readme_v2200.txt

***********************************************************************************
    UK Release Notes for Vigor2200 Series Router 
    Firmware Version    : v2.3.11 (Formal Release) UK
    Released            : 5th October 2004 2004
    Build Date/Time     : Fri Sep 10 15:59:49.10 2004
    For Models          : Vigor2200, 2200X, 2200W, 2200E, 2200W 
                          NOT compatible with Vigor2200WPlus or vigor2200We
    Copyright           : DrayTek Corp.

************************************************************************************


Changes in Firmware 2.3.11
--------------------------

1. Correct wireless LAN problems.
2. Allow to set the WAN IP via telnet command or WUI from WAN side, 
   the router will restart automatically .
3. Correct the DNS proxy problem in respond packets.

Changes in Firmware 2.3.10
--------------------------

1. Changed default NAT type to Port Restricted Cone NAT; this
   should be useful for Multimedia apps operation e.g. Messenger.

New Features on Firmware 2.3.8
------------------------------

  [Improvements]:
        1. Firewall Keep-state improvement.
        2. Support MPPE for MS-CHAP v1 authentication
        3. Allow to specify MPPE encryption type on server side
        4. NAT improvement
        5. ARP attack defense in DoS.
        6. IP conflict resolution
        7. Improved Support for MSN 6.0 passthrough & NAT
        8. VoIP(SIP base)passthrough improvement
 
    [Fixed problems]:
        1. Fixed incorrect online time display for DHCP client  
        2. Fixed incorrect default gateway replacement for DHCP client
        3. Fixed VPN tunnel capacity.
        4. Other minor improvements


New Features in Firmware 2.3.6
------------------------------

- New features
  >> Selectable DoS/DDos on Firewall Setup

- Improvements
  >> Improve DNS assignment policy
  >> Support VPN connection from LAN interface
  >> Support PPTP with MPPE remote access clients via RADIUS authentication 
  >> Improve DHCP client stability
  >> Add customer DNS setting for DYNDNS.
  >> Improve H3.2.3 traffic pass-through NAT
  >> Change "Disable Ping from the Internet" as default setting to increase security
  >> Support wireless LAN roaming.

- Fixed problems
  >> Fixed connection failures on MS Exchange Server(5.5) from LAN
  >> Fixed VPN always-on problems for multi-tunnel connections
  >> Fixed VPN always-on failures when back-up ISDN  is up
  >> Fixed MS Chap v1 authentication failures on VPN (as a client)
  >> Some minor changes/fixes


New Features in Firmware 2.3.1
------------------------------

    [New Functions]:
	1. MPPE encryption for PPTP VPN.
	2. Default route through VPN tunnel.
	3. VPN always-on function.
	4. Keep-alive function for IPSec tunnel.
	5. Support Windows 2000/XP UDP port 1701 file setting for L2TP/IPSec. 
	6. IP assignment for the second subnet(public IPs)by specific MAC address.
	7. DHCP Relay Agent.
        8. ISDN security feature with blocked numbers for Vigor2200X.
        9. ISDN remote activation: ISDN dial in to turn up broadband connection. 
       10. Firewall Denial of Service functions.

    [Improvements]:
        1. L2TP compatibility improvement.
	2. VPN connection status display.
	3. VPN syslog information.
	4. IP-filter syslog information. 
	4. DHCP client/server improvements.
	5. RIP improvements.
	6. Router on-line status via syslog.
	7. new Vigor Tools v2.3 with new Syslog collector application.	
	8. DDNS improvements.
        9. NTP improvements. 
       10. Added telnet commands for IKE lifetime and PFS settings.	
       11. VoIP gateway pass-through NAT functions improvements.

    [Fixed problems]:
	1. Fixed on-line game "half-life" pass-through NAT problems.
	2. Fixed DHCP client problems.
	3. Corrected the display on the CLID field of LAN-to_LAN Dial-in profile.
	4. Fixed DNS problem with TTL = 0.
	5. Fixed WUI compatible problem with IE 5.0 on Mac OS 9.x platform.
	6. Fixed improper DNS-Proxy triggering WAN connection on Mac OS 10.2 platform.
	7. Fixed ISDN backup problem that broadband can not be access any more sometimes
           after power-up if enable ISDN backup.
	8. Fixed Telent command "tftpd" function.
 	9. Corrected Syslog information for on-line status.
       10. Fixed MSN 4.6 voice traffic pass-through NAT problems.
       11. Corrected slow POP3 authentication for QMail server.
       12. Fixed MSN 5.0 voice traffic pass-through NAT problems.
       13. Other minor bug fixes.
 

