Securing Draytek 2820n for Home Use

elrasho · 12 Nov 2013 at 20:27

Picked up a DrayTek2820n and want to configure it so it's secure for home use. I factory reset and set it up for the following:

1. Connected to SuperHub (which is in Modem Mode)
2. Port Forwarding for my PC (RDP), Rasberry Pi (Vnc) and Xbox 360
3. Setup a DynDNS
4. Wireless N setup with WPA2/PSK key

Is there anything else I should do to secure this router as its got a lot more options than my Virgin Super HUB

bremen1874 · 12 Nov 2013 at 21:02

They come fairly well locked down. I certainly can't remember having to change anything.

The 2820 is getting quite old. It'll limit your broadband connection to about 50Mbps.

KIA · 12 Nov 2013 at 21:03

Disable UPnP if you have port forwarding rules in place for the 360.

elrasho · 12 Nov 2013 at 21:20

I'm on a 30mb line so it doesn't affect me, I'll disable UPnP.... What does that do anyway?

Ev0 · 13 Nov 2013 at 01:45

Dynamically opens up ports/port forwards as requested by stuff connected to it iirc

elrasho · 13 Nov 2013 at 23:40

On my Draytek 2820n to allow me to access my PC via RDP I have to use Port Forwarding AND Port Redirection??? It didn't work until I enabled Port Redirection... on other routers Port Forwarding is enough. Is this correct?

bremen1874 · 13 Nov 2013 at 23:56

You should just need to configure 'Nat->Open Ports'. You'd only need Port Redirection if you need to map an external port to a different internal port.

Opening RDP to the world isn't that great an idea.

elrasho · 14 Nov 2013 at 00:00

But when I just use NAT>open ports and try to rdp or put the ip address of my Raspberry Pi Web interface it doesn't connect, only when I use port redirection.

EDIT: Must be noob week for me, I had WAN1 selected rather than WAN2, now it wrks

I've taken off Port Redirection.

As for RDP , I need to port forward otherwise I won't be able to RDP to my PC from Work right?

bremen1874 · 14 Nov 2013 at 00:09

Glad you've got your main issue sorted.

If you want remote access I'd use RDP over a VPN connection, or use something like LogMeIn. I wouldn't take the risk of just leaving an open port forward.

elrasho · 14 Nov 2013 at 00:41

My router has an option for VPN is it easy to setup? I've also made my router accessible from the Internet by typing in my DynDNS but I want this to be more secure because all I get is the basic router login page.

bremen1874 · 14 Nov 2013 at 01:18

If you're seeing the router login from the WAN side look at 'System Maintenance'->'Management' and check your settings. Generally there's no reason to be allowing management from the Internet.

The VPN is easy enough to setup, but will depend heavily on what you're using as the VPN client. Is is much easier to use one of the web-based remote access systems.

elrasho · 14 Nov 2013 at 01:29

I could but I like the idea of VPN-ing to my PC at home,I've seen this guide: http://www.draytek.com/index.php?option=com_k2&view=item&id=2771&Itemid=293&lang=en

bremen1874 · 14 Nov 2013 at 01:39

The VPN will work. Depending on your circumstances reconfiguring a works machine (assuming you even have the necessary access rights) to make the connection could land you in hot water.

elrasho · 14 Nov 2013 at 02:10

I'll try that guide soon