DrayTek 2600VG: DSL Router Hotness

I’m pretty excited about something which probably wouldn’t even excite most geeks, but that’s okay. I placed an order for a DrayTek Vigor 2600VG which will basically consolidate the functionality of many devices in my networking chain of death, including being able to fix the problem where my Lingo SIP router automatically grabs updated firmware and then forgets how to forward packets.

It provides a whole ton of stuff:

• Combination ADSL Modem, router, firewall, print-server and Voice-over-IP device
• ADSL Interface compliant with :
  • ADSL & RADSL
  • ATM Protocols : G.DMT, AAL5, ATM UNI3.1/4.0 PVC, up to 8PVCs, MPoA (RFC1483/2684), OAM F4/F5 Loopback (ITU-T I.610), ILMI.
  • Auto-Rate Negotiation (512Kb/s-8Mb/s Downstream). RADSL compatible.
• Twin phone ports - Connect any regular analogue telephone phone
• Compatible with all UK ADSL lines and all ISPs
• Four-Port 10/100BaseT autosensing Ethernet interface with manual speed over-ride (expandable)
• Virtual LAN (VLAN) Facility - Enables you to segment the Ethernet ports to provide common or exclusive Ethernet access to the other segments (see earlier).
• Ethernet port throttling - Each of the four 10/100BaseT Ethernet ports can be limited
  to a maximum throughput (RX/TX selectable). e.g. Port 1 could be set to provide max 256Kb/s to prevent individual users, or LAN branches from consuming too much of your broadband bandwidth.
• Print Server capability via built-in USB port. Compatible with most standard printers with a USB port and any Windows 98SE, 2000 or XP client PC.
• Internet Firewall facilities featuring :
  • Automatic Keep-state facility for tracking packets and denying unsolicitied incoming data
  • Selectable DoS/DDoS protection
  • IP Address anti-spoofing
  • User-configurable packet-filtering
  • NAT/PAT with Port Forwarding/Redirection & DMZ
• Internet Content Filtering features selectable :
  • URL (web-site) blocking by user-defined keyword. e.g. enter ‘fredbloggs’ into the blocking list and users will be unable to access www.fredbloggs.com etc.
  • Prevent accessing of web sites by using their direct IP address (thus URLs only)
  • Blocking automatic download of Java applets and ActiveX controls
  • Blocking of web site cookies
  • Block http downloads of file types :
    • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
    • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
    • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
    • Time Schedules for enabling/disabling the restrictions and regular Internet access
• VPN facilities :
  • High performance VPN with dedicated co-processor : Up to 16 simulteneous VPN tunnels.
  • Dial-in or dial-out, LAN-to-LAN or Teleworker-to-LAN
  • Protocol support for PPTP, L2TP, IPSec (MD-5 & SHA-1)
  • Encryption : MPPE, DES/3DES & AES
  • PFS (Perfect Forward Secrecy) - Adds additional key protection
  • Pre-shared/IKE keying
  • IKE Phase 1 Agressive/Standard Modes & Phase 2 Selectable lifetimes
  • Radius Support for dial-in teleworker profiles
  • Compatible with other leading 3rd party vendor VPN devices
  • For further details about Vigor VPN click here
• Wireless Features :
  • Wireless client connectivity to the Internet and to other wireless/wired PCs for peer-to-peer networking
  • 54Mb/Sec Maximum Total Wireless Network capacity (depending on environment)
  • Wireless range up to max 200M (open space) and typically up to 50M direct line of sight in buildings/homes. Performance will vary considerably depending on environment (obstructions, walls, ceilings, building type etc.)
  • Twin aerials to give best coverage and diversity (higher-gain aerials are available as an optional extra)
  • Compatible with any client device complying with the 802.11g Protocol
  • Backward compatible with 802.11b devices
  • WLAN Time Schedule - Wireless can be disabled at certain times of day (e.g. out of hours)
  • Wireless Security Features :
    • VPN over WLAN - supporting IPSec/3DES encryption
    • 802.1x User Authentication
    • WPA Data Encryption (Feature est. avail. March 2004)
    • 64/128bit WEP wireless encryption
    • Client MAC Address locking
    • SSID stealthing
    • Wireless interface can be disabled when required (from web interface)
• Microsoft uPnP Compliant - The uPnP protocol enables router control and enhanced access for uPnP enabled multimedia applications, such as MSN Messenger etc.
• SNMP & Syslog control/logging/monitoring
• Dynamic DNS Posting, compatible with popular services
• Support for non-NAT public subnets (multiple public IP addresses)
• LAN Side IP address range and DHCP server/relay is fully configurable
• RIP & Static Routing configurable
• VPN Passthrough for VPN client/server running behind the router
• Easy configuration and monitoring from web-interface and comprehensive diagnostic tools

Insane, right?

This is what my current network looks like:

Cisco Router < --> Lingo SIP Router (private network) < --> Linksys Router (another private network) < --> Workstation/Server


I’m surprised it even works honestly– luckily I’ve done enough networking over the years to know how to do this stuff, it’s just a pain to keep TWO sets of port forwarding rules working (PITA to troubleshoot).

After the new router comes in, it will be:


Intarweb < --> Draytek Router (private network) < --> Workstation/Server/Lingo Router


Whoot! I think I might even be able to get rid of the Lingo router as well since this thing provides VOIP routing.. cool stuff. I never thought such a device would ever exist.