I’ve been a NordVPN customer for about 6 months now, mainly due to its ongoing support of L2TP connections. However recent changes to its service put my use of this service with my Draytek 2862 in jeopardy. Luckily there is a fix, and it’s a story of updates…
Earlier this year I made the change from PIA to NordVPN due to a change of goalposts from PIA (More below), and since the change my VPN service has been impeccable, using a LAN to LAN connection via L2TP to connect, and routing traffic through the service for a separate VLAN.
However a few weeks ago I noticed that the connection has dropped and stayed down, despite being set to always on.
During hour long web chat with NordVPN support (who were helpful and responsive) it was revealed that recent changes to the Nord service meant that now only service account credentials were permitted for authentication for 3rd party devices.
The Draytek and Nord guides for setup (albeit NordVPN guide referred to Draytek’s notes) both illustrated the account login credentials being used, and likewise this is what I was using. Although it was now apparent why this was and now why using service creds is a huge issue.
The NordVPN service account has a 25-character password, which at the advice of Nord support, cannot be changed. The Draytek 2862 was only capable of storing up to 15-character passwords. This essentially stopped the service for my use in its tracks.
As a big relief, the latest 3.9.6.1 release firmware for the 2862 now allows 26-character passwords to be saved in the LAN to LAN profile, this is worthy to note as this detail is not in the release notes.
So, if you are in a similar predicament, upgrade your firmware to the latest.
PIA to NordVPN Story
As mentioned, prior to NordVPN I was using PIA in a similar setup using the weaker PPTP as the connection protocol.
The change in providers was forced upon me late last year PIA made upgrades to their infrastructure, which as a result meant that only OpenVPN or Wireguard protocols were offered. This effectively stopped the support for a Draytek 2862 as it did not have these available for a dial-out LAN to LAN VPN.
Following some research, the move to NordVPN was made and it turned out to be a blessing in disguise.
My use of PIA came before the purchase of the 2862, so as part of my initial configuration PIA was added as a dial-out profile. In use, the Draytek from the start suffered multiple reboots, sometimes twice a day. A lengthy dialogue with Draytek support started (Personal opinion; Draytek support are abysmal) in which many logs were sent, and in the end had to prove its instability with SNMP graphs. Eventually I was sent a beta firmware to load onto the router.
This helped, but uptime was still limited to at most 7 days, either through unexpected reboot or to fix a new issue where the WiFi SSID would stop broadcasting.
Since the change to NordVPN, stability has been impeccable, and the change to L2TP as a protocol has brought a big improvement to speed, where I’m now able to reach WAN speeds (40Mbps on VDSL) whereas was only getting a quarter of that with PIA.
Even though the removal of PIA brought a stability breakthrough, I was reluctant upgrade firmware in the fear that the reboots would return. This was compounded by the lack of detail in the firmware release notes and the recent news that the 2862 was becoming end-of-life, leaving me skeptical that new firmware’s would bring anything other than security patches.
I’m happy to be proved wrong on this point. Lesson here is that new firmware can bring feature updates that while not worthy enough of the patch notes, could be critical for your operation.
If you are NordVPN user with a Draytek 2862, upgrade to the latest firmware to regain functionality.