Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5 ... 8

Author Topic: Over 31,000 access attempts via RDP - how to setup Zxyel to allow only my IP add  (Read 21923 times)

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

To be honest, 27 series are old and not supported

I would opt for 2860n second user unit, and flash latest firmware. There about 100 give or take 10 or so

I think from memory another kitz user has a 2862, and posted over issues with rebooting or freezing but we have never had issues with 2860 or 29 series

It depends which series you go for, so you may have to set to wan2 and if wan1 (dsl) is not used, we usually disable it. You would also have usb 3/4 g if you have correct stick

Wi-Fi, there is no guest accounts but you do have 4 SSID you could create, and isolate from lan, vpn vlan etc so you could have 3 guest Wi-Fi or however you decide.

Also, if you do not have ipv6, goto hurricane and get a /64 block. Very easy to setup in draytek but it just works on 1 lan, not on all lan but you choose which lan

There’s more im sure and g3uise would hopefully post his thoughts

Many thanks

John
Logged

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions

I’ve used a 2820 and currently use a 2925

I’ve never had any issues with either. The 2925 has no modem and I have 2 HG612,s plugged in. It allows me to load balance over 2 circuits by LAN IP.

The VPN functionality is excellent I use LT2P and there is no device I can’t connect with including Apple devices.

I’ve done a bit with Cisco routers over time, they cost the earth, and can’t do half what the Draytecs can.

The only comment I would make, is documentation isn’t that good, but you have John and I to provide any configuration assistance I’m sure.

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi g3uiss

Snap, we have a lot of 2925 running loadbalance/failover on vdsl and los. Vdsl we prefer hg612

Do you have ipv6 setup on your 2925. If not and you would like to, we use hurricane ipv6 on a /64 block. It’s also free

We do not route ipv6 but install/use it so clients do not have any issues with ipv6 sites

@ronski, if you opt for a 2925, on port open/redirect/trigger, you could define exact source ip to use from ip object list (or group I think)

Many thanks

John
Logged

g3uiss

  • Kitizen
  • ****
  • Posts: 1151
  • You never too old to learn but soon I may be
    • Midas Solutions

Just a FYI the 2925 now superseded by the 2926, I can’t see any significant difference.

@d2d4j no not enabled any IP6 yet. We have the 2 VDSL + 3G for final redundancy.

I’ve put them in many clients, never an issue !

Tony
Logged
Cerebus FTTP 500/70 Draytec 2927 VOXI 4G fallback.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick

About the kit mentioned earlier - 802.11n definitely does not imply no 5GHz. You do not have to have 802.11ac to get 5GHz, that is. I am proof of this.
Logged

atkinsong

  • Reg Member
  • ***
  • Posts: 165

Hi ronski

To be honest, 27 series are old and not supported

Just for info, the 2760 and 2762 are both fully supported by Draytek. The 2762 was released around the same time as the 2862. The 27xx series are targeted at the SOHO market whilst the 28xx series is targeted at the Enterprise market.
Logged
ISP:A&A, FTTP 160/30, Router Fritzbox 7530

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi

@ackinson many thanks and sorry I thought they were old and unsupported.

We use 28/29 series and only came across an old 27 series about 10 years ago unless I’m thinking of 26 series

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

@Weaver Looking at current Draytek devices they only have 5Ghz if they have AC
@atkinsong Being a current device I would think they are


I'm leaning towards the 2926ac, it's probably overkill for what we will use, but better to have too much than to find another limitation down the road.

Also found this demo page http://eu.draytek.com:12926/

Also need to find our HG612, I think someone has tidied it away, hopefully we still have it.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

One thing, if our users connect via VPN will all that PC's internet traffic flow via the VPN, or is it easily possible to lock it down so that it's only RDP that goes via the VPN and other traffic flows as normal?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

I believe unless you create rules to divert wan traffic to use vpn (lan or dial in), then all traffic uses wan

The dial in vpn users would only have traffic flow when they use the vpn and when logged into their work pc, normal wan traffic for browser/email etc would still use wan connection, but traffic flow for vpn user would be RDP

I hope that makes sense but sorry if I am wrong

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

I think from memory another kitz user has a 2862, and posted over issues with rebooting or freezing but we have never had issues with 2860 or 29 series

There was indeed https://forum.kitz.co.uk/index.php?topic=21828.0
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi ronski

Sorry you got me thinking so I did a quick test as it’s been a while since vpn setup etc

The pc used to connect to VPN would use vpn for traffic flow

The pc you RDP into should use its normal wan for traffic flow

I was testing using a win7 pc, so may have changed in win10

To be honest, at work you would not use VPN but at home you would. Even if you used VPN at work, it would be fast enough for you not to notice

I hope that helps a little and sorry if I’m wrong

Many thanks

John
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP

Ronski do you mind if I ask why you decided specifically to not mirror your home setup of pfsense?
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300

@John, thanks that's what I thought, so if there is anything dodgy on the home users PC it could potentially have access to works PC  when they VPN in.

@Chrysalis I'm not paid to maintain our network equipment or anything computer related, its just taken for granted as I'm the tech savvy one, and I feel not really appreciated so its something I'm trying to do less of. I don't have enough time to do what I am paid for, so spending time setting up what is to me something quite complicated takes away valuable time from my real job.  I Also would not want to install equipment that others are not familiar with, Draytek is our VOIP & ISP provider go to brand, so they are familiar with it, also I feel more help is readily available on this forum for Draytek.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1103

Hi Ronski

Actually, if you use the draytek VPN client (https://www.draytek.com/products/smart-vpn-client/), it makes things really easy and the connecting PC used for dial in does not use VPN for internet (shows as no internet access), which tracert confirms.

In terms of transfer of unwanted things from your pc to work by VPN tunnel, I think it is no more an issue then when you connect to RDP and have drive access enabled or an infected PC on your work network, so common sense needs to prevail and good practices for security.

Sorry, was also going to say you could your current modem in bridge if wanted, we just use hg612 because we like them, and is easy to gain stats from

I hope that helps a little

Many thanks

John
Logged
Pages: 1 2 [3] 4 5 ... 8
 

anything