DrayTek UK

Release Notes for DrayTek Vigor2862 series (UK/Ireland)

26 nov 2024 — all" unless you have specific line issues. Upgrade Instructions. It is recommended that you take a configuration backup prior to upgrading the firmware. This ...

Google Docs
Google Drive
Download [pdf]

File Info : application/pdf, 41 Pages, 441.30KB

readme v2862

Release Notes for DrayTek Vigor2862 series (UK/Ireland)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.8 (Formal Release) Critical Upgrade recommended immediately 21st October 2024 26th November 2024 21908_1197_974fed38cc Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None) Improvements
1. Web GUI security improvements 2. Improvements to the system performance when used with WCF Known Issues (None)

Firmware File Types

The ZIP file contains the firmware with two different file extensions, .ALL and .RST. The firmware is identical, but the RST file contains factory default settings. If you install the ALL file, your router will retain all existing settings. If you use the RST file, all settings will be wiped from your router.

Modem Codes

There are four firmware variants available for download.

Download Filename
v2862_3998_BT.zip v2862_3998_MDM0.zip v2862_3998_MDM2.zip v2862_3998_MDM3.zip

Firmware Filename
v2862_3998BT_779517.all v2862_3998_776D07.all v2862_3998_77B506.all v2862_3998_77C717.all

Modem Code

VDSL

ADSL

779517

773F01

776D07

772801

77B506

775401

77C717

775A11

We recommend using firmware "v2862_3998BT_779517.all" unless you have specific line issues.
Upgrade Instructions
It is recommended that you take a configuration backup prior to upgrading the firmware. This can be done from the router's system maintenance menu.
To upgrade firmware, select 'firmware upgrade' from the router's system maintenance menu and select the correct file. Ensure that you select the ALL file unless you want to wipe out your router's settings back to factory default.
Manual Upgrade
If you cannot access the router's menu, you can put the router into 'TFTP' mode by holding the RESET whilst turning the unit on and then use the Firmware Utility. That will enable TFTP mode. TFTP mode is indicated by all LEDs flashing. This mode will also be automatically enabled by the router if there is a firmware/settings abnormality. Upgrading from the web interface is easier and recommended this manual mode is only needed if the web interface is inaccessible.

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.7 (Formal Release) Critical Upgrade recommended immediately 12th September 2024 17th October 2024 21607_1189_918fff549c Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Web GUI security improvements 2. The Validation Code on the login page did not work 3. Some Country Objects could not work due to the firewall settings 4. The URL Filter did not block HTTPS websites when TLS 1.3 hybridized Kyber was enabled in
the browser 5. Rebooting the router did not work when CPE set parameter contained WAN1
username/password details
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.5 (Formal Release) Critical Upgrade recommended immediately 18th July 2024 13th August 2024 21063_1174_23392e4fd6 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Web GUI security improvements 2. Resolved an issue with failure to apply the ACL from the Internet to the SNMP Server. 3. Resolved an issue with failure to register to MyVigor due to Pkey lost and P/N key exchange. 4. Resolved an issue with the router reboot on VPN and Remote Access>>Connection
Management page
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.4 (Formal Release) Regular Upgrade recommended when convenient 17th May 2024 26th June 2024 20391_1165_0239c7ca11 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Password mechanism changed to force admin to change the password from the default password
2. The APPE licence section has been removed from the WUI (the new APPE definitions are updated by firmware, and not the signature file)
3. Improvements to the network security related to the password and DHCP functionality 4. Fix for the pre-auth DOS for the router's web access
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.3 (Formal Release) Critical Upgrade recommended immediately 15th January 2024 22nd March 2024 19117_1141_5c03ca4c88 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. The Web GUI Security improvements 2. Fix for the WCF URL Reputation Get [Send Query Failure] & [Abnormal Server Response]
errors 3. WCF/DNSF didn't work when the domain name exceeded 63 characters
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.2 (Formal Release) Regular Upgrade recommended when convenient 18th July 2023 23rd August 2023 17151_1116_ed90019452 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
1. Support for the new WCF service URL Reputation. If you have an existing activate licence, then this will be upgraded to the URL Reputation licence.
Improvements
1. Web GUI security improvements 2. In some circumstances the DHCP relay did not work 3. ACL could not be removed by TR-069 parameter 4. The APP Enforcement function could not block TeamViewer 5. The simplified Central AP Management feature has been restored to full version
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9.1_BT (Formal Release) Critical Upgrade recommended immediately 11th January 2023 3rd March 2023 15870_1062_2426c5eed4 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None) Improvements
1. Improvements to the Web GUI Security (CVE-2023-23313) Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.9_BT (Formal Release) Regular Upgrade recommended when convenient 7th November 2022 19th December 2022 15870_1062_2426c5eed4 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
1. Support for Cyren Zero-Day WCF
Improvements
1. Secondary NTP server can now be specified as a backup if the primary is unavailable 2. Improvements to the IPsec IKE buffer used for receiving retransmitted phase2 PFS
negotiation 3. System uptime displayed on [Central Management] > [Switch] > [Status] was showing
incorrect data 4. The Hotspot Web Portal terms and conditions section exceeding 500 characters could stop
the feature showing the page correctly
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.8.1_BT (Formal Release) Regular Upgrade recommended when convenient 26th April 2022 06th May 2022 12433_959_e14180a37 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None) Improvements
1. Improved Web GUI Security 2. Updated HTTPS mechanism to address the CVE-2022-0778 (OpenSSL) Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.8_BT (Formal Release) Regular Upgrade recommended when convenient 15th March 2022 19th April 2022 13060_951_b0523afc40 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. The WAN2 driver update will be installed with this firmware. Important Note: downgrading the firmware may disable WAN2 functionality due to incompatibility with older firmware
2. Support for IKEv2 fragmentation to improve IKEv2 EAP compatibility 3. A new email alert message when a VPN login attempt fails "[X.X.X.X] CHAP Login Failed ()",
which includes the IP address of the remote client attempting the VPN connection 4. Improvements to the HTTP stack-based buffer mechanism
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.7_BT (Formal Release) Regular Upgrade recommended when convenient 28th December 2021 7th February 2022 11859_882_38e95ffd26 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Improved WAN2 DHCP compatibility with Starlink 2. Resolved an issue that could cause problems with certificate renewal in some circumstances 3. DNS queries going through the router's DNS did not include the CNAME alias 4. NTP and Mail Alert server requests could not be sent when configured to send through a
specific WAN IP Alias 5. The router will automatically re-generate its self-signed certificate prior to the original
expiring, so that the router's self-signed certificate cannot expire while in use
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.6.2_BT (Formal Release) Regular Upgrade recommended when convenient 01st October 2021 21st October 2021 10563_811_8e5c6fe1ba Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Improved the mesh network stability 2. Updated wireless chipset drivers to resolve CVE-2020-26139 to CVE-2020-26145, CVE-2020-
24586 to CVE-2020-24588 3. Improved interoperability with NordVPN tunnels 4. Improved the save option for the Bridge Subnet settings in [WAN] > [Internet] > [LTE] section
(only LTE models such as 2862Ln or 2862Lac)
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.6.1_BT (Formal Release) Regular Upgrade recommended when convenient 01st April 2021 04th May 2021 6249_557_d35775af3 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Enlarged the tick box for hotspot web portal function via mobile phone 2. Added a new telnet command for "port poll on" to get latest SNMP data change 3. A warning message will appear for reused IP object / IP Group profile that has already been
used by other applications 4. A new TR-069 parameter added for SSH login/configuration and displaying corresponding
data via [VigorACS] > [Monitoring] > [CPE Notify] 5. The router would not respond when 802.1X was used for wired clients
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.6_BT (Formal Release) Regular Upgrade recommended when convenient 18th February 2021 23rd March 2021 4584_517_27d83d2ec Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None) Improvements
1. Fixed firmware upgrade via VigorACS and router's GUI issues 2. Updated MyVigor authentication method used for Web Content Filter license validation Known Issues (None)

