline
- Member
Less
More
- Posts: 138
- Thank you received: 11
19 Jul 2024 10:11 #103498
by ianfretwell
Replied by ianfretwell on topic Re: 4.4.5 now available on 2865. But....
Likewise, here on a 2866Lac - 4.4.5.3_RC1_BT is as stable as it's ever been.
But...using the Wifiman app...I appear to be able to see two "hidden" SSID's coming from the router - one on 2.4GHz, one on 5GHz. Are you seeing this too? They weren't there on the 4.4.5 or earlier releases.
But...using the Wifiman app...I appear to be able to see two "hidden" SSID's coming from the router - one on 2.4GHz, one on 5GHz. Are you seeing this too? They weren't there on the 4.4.5 or earlier releases.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek