Earth Notes: On the Vigor 2862ac VDSL2 Router and WiFi: Setup How-To

The DrayTek Vigor 2862ac VDSL2 Security Firewall arrived from the ISP early afternoon 2019-05-02. I powered it up and measured power consumption (~9W) but did not plug it into the VDSL2/FTTC BT socket.

(The TG582n+ECI used ~12W between them. I'd like to reduce networking power load so that I can have the networking kit powered off-grid more of the time. I was attempting to eliminate the 8W of the TG582n with the RPi3 by folding networking functions into the server itself. I still hope to get there at some point soon. I hope that the Vigor is not too power-hungry in the interim.)

TR-069

On the dispatch note the device was described as set up for TR-069 remote configuration, so rather than attempt to (re-/de-)configure it all myself, I called the ISP and asked a few questions:

• The Vigor can be plugged directly into the BT master socket from the DSL port, or into the ECI VDSL modem Ethernet from the WAN2 port. Which should I do?
• What password should I used to log in with to do any residual configuration such as setting the WiFi SSID and key? (I don't want to assume that the defaults listed in the manual are the right thing to use with TR-069 in place.)
• Which port or ports should I plug the RPi 2 into that uses my static IP block? With the TG582n as last provisioned by the ISP, one specific port was designated 'DMZ' and used for this, with everything else being NATted/DHCP, wired or WiFi.

The answer to the first was to go directly from Vigor to the FTTC line, the ECI now being considered obsolete.

Beyond that, no further visible progress was made today, and I am not around tomorrow. So I have to stick with my current flaky arrangement through the long weekend at least...

The old router survived the long weekend relatively well, with even WiFi being sensible. Possibly due to me balancing the router upside down on its edge for better cooling. Possibly the cooler weather. Possibly whichever bad actor is paid to break remote systems taking the weekend off also...

After an unhelpful email and a couple of calls I finally got someone to start helping me set up the router enough for them to take over the main configuration at ~16:00. (The ISP had failed to set it up for remote provisioning before dispatch, again, I am told.) I left it plugged into the VDSL2 line for them to remotely footle. (My sites, etc, are down while this happens.)

By 17:30-ish when I called to check progress they had decided to defer it until tomorrow and to their third-line support, though say that they will restart at 07:30 if I plug it back in, so I can leave for a meeting in good time tomorrow morning.

(I almost certainly could now configure it myself faster, given that the basic outbound connection was working, ie I could get email and browse over the Vigor's WiFi, but I did not want to wade into whatever configuration they might have had in place or in mind...)

More interaction with the ISP's support team resulted in a semi-bricked unit, which needed a factory reset to be able to do anything with it again. Setting up IPv4 routing for a static subnet is as the ISP's CTO says is "a dying art", and it will almost certainly be easier all round if I do it.

This will be a quick how-to highlights, and does not cover all the bells and whistles. It'll help remind me when I need to revisit it!

12:28Z and all net traffic just stopped. Logging into the Vigor revealed an uptime of under a minute, ie it had just crashed and restarted. Not so good.

Other users have reported a number of outages today so far (by mid-afternoon).

I have turned back on remote status monitoring with SMSes, which I hope will now not gobble up all my credits!

I have also loaded the latest available firmware release for the Vigor.

12:30Z: connectivity has been slow or lost (at Windows 10 client dropped the WiFi and refused to reconnect). Logging in to the Vigor shows that the VDSL2/PPPoE connection had restarted.

13:10Z: link down again.

I spoke to the ISP, and the ISP called back at the end of the day. I attempted a "quiet line test" as requested (17070 option 2), but my available handset is ancient and crackly, so hardly definitive. We have arranged for a BT Openreach visit.

I asked the ISP what it could see in terms of line drops from its side for the only full Vigor day so far (yesterday, Monday). Starting at about 13:30 BST the ISP saw nine drops in total. One of those was probably me trying to get some life back into the connection at ~10pm when a five minute job was being stretched to a two hour job by the rotten throughput, but most of the rest were not!

Coming up to 100h with the DSL connection not restarted, and over 160h of the Vigor not restarted, and line error metrics fairly low and hardly moving, it looks like the FTTC connection is 'fixed' for now.

The profile is "17a" with bandwidth capped at 80/20Mbps (down/up).

The fix took several weeks and two routers (I haven't had a returns number from the ISP for the first one yet!) and many hours, and three engineer site visits. Eeek.