Firmware Version 3.9.5_BT (Formal Release)

Release Type Build Date Release Date

Regular Upgrade recommended when convenient 3rd December 2020 23rd December 2020

Revision

3026_375_d92236a44

Applicable Models Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac,

Vigor 2862Vac

VDSL Modem Code 779517

ADSL Modem Code 773F01

Locale

UK & Ireland Only

New Features

1. [`ac' models only] Support for VLAN over Mesh (Bridge VLAN to Mesh) for multi-subnets

and isolated guest WiFi without cabling

2. Brute Force Protection can now be applied to the router's VPN services

3. Support for new 4G USB modems including the Huawei E3372h-320

4. Management from WAN can now be limited to Individual WAN interfaces when enabled

5. Hotspot Web Portal now supports authenticating users with "Receive PIN via Mail" to send

out an e-mail with PIN code to a client's e-mail address

Improvements 1. Central AP Management feature-set has been reverted to the previous firmware's functionality, allowing configuration of multiple SSIDs and VLANs. Management of Mesh APs is now managed through the [Mesh] menu on `ac' model routers 2. Loopback Interface now supported for management interfaces and services (TR-069, NTP, RADIUS/TACACS+, Syslog, SNMP). Configure a /32 Routed LAN subnet to use 3. Management Access List now supports Hostnames, IP Objects and IP Groups 4. Quality of Service Class configuration now supports IP Objects and IP Groups 5. Quality of Service Class configuration now supports multiple DSCP classes in a single rule 6. When "Preview Hotspot from WAN and VPN" is enabled, the Hotspot Web Portal captive portal can be previewed and tested on TCP ports 8001 and 8043 7. DrayDDNS can now be configured more easily with a setup wizard 8. WAN IP Alias can now be used with DDNS 9. Improved [VPN and Remote Access] > [OpenVPN] > Client Config with options to send OpenVPN configuration data to remote clients via Email through the router 10. Layout of [System Maintenance] > [TR-069] menu updated 11. The router can now connect to a backup VigorACS URL if the primary is unavailable 12. Secondary NTP server can now be specified as a backup if the primary is unavailable 13. TACACS+ now supports secondary server address configuration 14. IGMP Proxy can now limit IGMP to specified IP Object or IP Group only with IGMP Access List 15. Improvements to Mesh reconnection mechanism 16. Conditional DNS forwarding can work with a VPN user 17. Improved SMTP port number settings for Mail Alert Setup (e.g., 587 for StartTLS) 18. Corrected an appearance of "DHCP IP Assignment Table" on [Diagnostics] > [View DHCP Assigned IP Addresses]

Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.4.1_BT (Formal Release) Regular Upgrade recommended when convenient 10th August 2020 3rd September 2020
Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. The Router's self-signed certificate will change upon upgrade for compatibility with new browser certificate requirements. Starting from September 2020, many client OS & browsers will limit publicly trusted TLS server certificate lifetime to 398 days or less, and connections will be rejected if certificates exceed this. This firmware patch will automatically re-sign all self-signed certificate lifetimes to 395 days (was 2 years or longer in older versions).

Known Issues
1. The 3.9.3, 3.9.4, and 3.9.4.1 firmwares simplify AP Management Profiles for full compatibility with the new Mesh Root functionality. The changes limit AP Profile management to a single SSID only. Continue to use the 3.9.2 firmware if using Central AP Management with multiple SSIDs or VLANs configured. The 3.9.5 firmware release will re-instate the full AP Management Profile feature-set.

