Default IPsec Phase1 Dial-out Proposal Encryption with Firmware 3.9.2.

Change Proposal and the Orders of Auto IKE Phase 1

Vigor routers using Firmware version 3.9.2. such as the Vigor 3910 have modified encryption orders for the Dial-Out Auto IKE Proposal. This change may cause VPN compatibility issues if a VPN server doesn’t accept the newer proposals.

When customers report the IPsec VPN connection can not dial-up after the firmware upgrade, we advise them to:

  • Manually configure the Dial-Out IKE phase 1 proposal on the IKE Advance Setup page of the Vigor router
  • Modify the VPN profile on the VPN server for accepting the more secure proposals.

The orders sequence has been changed as follows:

Previous

  • DES-MD5 G1 (768-bit)
  • DES-SHA1 G1 (768-bit)
  • 3DES-MD5 G1 (768-bit)
  • 3DES-MD5 G5 (1536-bit)
  • 3DES-SHA1 G5 (1536-bit)
  • 3DES-MD5 G2 (1024-bit)
  • AES128-MD5 G2 (1024-bit)
  • AES256-SHA1 G2 (1024-bit)
  • AES128-MD5 G5 (1536-bit)
  • AES256-SHA1 G5 (1536-bit)
  • AES256-SHA1 G14 (2048-bit)

New

  • AES256-SHA1 G14 (2048-bit)
  • AES256-MD5 G14 (2048-bit)
  • AES256-SHA1 G5 (1536-bit)
  • AES256-MD5 G5 (1536-bit)
  • AES192-SHA1 G14 (2048-bit)
  • AES192-MD5 G14 (2048-bit)
  • AES128-SHA1 G5 (1536-bit)
  • AES128-MD5 G5 (1536-bit)
  • 3DES-MD5 G5 (1536-bit)
  • 3DES-SHA1 G5 (1536-bit)

For further information or questions, please contact us.

Maximizing WAN Throughput

DrayTek routers can delivery high throughput on today’s high speed internet connections – up to 1Gbit.

By default, performance features are balanced with the sophisticated traffic inspection, filtering and measurement features. For internet connections up to 500Mbit [0.5Gbit], these do not impact overall throughput on the WAN.

However, if you have internet connection speeds in excess of 500Mbit, you can enable hardware acceleration to improve throughput by bypassing the inspection features.

Fine Tuning WAN MTU For Improved Throughput

If you experience unexpectedly low throughput on the WAN link, there is one important WAN setting which can be adjusted to, potentially, deliver dramatic performance improvement.

Depending on your ISP network configuration, the Maximum Transmission Unit setting may be incompatible with the default value on the DrayTek WAN (which is 1500 bytes).

Reducing this value to 1492 (and potentially incrementally smaller by 8 bytes) can boost throughput by 10-fold in some situations.

The path MTU discovery tool can be use to try and automate the process, but note this may have mixed results depending on your ISP line configuration. If the MTU discovery tool does not suggest an alternative value and you still see poor performance, it is recommended to attempt manually setting the MTU – depending on the ISP, values as low as 1460 could be necessary. Normally 1492 is the optimal value in Canada.

Your reliable networking solutions partner