Draytek Vigor 2900g Broadband Security Router Reviewed



Wireless Security

Turning to wireless security, the picture is much better, if not a little unusual.

Vigor 2900G - Wireless Security settings

Figure 16: Wireless Security settings

As you can see in Figure 16 you get support WEP, Wi-Fi Protected Access (WPA) and 802.1x flavors of security, although 802.1x and WPA "Enterprise" (WPA / 802.1x) support requires that you supply the required external RADIUS server. The unusual capability that the 2900G provides is its simultaneous support for WEP and WPA (shown in the drop-down in Figure 16).

Though handy for folks trying to transition from WEP to the more robust WPA, this mixed-mode support is discouraged by the Wi-Fi Alliance. This is because any WEP clients associated to the 2900G could be compromised, essentially neutralizing any advantage provided by the more secure WPA.

On a more positive wireless security note, the 2900G provides the much-desired ability to support VPN connection from wireless clients.

Vigor 2900G - Wireless access control with VPN

Figure 17: Wireless access control with VPN

This feature is incorporated into the MAC address Access Control feature shown in Figure 17. You have the option of limiting access to specific wireless clients by just MAC address or MAC address plus VPN. Note that you'll need to configure a tunnel for each client to which you wish to grant access. Also note that you don't get a pick list of currently associated clients to choose from when creating the Access Control list, nor can you load or save a file with the MAC addresses.

Unfortunately, when I checked this feature the MAC address control portion worked fine, but I found the Must Use VPN over WLAN checkbox had no effect. A quick check with DrayTek confirmed that this is broken in the v2.5.2_rc3 firmware I was using, but is on the fix list for an upcoming firmware update.