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.4_BT (Formal Release) Regular Upgrade recommended when convenient 28th May 2020 16th June 2020 90778 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
1. App Enforcement and App QoS now each support an expanded range of software and services, including Zoom
Improvements
1. App QoS can now apply Quality of Service Class 1, 2 or 3 to more services as individual items 2. DH Group 2 is now supported in Aggressive Mode for IKE phase 1 proposal 3. A new option of "Router generated certificates" on [VPN and Remote Access] > [OpenVPN] 4. New applications (including Anydesk) added on [CSM] > [APP Enforcement Profile] page 5. DNS settings for LTE WAN can now be manually configured with this CLI command:
wan lte set manual
Known Issues
1. The 3.9.3 and 3.9.4 firmwares simplify AP Management Profiles for full compatibility with the new Mesh Root functionality. The changes limit AP Profile management to a single SSID only. Continue to use the 3.9.2 firmware if using Central AP Management with multiple SSIDs or VLANs configured. The 3.9.5 firmware release will re-instate the full AP Management Profile feature-set.

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.3_BT (Formal Release) Regular Upgrade recommended when convenient 13th March 2020 09th April 2020 89077 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Improvements added to welcome message in [System Maintenance] > [Login Page Greeting] section
2. Improved ACL mechanism for remote management when 0.0.0.0 remote network VPN is established
3. Longer usernames (up to 63 characters) are allowed in [WAN] > [Internet Access] > [LTE] section (only LTE models such as 2862Ln or 2862Lac)
4. Simplified Router AP Management [AP Profile] interface to gather all settings into one page. Some options are currently unavailable. Do not upgrade to 3.9.3 firmware if you are using multiple SSIDs and other advanced features
Known Issues
1. Router [AP Management] > [AP Profiles], some options such as multiple SSIDs are not available for configuration in this firmware version. This is being looked into, to be resolved in a future firmware release.
2. Before upgrading firmware, take a configuration backup. After upgrade to 3.9.3 it is not possible to revert and downgrade to 3.9.2 firmware or earlier without factory resetting the unit. To downgrade from 3.9.3 firmware, reflash earlier firmware using .rst firmware and reload the configuration backup from the previous firmware version

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.2_BT (Formal Release) Regular Upgrade recommended when convenient 26th December 2019 23rd January 2020 87504 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
1. Mesh is now available on Vigor 2862 routers with 802.11ac dual-band wireless (ac,Lac,Vac) a. Set up Mesh initially from the [Wizards] > [Mesh Wizard] menu b. Configurable from the [Mesh] menu c. Supports Mesh Root mode
2. Support for DrayTek VPN Matcher service: a. Helps VPN clients and routers connect to a DrayTek VPN router, which connects to the Internet through a firewall or additional NAT router without port forwarding, which would not otherwise be able to accept VPN connections b. Suitable for usage with Cone NAT environments c. Supports LAN to LAN and Remote Dial-In User VPN connections d. Accessible from [VPN and Remote Access] > [VPN Matcher]

Improvements
1. Improved interoperability with Let's Encrypt certificate service with support for ACMEv2 2. IKE Proposals can now be controlled as Basic/Medium/High modes:
a. Basic: DES/3DES/AES encryption, MD5/SHA1/SHA256 authentication, all DH groups b. Medium: AES only, SHA1/SHA256 auth, G5/G14/G19/G20/G21 DH groups c. High: AES only, SHA256 only, G14/G19/G20/G21 DH groups d. Configured in [VPN and Remote Access] > [IPsec General Setup] 3. Support for using IP-alias address to register with VigorACS 4. Resolved an issue with establishing wireless WAN connection in some configurations 5. Improved handling of Fast Leave with IGMP Proxy when using multiple subnets / VLANs
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.1.4_BT (Formal Release) Regular Upgrade recommended when convenient 24th December 2019 2nd January 2020 87393 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None)
Improvements 1. Improved WebGUI security
Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.1.3_BT (Formal Release) Regular Upgrade recommended when convenient 18th October 2019 12th November 2019 85553 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None)
Improvements 1. Improved SSL VPN compatibility with Apple devices. Self-Signed certificate's Valid To date is now 2 years from date of generation. Regenerate the router's Self-Signed Certificate to meet the new trusted certificate requirements of Apple iOS 13 & macOS 10.15. Longer Valid To periods can be specified by generating a Local Certificate and self-signing it with the router's internal Root CA.
Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.1.2_BT (Formal Release) Regular Upgrade recommended when convenient 11th October 2019 23rd September 2019 85041 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features (None) Improvements
1. Support the new DrayTek MAC Address OUI beginning with "14:49:BC" and improved the firmware downgrade compatibility.

Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.1.1_BT (Formal Release) Regular Upgrade recommended when convenient 19th August 2019 06th September 2019 84158 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. SSID1(All) schedule option in [Wireless LAN] > [General Setup] added 2. Receiving SMS messages would not work in some circumstances 3. The router would stop responding when the SSH session from a LAN PC times out 4. Some configuration backup files could not be properly restored 5. WAN2 Wireless mode would not work when connecting to a hidden SSID 6. IPsec Xauth VPN connection could not be established 7. A wireless client could still connect via WLAN 2.4G even though the time expired according
to the profile schedule.

