Review – DrayTek Vigor 2820 ADSL Router Firewall and Load Balancer
The arrival of my EFM connection meant that I needed to find some way of balancing load (and failing over) between the new EFM and the existing ADSL. Thankfully there’s a healthy market in low end load balancers, and after digging through some reviews I went for the DrayTek Vigor 2820n.
The device is basically an ADSL router with additional functionality. Getting it configured to use ADSL was a breeze, and since setting it up it seemed pretty solid (though to be honest it’s hard to tell given how awful our ADSL connection is anyway). Subjectively I’d say that this device trades a bit of top end speed for greater connection reliability, but I’ve no hard data to back that up.
Since I was replacing an integrated ADSL/WiFi router I went for the ‘n’ variant that also has WiFi. Coverage from the same corner of the office that the previous 2Wire box inhabited seems better than before – connections in the meeting rooms on the opposite side of the floor are clearly more reliable.
Since this is used entirely for Internet access (and our Internet pipe is the thinnest part of the plumbing) I’ve been unable to discern any difference between 802.11n and 802.11g.
One disappointment is that although this device supports multiple SSIDs is seems almost impossible to do anything useful with them. What I want to do here is create a guest WiFi hotspot with different security credentials to the corporate SSID (it does that) but then I don’t want those guests on our network. I just haven’t figured out how to do anything meaningful with the SSIDs from a local network point of view. In an ideal world I’d like to have three configurations:
- A corporate SSID for staff.
- A guest SSID for visitors that just allows for access to the internet
- A guest+ SSID for visitors that allows for internet access and access to specific devices such as printers
I’m sure that the box contains everything that it needs to support that kind of configuration, it’s just that the software doesn’t present the right controls (or I’m too dumb to use it right).
[update 25 Nov] It turns out that I was too dumb, and that selecting the ‘Member’ option allows for a guest WiFi. Sadly there isn’t much in the way of controls over what can be connected to. The Member option stops connection between machines on different WiFi SSIDs, but anything connected on WiFi can connect to anything connected by a wire; so this remains an area where some better software and config controls could provide more like what I want.
This is the reason I bought it, and it does a competent enough job. The load balancing policy controls feel a bit clumsy to me, but having put some rules in for SIP and SSL (to favour the EFM connection) on WAN2 it seems to do a good enough job. Thankfully I’ve not yet seen any EFM failures that would cause us to fall back to ADSL (though I have pulled the plug to confirm that things do keep going). Whilst the regular documentation seems little more than a list of configuration options, the much better (but well hidden) application notes are pretty helpful at explaining how to do load balancing.
One of the features I like on this device is the ability to fail over to a 3G WWAN connection. Sadly this isn’t an option if you have a fixed line WAN2, so I’ve not done any further investigation. If the dark day comes that our ADSL and EFM both fail at once, and 3G is still working (and I’m in the office to do something about it) then my guess is that we’ll get back up and running quicker on MiFi and laptops with WWAN and Connectify than we would be reconfiguring the router to use a 3G dongle. I expect that trying to run SIP over 3G isn’t likely to work that well anyway – so the phones don’t matter.
As a no servers company I wasn’t expecting to use the VPN functionality, but it dawned on me that it would be handy to be able to have remote access to printers, SIP phones and the router itself. It supports IPSEC, L2TP and PPTP. My attempts to configure IPSEC and L2TP with Windows 7 failed (the Vista application notes just didn’t get me across the line). I’m happy to say that I do have PPTP working reliably, and whilst this feels like a lowest common denominator solution it’s perfectly satisfactory for the task in hand.
No servers mans no services, which means no need for fancy firewall configuration.
I didn’t get a 2820 with any SIP capabilities (which are available on the ‘V’ models), but I wish I’d known that such things existed before setting up the office VOIP system .
DHCP – The previous 2Wire router was pretty good at handing out the same IP to the same MAC. The 2820 seems to pretty much insist on handing about the next IP in the availability stack for each lease request. Yes, I could define static mappings for every device in the office (as I’ve done already for the printers, and may still do for the phones), but this is just annoying.
Web admin – definitely a feel of designed by engineer rather than UI expert. It’s functional, but could be more intuitive.
The 2820n does what I bought it for, and maybe a little more besides, so I’m happy with it. Administration could be made a bit easier, but now that it’s working that shouldn’t really be an issue. I expect it to just sit in the corner and do its job.
 One of the issues here is that I didn’t want to specify a fixed end point IP for the remote device. Even though I have static IP at home I wanted the VPN to work from wherever I might be.
 Though to be honest the VOIP stuff on the 2820V is pretty limited, and if I wanted SIP trunking etc. I’d have probably waited for the newer 2930 if I had decided to get a device with VOIP support (and that has SSL VPN too).
Filed under: review, technology | 6 Comments
Tags: 2820, 2820n, 2930, adsl, DrayTek, efm, firewall, IPSEC, L2TP, load balancer, network, networking, PPTP, router, sip, Vigor, voip, vpn, wifi