The 5G WiFi seems to have gone off-line and attempts to scan for adjacent APs seem to hang the Web interface.

"System Up Time" is reported as 1136:20:23, and VDSL2/PPPoE uptime as 773:02:46.

Time to try a reboot...

Yes, after rebooting, 5G is back, and "AP Discovery" does not hang... So this router will need babysitting, just as the Technicolor did. Bah!

I just took an 'upgrade' to version 3.9.1.2_BT.

However, the device is now extremely unstable and I can barely even log into it over WiFi. Connectivity has been up and down many times in the few hours since the upgrade. It has been necessary to power cycle the device at least a couple of times by 3pm today to get even admin access to it.

Even the auto-logout feature of the admin console seems broken!

Now attempting upgrade to 3.9.1.3_BT. (Current version: 779517/773F01, 77B507/775401; upgrade version: 779517/773F01, 77B507/775401.)

After the upgrade the dashboard shows Firmware Version | 3.9.1.3_BT with Build Date/Time | Oct 18 2019 11:45:17, and DSL Version | 779517_A/B/C HW: A.

I have taken a config backup. It is opaque binary, which is unhelpful. (I have also kept a safe copy of the firmware binary.)

It's probably better than the TG582n, but bits of functionality fall over requiring manual intervention at least about weekly. Not all require power cycling (I can log into the Web interface and usually cycle individual WiFi frequencies, or more dramatically request a reboot). But it's sad for a fairly upmarket bit of equipment to be this flaky.

Maybe worst is that a laptop we were using for working from home with until very recently had difficulty maintaining a (2.3GHz) WiFi connection. That caused a lot of annoyance when using cloud services such as Google Drive and Office 365.

No newer firmware seems to be available. 3.9.1.3_BT seems to be the latest.

I have needed to cycle 5G and/or reboot the Vigor periodically, so there's still clearly some software nasties in there.

We have had a fairly unstable FTTC/DSL connection for many days and longer, with sometimes several dropouts of service (of maybe up to a minute each) in a row.

Looking at the Vigor DSL status shows connection drops and training. This may currently be more a feature of a poor physical connection and some unusually wet weather mixed in (eg causing a first-time-ever leak in our shed too) than the Vigor's fault.

When I went for my daily lockdown walk, near the house were a couple of parked BT Openreach vans. The engineers were there to fix broadband for a house nearby, from failing aluminium cables. They were not aware of any larger problem. (The fixee and I connect to the same cabinet; maybe if their modem is not having to shout any more, our connection may get better too?*)

It remains disappointing that a relatively expensive bit of kit has enough internal flaws that this is not the only annoyance...

I reported the problems to my ISP, and when their support chap looked at the Radius server he exclaimed! I believe that he saw maybe 20 line drops per day (or ~120 over a week), with the last few timings lining up with what I'd observed. So there's no attempt to claim that I'm making it all up!

The latest communication from the ISP includes:

... our next best step would be to go for a replacement router in which case I'll need to refer this to the Provisioning Team to arrange. The testing on the line is picking up a fault either close to or internal to the premises ...

I'm not inclined to believe that it really is a router fault. More like that dodgy line spice 50m up the line from us. But I don't know.

I also took the opportunity to wiggle the RJ45 cable (router to BT master box) fairly thoroughly at both ends to try and ensure good connections. Equivalent to a strategic "engineer's thump" AKA "percussive maintenance".

I really don't want to have to do another "How To" soon!

Likely unconnected to wiggling, etc, but as of 7pm BST the connection has been up for over 31 hours.

The connection may have been poor for some of that time (I experienced very bad audio in a Meet call 24h ago for a while for example), but it has been up.

I want to check link uptime this morning and firstly WiFi dropped out (and 5G din't come back) more or less as soon as I connected.

Then the display changed to a cut-down sub-display with no means to escape (logout was not functional, browser reload did nothing).

So I had to power cycle the box. Not good.

It is possible that NoScript was interfering in some way. All is back now.

The router still seems to be very unreliable, given its spec and price.

To the extent that I wonder if it is being deliberately attacked somehow. I think I had that happen a long time back, over 20 years ago, with a borrowed router that could be (and apparently was) downed remotely without any credentials.

At the moment I have the router rebooting (basically) daily at a quiet time. Also, to attempt to save a little energy and help keep it working nicely, I have the 5GHz WiFi disabled overnight and otherwise running at reduced TX power.