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.1_BT (Formal Release) Regular Upgrade recommended when convenient 8th July 2019 10th July 2019 83262 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
1. Support for IPTV diagnostics using the [Applications] > [IGMP] > Enable IGMP Syslog option 2. Service activation status can now be verified from [MyVigor Services] > [Service Status] 3. Exceptions from load balancing for individual services / ports can now be configured from
[WAN] > [General Setup] > Advanced button 4. IP Groups can now be allowed as Source IPs for [NAT] > [Port Redirection] & [Open Ports]

Improvements
1. WAN2 port is now set to operate as LAN5 by configuring the [WAN] > [General Setup] > [WAN2] Enable setting to "No"
2. Station Control settings can be specified in [Central Management] > [AP] > [WLAN Profile] 3. Note added to indicate router's certificate isn't included as part of the configuration backup 4. Show button added to [Switch] > [Group] management page to check group password 5. TR-069 parameters added to allow configuration of VoIP QoS through VigorACS 6. Support for "Dynu" DDNS provider added to [Applications] > [Dynamic DNS] 7. Access List for management interfaces can now allow or block Pings 8. IPsec EAP option added to IKEv2 LAN to LAN VPN to use X.509 for authentication 9. VigorACS STUN server settings for [System Maintenance] > [TR-069] is automatically filled in
from the ACS Server URL hostname/ip 10. IKEv2 EAP VPN connection could not be established from Windows 10 when using a self-
signed CA on the router 11. VigorACS CPE registration could fail when registering over a VPN using LAN2 LAN8 12. OpenVPN clients could be unable to establish a VPN tunnel under some conditions 13. VPN Profile Backup from other DrayTek router models couldn't be restored to Vigor 2862 14. VPN Remote Dial-In Users could not connect to the router when using a LAN to LAN VPN
tunnel with "Change default route to this VPN tunnel" enabled 15. In some scenarios, it was not possible to resume watching IPTV services through the router
after pausing the IPTV video service for 5 minutes or more 16. SSL VPN Clients could receive the router's WAN DNS servers instead of the DNS servers
specified through DHCP Relay 17. CLI commands can now be issued through VigorACS with the "CLIcmd" TR-069 parameter in
the VigorACS Parameter Tree

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.9.0_BT (Formal Release) Regular Upgrade recommended when convenient 30th November 2018 2nd January 2019 78129 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features 1. OpenVPN is now supported as a Remote Dial-in User VPN protocol.

Important Note: The router's OpenVPN server is automatically enabled on the router upon upgrade to 3.9.0 firmware, which listens on TCP & UDP ports 1194 by default and will take precedence over port forwarding to a LAN server using these ports. This service and its listening ports can be configured from the [VPN and Remote Access] > [OpenVPN] menu, or disabled in [VPN and Remote Access] > [Remote Access Control]

2. The router's Switch Management can now manage the VigorSwitch G1080, P1092 & P2121 3. Let's Encrypt certificate support added 4. Hotspot Web Portal can now support IPv6 clients 5. Support for dial-out IPsec VPN with XAuth to Cisco EZ VPN Server

Improvements
1. Hotspot Web Portal Database stored on USB can now be encrypted by enabling "Database Encryption" in [Hotspot Web Portal] > [Users Information] > [Database Setup]
2. Wireless LAN SSID is now displayed for each SSID in [Wireless LAN] > [Security] settings 3. Added support for data compression of VigorAP management 4. Support user management on the client authentication by the RADIUS server 5. IPsec EAP option added to IKEv2 LAN to LAN VPN to use X.509 for authentication 6. Hotspot Web Portal logs for user connection & disconnection can now be sent via syslog 7. Support NAT mode for IKEv2 LAN to LAN dial-out connection and IKEv2 NAT mode with EAP
MSCHAPv2 authentication 8. SNMPv1 and SNMPv2 can now be enabled / disabled separately from SNMPv3 operation in
[System Maintenance] > [SNMP] 9. Added TR-069 parameters for enabling/disabling [Data Flow Monitor] function 10. SNMP monitoring clients can now read out the CPU load and memory usage percentages as
part of the router and firmware details in the sysDescr.0 (OID 1.3.6.1.2.1.1.1) value 11. The router's SSL VPN server port can now be set via the CLI command "mngt sslvpnport" 12. TR-069 login message no longer displays model information from the router 13. USB Thermometer was not detected in some configurations

14. Wrong IP address for the subnet mask "/15". Correct IP address should be "255.254.0.0" 15. In HA Hot-Standby mode, DHCPv6 Sync Status failed in the Secondary router 16. The "Block DNS" option in an APP Enforcement profile could be automatically enabled upon
upgrade to 3.8.9.x firmware, resulting in App Enforcement blocking DNS unintentionally 17. Unable to allocate static IP address to IKEv2 VPN client 18. The router did not clear routes added via BGP when removed through BGP 19. CLI command "ip bandwidth del <IP>" did not work 20. When selecting Internet IP in Determine WAN IP, DrayDDNS did not update with correct IP,
or an error message of "WAN IP not present" appeared 21. Unable to block a static route by the firewall when a remote dial-in user is connected 22. Improved interoperability with Xbox One and UPnP / DMZ host 23. Data quota set on [User Management] > [User Profile] would be reset to zero after re-login 24. Vigor router ignored Don't Fragment flag in IP header 25. Custom local admin user account could not log in from WAN when "Admin Login from
Internet" option is disabled 26. Wireless clients would be disconnected from a VigorAP (e.g., VigorAP910C) when adding a
new MAC address to Access Control List on [Central Management] > [AP] > [WLAN Profile] 27. SNMP data could be different from the readings on the router's dashboard 28. WDS security key configured in [Wireless LAN] > [WDS] could not be saved 29. Improved PPPoE ISP interoperability by adding support for configurable PPP LCP Echo
Request options 30. Improved DSL bandwidth auto detection for Quality of Service
Known Issues
1. Important Note WAN2 Factory Default configuration: The WAN2/LAN5 port is set to operate as the WAN2 port by default. 3.8.8BT and 3.8.8.2BT had the port operate as LAN5 by default. This only affects the factory default configuration, which is loaded upon pressing the router's Factory Reset button, or reflashing with .rst firmware. Existing WAN2/LAN5 port configuration will not be altered during the upgrade process. To use this port as LAN5, it must be configured in [WAN] > [General Setup] > [WAN2] by changing the Enable setting of WAN2 to "Set as LAN".
2. See New Features entry #1 for notes on OpenVPNs impact on Port Redirections for TCP/UDP port 1194

