Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5 ... 8

Author Topic: Over 31,000 access attempts via RDP - how to setup Zxyel to allow only my IP add  (Read 4881 times)

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi ronski

To be honest, 27 series are old and not supported

I would opt for 2860n second user unit, and flash latest firmware. There about 100 give or take 10 or so

I think from memory another kitz user has a 2862, and posted over issues with rebooting or freezing but we have never had issues with 2860 or 29 series

It depends which series you go for, so you may have to set to wan2 and if wan1 (dsl) is not used, we usually disable it. You would also have usb 3/4 g if you have correct stick

Wi-Fi, there is no guest accounts but you do have 4 SSID you could create, and isolate from lan, vpn vlan etc so you could have 3 guest Wi-Fi or however you decide.

Also, if you do not have ipv6, goto hurricane and get a /64 block. Very easy to setup in draytek but it just works on 1 lan, not on all lan but you choose which lan

Thereís more im sure and g3uise would hopefully post his thoughts

Many thanks

John
Logged

g3uiss

  • Reg Member
  • ***
  • Posts: 326
  • You never too old to learn
    • Midas Solutions

Iíve used a 2820 and currently use a 2925

Iíve never had any issues with either. The 2925 has no modem and I have 2 HG612,s plugged in. It allows me to load balance over 2 circuits by LAN IP.

The VPN functionality is excellent I use LT2P and there is no device I canít connect with including Apple devices.

Iíve done a bit with Cisco routers over time, they cost the earth, and canít do half what the Draytecs can.

The only comment I would make, is documentation isnít that good, but you have John and I to provide any configuration assistance Iím sure.

Tony
Logged
Zen FTTC and Plusnet ADSL HG612 modems with Vigor 2925

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi g3uiss

Snap, we have a lot of 2925 running loadbalance/failover on vdsl and los. Vdsl we prefer hg612

Do you have ipv6 setup on your 2925. If not and you would like to, we use hurricane ipv6 on a /64 block. Itís also free

We do not route ipv6 but install/use it so clients do not have any issues with ipv6 sites

@ronski, if you opt for a 2925, on port open/redirect/trigger, you could define exact source ip to use from ip object list (or group I think)

Many thanks

John
Logged

g3uiss

  • Reg Member
  • ***
  • Posts: 326
  • You never too old to learn
    • Midas Solutions

Just a FYI the 2925 now superseded by the 2926, I canít see any significant difference.

@d2d4j no not enabled any IP6 yet. We have the 2 VDSL + 3G for final redundancy.

Iíve put them in many clients, never an issue !

Tony
Logged
Zen FTTC and Plusnet ADSL HG612 modems with Vigor 2925

Weaver

  • Addicted Kitizen
  • *****
  • Posts: 7292
  • Retd sw dev; A&A; 4 ◊ 7km ADSL2; IPv6; Firebrick

About the kit mentioned earlier - 802.11n definitely does not imply no 5GHz. You do not have to have 802.11ac to get 5GHz, that is. I am proof of this.
Logged

atkinsong

  • Reg Member
  • ***
  • Posts: 115

Hi ronski

To be honest, 27 series are old and not supported

Just for info, the 2760 and 2762 are both fully supported by Draytek. The 2762 was released around the same time as the 2862. The 27xx series are targeted at the SOHO market whilst the 28xx series is targeted at the Enterprise market.
Logged
ISP:BT 80/20; Cab:ECI; Router:Draytek Vigor 2760

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi

@ackinson many thanks and sorry I thought they were old and unsupported.

We use 28/29 series and only came across an old 27 series about 10 years ago unless Iím thinking of 26 series

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3209

@Weaver Looking at current Draytek devices they only have 5Ghz if they have AC
@atkinsong Being a current device I would think they are


I'm leaning towards the 2926ac, it's probably overkill for what we will use, but better to have too much than to find another limitation down the road.

Also found this demo page http://eu.draytek.com:12926/

Also need to find our HG612, I think someone has tidied it away, hopefully we still have it.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3209

One thing, if our users connect via VPN will all that PC's internet traffic flow via the VPN, or is it easily possible to lock it down so that it's only RDP that goes via the VPN and other traffic flows as normal?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi ronski

I believe unless you create rules to divert wan traffic to use vpn (lan or dial in), then all traffic uses wan

The dial in vpn users would only have traffic flow when they use the vpn and when logged into their work pc, normal wan traffic for browser/email etc would still use wan connection, but traffic flow for vpn user would be RDP

I hope that makes sense but sorry if I am wrong

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3209

I think from memory another kitz user has a 2862, and posted over issues with rebooting or freezing but we have never had issues with 2860 or 29 series

There was indeed https://forum.kitz.co.uk/index.php?topic=21828.0
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi ronski

Sorry you got me thinking so I did a quick test as itís been a while since vpn setup etc

The pc used to connect to VPN would use vpn for traffic flow

The pc you RDP into should use its normal wan for traffic flow

I was testing using a win7 pc, so may have changed in win10

To be honest, at work you would not use VPN but at home you would. Even if you used VPN at work, it would be fast enough for you not to notice

I hope that helps a little and sorry if Iím wrong

Many thanks

John
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5721

Ronski do you mind if I ask why you decided specifically to not mirror your home setup of pfsense?
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3209

@John, thanks that's what I thought, so if there is anything dodgy on the home users PC it could potentially have access to works PC  when they VPN in.

@Chrysalis I'm not paid to maintain our network equipment or anything computer related, its just taken for granted as I'm the tech savvy one, and I feel not really appreciated so its something I'm trying to do less of. I don't have enough time to do what I am paid for, so spending time setting up what is to me something quite complicated takes away valuable time from my real job.  I Also would not want to install equipment that others are not familiar with, Draytek is our VOIP & ISP provider go to brand, so they are familiar with it, also I feel more help is readily available on this forum for Draytek.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Reg Member
  • ***
  • Posts: 848

Hi Ronski

Actually, if you use the draytek VPN client (https://www.draytek.com/products/smart-vpn-client/), it makes things really easy and the connecting PC used for dial in does not use VPN for internet (shows as no internet access), which tracert confirms.

In terms of transfer of unwanted things from your pc to work by VPN tunnel, I think it is no more an issue then when you connect to RDP and have drive access enabled or an infected PC on your work network, so common sense needs to prevail and good practices for security.

Sorry, was also going to say you could your current modem in bridge if wanted, we just use hg612 because we like them, and is easy to gain stats from

I hope that helps a little

Many thanks

John
Logged
Pages: 1 2 [3] 4 5 ... 8