Hints for configurating default route through VPN tunnel:
        1. In the LAN-to-LAN profile, check the "Change default route to this VPN tunnel" 
           box to enable this function. Once this tunnel is up, all traffic will pass through
           this tunnel to reach the remote network. When the tunnel is down, the default route
           will be back to the orignal.
        2. This feature can only be enable on the dial-out side and apply to every type 
           of VPN. So once you set it up, this profile can only be used for dial-out setting.

 Notes for IPSec tunnel keep alive function
           Since the IPSec tunnel does not have any in-band checking for loss of connectivity, 
       there is a difficulty for tunnel maintenance. This note describes a mechanism for 
       IPSec tunnel maintenance. By performing regular ICMP pings with a host in the remote
       LAN to detect the tunnel aliveness.
           The following steps will tell you how to enable this feature on this firmware 
       1. In the LAN-to-LAN profile, check the "Enable PING to keep alive" box 
          and set an IP address of the node in the remote network(It can be the LAN IP of the 
          remote Vigor device).
          You must be aware that this feature can only be enable on the dial-out side and also 
          apply to IPSec tunnel only. So once you set it up, this profile can only be used for 
          dial-out setting.
       2. On the dial-in side, there is no any specific setting for this.
       3. Once the dial-out side detects the tunnel is not available, it will clean the tunnel up
          and be ready for next connection.
          But it will not automatically reestablish this tunnel again, unless
          a. The "Always On" box is checked.
          b. Any traffic to the remote network to trigger the tunnel connection
          c. Manually dial out from the Web Configurator
       4. The duration for the detection of loss tunnel may be up to 40 seconds. 

 The new telnet commands for VPN(IKE)
 >vpn l2lset                  - Display the LAN-to-LAN Profiles
 >vpn l2lset ?                - Show available sub telnet commands and usages
 >vpn l2lset <list index>     - Show the setting of this LAN-to-LAN profile
 >vpn l2lset <list index> phase1 <lifetime>
                              - Set key lifetime of IKE phase 1 for this 
                                LAN-to-LAN profile(Dial-out portion)
 >vpn l2lset <list index> phase2 <lifetime>
                              - Set key lifetime of IKE phase 2 for this 
                                LAN-to-LAN profile(Dial-out portion)
 >vpn l2lset <list index> pfs <on/off>
                              - Force-on "perfect forward secret" or disable
                                force-on "perfect forward secret". The default
                                value is off. 



New Features in Firmware 2.2
----------------------------
    
 Release Notes: 

    [New Functions]:
	1. Added SYSLOG information for VPN, WAN log, call log, User access log, DNS 
           TCP/IP connection and online status.
        2. Released new Router Tools:
         2.1 new version 2.0 of VTA client to add virtual-com port function in Win98/Me.
         2.2 new syslog client utility.
        3. Added more remote network settings for LAN-to-LAN connectivity.
        4. Added a new DDNS provider www.dynamic-nameserver.com.	
	5. Improved DNS proxy to allow sending an IP address to request the corresponing domian name.
	6. Improved NAT Port Redirection to redirect PPTP connections into local PPTP server.
        7. Added the lease time setting on the LAN DHCP server via telnet command "srv dhcp leasetime xxx".
	8. Added VPN connection always-on function.
        9. Improved NAT engine to allow fragmented IKE packets pass-through.

    [Issued Fixed]:

	1. Fixed a PPTP connection problem with Mac OS X.
	2. Protected TCP port 1732 and 113 against port scanner from WAN.
	3. Fixed a RADIUS problem if remote dial-in users request a call-back option.
 	4. The SNMP contact information is incorrect( changed to info@draytek.com.tw ).
        5. Fixed a FTP Port Redirection problem.
        6. Fixed the Telnet's ip ping command can work with directly-connected routing subnets.
        7. Fixed a WUI problem that is the field "Peer ISDN Number or Peer VPN server IP" in the
           "LAN-to-LAN Dialer Profile Setup>Dial-In Settings" can not be stored the last digit 
           if the input length is just equal to 15.
        8. Fixed a packet trigger problem to allow establishing a LAN-to-LAN connection via 
           more-route subnets. 
        9. Fixed a DHCP problem to serve the local subnet configuring with larger or smaller than CLASS-C.
       10. Fixed a PPPoE problem to work with a Dutch cable system.
       11. Fixed the VPN's authentication failed problem while establishing a LAN-to-LAN
           connection with L2TP over IPSec.
       12. Fixed a compatible problem with some ICQ2002a's functions.
       13. Fixed a problem that Netmeeting connection can not be always successfully
           initialized.
       14. Improved re-keying mechanism to work with Netscreen VPN routers.
       15. Impro...