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.8.9.2_BT (Formal Release) Regular Upgrade recommended when convenient 16th July 2018 7th August 2018 75315 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Quality of Service did not display WAN1 (ADSL or VDSL) sync speeds in f/w 3.8.9 & 3.8.9.1 2. Firewall filter rules were not correctly applied to Routed LAN subnets 3. Improved interoperability with Hotspot Web Portal and Facebook authentication service 4. Web interface could not be accessed via HTTPS from in some network environments 5. A new Self-signed certificate could not be generated from [System Maintenance] > [Self-
Signed Certificate] > Regenerate 6. NAT loopback could not operate with port forwards configured using ports 768 to 1023 7. Improved VDSL interoperability 8. Wireless clients connecting to 2.4GHz wireless SSID and disconnecting could not connect to
5GHz wireless SSID, receiving an invalid security key error 9. Entering a speech mark character i.e. " in the Pre-Shared Key for wireless SSID 2, 3 or 4
would result in the wireless security settings for SSID 2, 3 and 4 being inaccessible from the web interface 10. The "Analyse a single packet" mode of [Diagnostics] > [Route Policy Diagnosis] could not be displayed correctly in Google Chrome browser 11. [LTE models only] In some situations, the integrated LTE modem could block the router from being restarted through the web interface

Known Issues
1. The IP Filter does not apply to traffic using [Routing] > [Static Routes] in firmware 3.8.9 and later.
2. Important Note WAN2 Factory Default configuration: The WAN2/LAN5 port is set to operate as the WAN2 port by default. 3.8.8BT and 3.8.8.2BT had the port operate as LAN5 by default. This only affects the factory default configuration, which is loaded upon pressing the router's Factory Reset button, or reflashing with .rst firmware. Existing WAN2/LAN5 port configuration will not be altered during the upgrade process. To use this port as LAN5, it must be configured in [WAN] > [General Setup] > [WAN2] by changing the Enable setting of WAN2 to "Set as LAN".

Firmware Version Release Type
Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.8.9.1_BT (Formal Release) Regular Upgrade recommended when convenient Note: A previous firmware (3.8.8.2_BT) was a critical release. This f/w includes all changes/improvements that were in 3.8.8.2_BT. 12th June 2018 19th June 2018 74522 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

Security Advisory
1. Check your DNS and DHCP settings on your router. https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcpweb-attacks If you have a router supporting multiple LAN subnets, check settings for each subnet. Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e.g. Google 8.8.8.8). A known rogue DNS server is 38.134.121.95 - if you see that, your router has been changed.
New Features
1. Firewall Filter rules can now be linked to specified LAN and WAN interfaces by selecting a Direction then clicking Advanced and selecting the interfaces that the Filter rule will affect
2. ISO 3166 Country objects configured in [Objects Setting] > [Country Object] menu can be applied as Source / Destination IP ranges in Firewall Filter rules
3. LAN IP Alias added to [LAN] > [General Setup] to define which WAN is used for outbound traffic by sending to a different Gateway address for the router
4. Support DrayOS IKEv1 IPsec XAuth as a VPN protocol for Remote Dial-In User VPN tunnels 5. Support for EAP Tunnelled Transport Layer Security (EAP_TTLS) security method added to
[Applications] > [Local 802.1X General Setup]. 6. Configuration backup / restore is now available for Remote Dial-In User and LAN-to-LAN
profiles to back up all VPN profiles configured, separately from the main router configuration file 7. Larger certificate files now supported in [Certificate Management] > [Local Certificate] making it possible to include additional certificates required to complete a certificate chain 8. Support for mOTP and 2FA (two factor authentication) via e-mail/SMS added for remote management in [System Maintenance] > [Administrator Password] 9. When upgrading firmware, selecting a firmware file and clicking the "Preview" button will display details of the firmware selected

Improvements
1. Fixed the App Enforcement profile issue in 3.8.9 firmware 2. Fixed the Web UI Issue if Bandwidth Limit and Data Flow Monitor were enabled in 3.8.9
firmware 3. Factory Default configuration now enables WAN2 port instead of operating as LAN5 port 4. Support for VigorACS 2 version 2.3.0 5. Improved device compatibility with router's 5GHz WLAN and AES encryption 6. Layout of [WAN] > [Internet Access] > [Details Page] improved to group essential settings in
the left pane, with additional / advanced options grouped in the right pane 7. Subnet Mask settings in the web interface now use a drop-down box for selection 8. The number of characters allowed in a text box, such as a username or password field, is
now displayed in the web interface when no text is entered in that text box 9. Layout of [VPN and Remote Access] > [Connection Management] improved with separate
tabs for active LAN-to-LAN and Remote Dial-In User VPN tunnels 10. Layout of [Bandwidth Management] > [Quality of Service] improved 11. DoS Defence moved to [Firewall] > [Defence Setup] 12. Anti-Spoofing Defence settings for IP and ARP spoofing added to [Firewall] > [Defence Setup] 13. Certificate import can now be performed via CLI using "mngt cert_import" command via URL 14. Removed deprecated CLI commands "ip dmz" and "ip aux [Join to NAT pool]" 15. Added "IPv6 Address Random Allocation" option for DHCPv6 Server settings 16. IKEv2 LAN to LAN VPN tunnels can specify these new Proposal options:
a. Diffie-Hellman (DH) Group 19 (256-bit Elliptic Curve) b. Diffie-Hellman (DH) Group 20 (384-bit Elliptic Curve) c. Diffie-Hellman (DH) Group 21 (512-bit Elliptic Curve) 17. [LTE models only] Improvements to LTE module operation 18. The Router Name set in [System Maintenance] > [Management] can be used as L2TP Client's Host name 19. Central AP Management profiles now have options to configure AP-assisted Client Roaming parameters 20. Support Channel Width selection on [Central Management] > [AP] > [WLAN Profile] 21. When upgrading firmware, selecting a firmware file and clicking the "Preview" button will display details of the firmware selected 22. Improvements to WAN Budget scheduling 23. Inter-LAN Routing table in [LAN] > [General Setup] now allows routing between LAN1 and DMZ when VLANs are not enabled 24. Improved load balancing algorithm for VoIP STUN and SIP connections will now remain on the same WAN interface by default 25. Session timeout values for SSH and Telnet can now be adjusted with "mngt telnettimeout/sshtimeout" CLI commands 26. Improved Bandwidth Limit operation when used in conjunction with QoS 27. If TR-069 was configured with STUN, the resulting UDP connection request address would still be sent to the TR-069 server after disabling STUN for TR-069 28. Unable to pass traffic through VPN when VPN Trunk Backup connection was resumed 29. The web interface did not accept IPv6 Object IP addresses ending with "::"

30. Improved warning notifications given when disabling LAN ports, USB ports, LEDs and buttons in [System Maintenance] > [Panel Control]
31. LTE status on [Dashboard] changed signal display of RSSI/RSRP to RSSI after auto refreshing 32. Syslog incorrectly displayed the password setting for WAN DHCP Client Identifier 33. The router could sent incorrect DNS queries if Syslog / Mail Alert was enabled 34. Improved VLAN Tag Insertion layout for [WAN] > [General Setup] > [WAN1] 35. Schedule entries are now selected from a drop-down box which displays each schedule entry
number and configured Comment fields 36. Schedule entries configured to operate overnight did not work correctly 37. Improved handling of Firewall filter rules configured to operate on a schedule 38. Enabling Session Limit could block Internet connectivity for Remote Dial-In User VPN tunnel
connections from VPN clients sending Internet traffic through the VPN tunnel 39. NAT Port Redirection entries configured through the CLI did not take effect unless disabled
and re-enabled 40. NAT Port Redirection entries configured with TCP protocol could not be enabled 41. Improved USB storage handling, to better handle USB storage being unplugged while
reading data from the USB for a user connected to the router's FTP server 42. Improved interoperability of the DHCP Relay function with Windows Server's DHCP server 43. DHCP Relay did not work with Remote Dial-In User VPN tunnels 44. Enabling "Allow management from the Internet" option for IPv4 could also enable this
option for IPv6 Internet connections 45. Entering a Pre-Shared Key(PSK) containing " in [Wireless LAN] > [Security] would cause that
settings page to display incorrectly 46. [Central AP Management] > [WLAN Profile] could not set TX Power for 5GHz WLAN 47. USB Disk could not be detected upon reconnection after disconnecting via WUI 48. Improved compatibility with "freedns.afraid.org" and "UBDDNS" Dynamic DNS providers 49. Log information could not be displayed for DtDNS Dynamic DNS hostname updates 50. The Domain Name "ddns.net" could not be selected when using No-IP.com Dynamic DNS 51. Added support for EntryDDNS Dynamic DNS provider 52. Unable to get DrayDDNS domain name after registering and activating the DrayDDNS license 53. TR-069 Packet Counters for LAN ports could still increment when the port was not in use 54. The "Don't Fragment" flag of an IP header was not processed correctly in all scenarios 55. Could not register Avaya phone [H.323] to IPPBX server through router's NAT 56. Multiple objects can now be selected configuring an object group 57. Added "Next" and "Previous" links on each object profile editing page 58. DHCP Broadcast packets from LAN clients could incorrectly be sent out through the WAN2
interface in some circumstances, affecting WAN2 connections using DHCP for IP allocation 59. DHCP server state of LAN Subnets could be displayed incorrectly on the [Dashboard] 60. Auto VoIP QoS is now applied to routed LAN subnets 61. Wireless clients could not communicate with wired clients in the same VLAN with a VLAN tag 62. Incoming RDP sessions cannot authenticate with Firewall configured for User-based mode 63. QoS LED could be incorrectly lit if QoS was enabled then disabled 64. Restart is no longer required for changes to [Applications] > [RADIUS/TACACS+] > [Internal
Server] when enabling/disabling Internal Radius Server or modifying the Authentication List

65. Remote Dial-In User VPN connections could not access the Internet through the VPN tunnel if Hardware Acceleration was enabled on the router
66. Some IPv6 packets were incorrectly blocked by the IP Filter with rules configured to pass these IPv6 packets
67. Resolved display issue with Bind IP to MAC enable/disable setting in VigorACS 2 68. When the Interface - LAN section is expanded on the [Dashboard], click on Host
ID/Comment text to switch between ARP Table's Host ID and Bind IP to MAC's Comment 69. Added switching between viewing All Users and Online Users view in [User Management] >
[User Online Status] by clicking on the text in the upper right 70. Bind IP to MAC was incorrectly limited to 300 entries instead of 1024 71. Increased Hotspot Web Portal profile Terms and Conditions Content field length to 1360
characters 72. Idle timeout value was not applied to Remote Dial-In User tunnels using SSL VPN 73. ARP Table displayed Comments incorrectly for some IP addresses i.e. x.x.x.10 would display
the same comment as x.x.x.101 74. "CN" and "cn" values (Common Name Identifier) for LDAP now operate in the same way 75. PPPoE status messages were not displayed in [Physical Connection] > [Online Status]
Known Issues
1. Currently detected WAN1 (ADSL or VDSL) throughput for Quality of Service is not displayed, instead displaying the default 100Mbps Up & 100Mbps Down. This is a display issue and does not affect the functionality of QoS
2. Important Note WAN2 Factory Default configuration: The WAN2/LAN5 port is set to operate as the WAN2 port by default. 3.8.8BT and 3.8.8.2BT had the port operate as LAN5 by default. This only affects the factory default configuration, which is loaded upon pressing the router's Factory Reset button, or reflashing with .rst firmware. Existing WAN2/LAN5 port configuration will not be altered during the upgrade process. To use this port as LAN5, it must be configured in [WAN] > [General Setup] > [WAN2] by changing the Enable setting of WAN2 to "Set as LAN".

Firmware Version Release Type
Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.8.9_BT (Not Released) Regular Upgrade recommended when convenient Note: A previous firmware (3.8.8.2_BT) was a critical release. This f/w includes all changes/improvements that were in 3.8.8.2_BT. 22nd May 2018 74033 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

To use this port as LAN5, it must be configured in [WAN] > [General Setup] > [WAN2]. Set the Enable setting of WAN2 to "Set as LAN" and click OK. The WAN2/LAN5 port will operate as LAN5 once it has restarted.
2. The router cannot be managed from the Web UI if Bandwidth Limit is enabled on the router. This will be corrected in the next firmware release.

Firmware Version Release Type Build Date Release Date Revision Applicable Models
VDSL Modem Code ADSL Modem Code Locale

3.8.8.2_BT (Formal Release) Critical Upgrade recommended immediately 18th May 2018 18th May 2018 73942 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac, Vigor 2862Vac 779517 773F01 UK & Ireland Only

Known Issues
1. Important Note WAN2 Factory Default configuration: The WAN2/LAN5 port is set to operate as a LAN port by default. To use the port as WAN2 it must be enabled in [WAN] > [General Setup] > [WAN2]

Firmware Version Release Type Build Date Release Date Revision Applicable Models VDSL Modem Code ADSL Modem Code Locale

3.8.8_BT (Formal Release) Regular Upgrade recommended when convenient 14th February 2018 8th March 2018 72016 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac, Vigor 2862Lac 779517 773F01 UK & Ireland Only

New Features
1. WAN2 (Ethernet) port can now operate as a LAN port when disabled in [WAN] > [General Setup] > [WAN2], for a total of 5 LAN ports, by selecting "No-Set as LAN" as the Enable option

Important Note WAN2 Factory Default configuration: The WAN2/LAN5 port is set to operate as a LAN port by default. To use the port as WAN2 it must be enabled in [WAN] > [General Setup] > [WAN2]

2. LAN ports, Wireless LAN button and Factory Reset button can now be enabled or disabled from [System Maintenance] > [Panel Control]
3. Router's status LEDs & port LEDs can be turned off or put into "LED Sleep Mode" when inactive, configured in [System Maintenance] > [Panel Control]
4. Wireless Pre-Shared Key can now be viewed when logged into the router's admin account. Click on the "****" text to reveal the password currently in use
5. EAPOL Key Retry Enable/Disable setting added to [Wireless LAN (2.4GHz/5GHz)] > [Security] Disabling this setting can prevent WPA2 Key Reinstallation Attack (KRACK) attack vectors, for more details please read this security advisory: https://www.draytek.co.uk/information/our-technology/wpa2-krack-vulnerability (EAPOL Key Retry is set to Enabled by default and in previous firmware)
6. Full Bridge mode added to WAN1 (DSL) in Static or Dynamic IP section, to support forwarding packets with VLAN tags through the router's modem
Improvements
1. Unicode text codes can now be used in Hotspot Web Portal bulletin text 2. "None" option for Syslog in CSM (UCF/WCF/DNSF) profile is no longer used 3. Default WAN Connection Detection mode for PPPoE/PPPoA connections is now named "PPP
Detect" instead of "ARP Detect" 4. Automatic monthly reset of User Profile time/data quotas (with monthly schedule entry) 5. Central AP Management could not query AP status correctly with management VLAN tag
configured 6. Syslog & SMTP Server fields in [System Maintenance] > [Syslog/Mail Alert Setup] now allow
up to 63 characters for longer hostnames 7. Web Syslog in [Diagnostics] > [Syslog Explorer] can now be used when "Syslog Server" is not
enabled or configured in [System Maintenance] > [Syslog / Mail Alert]

8. RIP entries in the routing table received across the LAN and associated with a WAN interface were cleared from the routing table after 3 minutes when the WAN interface was disconnected
9. Internet Explorer browser could not successfully upload logo images for Hotspot Web Portal 10. Setting changes to the telnet command "adsl automode" to control the "Multimode" setting
for ADSL modulation, were not kept when restarting the router 11. The router's DSL modem could still sync using ADSL2+ Annex M after removing "AnnexM"
from the "Multimode" ADSL modulation using "adsl automode" 12. The "IP Routed Subnet" option could not be enabled in
[Bandwidth Management] > [Bandwidth Limit] 13. Bandwidth Limit's effect on LAN to LAN VPN tunnels is toggled on/off with the "IP Routed
Subnet" option 14. Bandwidth Limit was not applied correctly when using IP Groups 15. Bandwidth Limit was not applied to VPN traffic correctly in some configurations 16. Corrected a display issue that could occur when configuring a LAN subnet with a Subnet
Mask of 255.255.0.0 17. DHCPv6 could incorrectly assign multiple IPv6 addresses from other LAN subnets 18. MyVigor DrayDDNS service status could incorrectly be displayed in red after updating
information 19. [NAT] > [Open Port] settings could not be saved if a UDP port was specified that conflicted
with a TCP management port 20. LAN to LAN VPN tunnels configured using the "Ipsec VPN with the Same Subnets" option
enabled could not be saved in some configurations 21. [LTE models only] An LTE WAN with an active VPN connection could drop the LTE WAN
interface after 5 hours due to inactivity 22. Enabling Session Limit could stop NAT port forwarding (Open Ports / Port Redirection / DMZ)
from operating correctly 23. Quick Start Wizard could incorrectly allow configuration of a blank administrator password 24. Remote dial-in user name (with RADIUS authentication) was not correctly displayed on
VigorACS 2 server (on Dashboard >> VPN Overview). 25. Resolved connectivity issue with 1483 Routed LLC Mode ADSL connections 26. Improved DNS caching behaviour with Web Content Filtering and DNS Filtering enabled
Known Issues
(None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models VDSL Modem Code ADSL Modem Code Locale

3.8.7_BT (Formal Release) Regular Upgrade recommended when convenient 20th October 2017 3rd November 2017 69378 Vigor2862, Vigor2862n, Vigor 2862Ln, Vigor2862ac 779517 773F01 UK & Ireland Only

New Features
(None)
Improvements
1. Improvements to Wireless WAN (WAN2) mode WPA2 security to protect against WPA2 Key Reinstallation Attack (KRACK), for more details please read this security advisory: https://www.draytek.co.uk/information/our-technology/wpa2-krack-vulnerability
2. BGP Router ID can now be set to a specified LAN / WAN IP address manually 3. Switch Management now supports management of the VigorSwitch P1280 4. Improved handling of WAN Alias IPs by sending an ARP request to the WAN Gateway upon
first configuration 5. ISO 3166 Country objects added to [Objects Setting] menu for use with Route Policy to
determine outbound connection used for IPs within a country's IP range 6. Improved session handling when using VPN Trunk in Weighted Round Robin mode 7. Improved DNS Security Domain Diagnosis function to utilise the router's DNS Cache 8. Corrected handling of DNS query responses with DNS Security enabled on the router 9. Improved Firewall's Session limit handling of Fragmented UDP packets on a Routed LAN 10. Restarting the router (via WUI, CLI), would drop and restart PPP connection before the
router rebooted 11. [Product Registration] link did not work when connected to EE's 4G network

Known Issues (None)

Firmware Version Release Type Build Date Release Date Revision Applicable Models VDSL Modem Code ADSL Modem Code Locale

3.8.6_BT (Formal Release) Regular Upgrade recommended when convenient 21st August 2017 27th October 2017 68071 Vigor2862, Vigor2862n, Vigor2862ac 779517 773F01 UK & Ireland Only

New Features
1. Support for extra TR-069 parameters 2. Support for Ethernet Bridge Mode on Ethernet WAN2 3. Added Users Information section to Hotspot Web Portal (requires USB storage to operate) to
store details of users that have connected through the Hotspot Web Portal 4. Switch Management now supports Alert & Log, which stores and notifies of events such as
port disconnections for connected VigorSwitches (requires USB storage to operate)
Improvements
1. Improved 5GHz wireless support 2. Improved support for integrated LTE models of the Vigor 2862 (i.e. Vigor 2862Ln) 3. Improved router's NTP update of current time on restart 4. Added "Enforce HTTPS Access" to router's HTTP management setting, which redirects
management access over unencrypted HTTP to encrypted HTTPS 5. IPsec traffic was not passed correctly to a VPN server connected to a Routed LAN Subnet 6. Could not assign an IPv6 Static IP as an IPv6 WAN address using a prefix of /128 7. Firewall blocked large ICMPv6 packets incorrectly 8. A VLAN tag of 3 could not be specified on the WAN2 interface 9. Changing High Availability configuration to Hot Standby could cause unexpected behaviour
from the WAN Config Sync settings 10. NAT loopback did not operate correctly when using [NAT] > [DMZ Host] 11. The router could respond to a port scan on TCP port 443 with the services that use TCP port
443 disabled (i.e. SSL VPN, HTTPS Management, DNS Filter) 12. Improved wording of Web Content Filter categories in web UI 13. When enabled DoS Defense could affect information displayed in [Online Status] 14. Improved Web Content Filtering algorithm to block Gmail when using the Chrome web
browser with the Web Content Filter set to block "Web-based Mail" category 15. Improved App Enforcement algorithm for "Google Services" to block only Gmail and Google
Drive 16. Route Policy Diagnostics would indicate an incorrect rule for Route Policies with a domain
name specified as the destination 17. Improvements to handling of multiple subnets across a VPN tunnel, to avoid scenario where
a VPN tunnel linking two DrayTek routers using LAN2 on each could result in traffic sometimes being forwarded to LAN1 subnet 18. WAN IP Alias addresses did not work correctly with ports opened in [NAT] > [Open Ports]

Known Issues 1. If experiencing an issue establishing an Internet connection on ADSL or ADSL2+ connections, set the WAN1 DSL Mode to "ADSL Only"
2. Restoring a configuration from a Vigor 2860 is not possible with this firmware version. Upgrade to the 3.8.7 firmware to restore a configuration file from a Vigor 2860 router

Firmware Version Release Type Build Date Release Date Revision Applicable Models VDSL Modem Code ADSL Modem Code Locale

3.8.5_BT (Formal Release) Initial Release 12th May 2017 12th October 2017 65164 Vigor2862, Vigor2862n, Vigor2862ac 779517 773F01 UK & Ireland Only

First Firmware Release for this model New Features (None) Improvements (None)

[END OF FILE]

Microsoft Word for Microsoft 365