devolo dLAN 1200+

I used Devolo dLAN 200 Smart+ mains adapters, and was quite happy with them. They had replaced some older Sitecom devices that had the habit of crashing after a few hours use. They connect my data reservoirs, so I’m not interested in speed, but reliability. They were ok when I bought them, they still are, except our internet connection is now faster than they are.

Our flat has WiFi problems. The WiFi router has to sit by the socket bringing the internet into the flat, and the WiFi it creates only covers one of our bedrooms. Typical WiFi extenders aren’t acceptable, because they depend on that security turd, WPS. Device whitelists are essential for elementary WiFi network security, and WPS breaks them.

image: terres rouges

An alternative to WPS is to use the WiFi versions of the Devolo dLAN. With them, WiFi is extended, not by WPS, but by the wires in the walls. Unfortunately for me, my existing dLAN devices are so old that, although I could have bought an extension device, it would have actually been slower than the existing WiFi. My wife would have been unhappy with that. So I decided to upgrade the entire power network.

I bought some Devolo dLAN 1200+ WiFi ac mains networking adapters. This is the latest and greatest from Devolo, although part of the reason I bought it is that it was cheaper, by one euro, than the previous, slightly slower, version of the product, the dLAN 1200 WiFi.

The core technology underlying the product is fast, and it works. In fact, my network now feels a little more stable than it did. I have had, for a while now, a problem with upgrading my portable copy of this website; the version control software had obscure networking errors no matter where I made my connection. That problem has gone away.

The feature I wanted, to cover the entire flat with WiFi, works. It includes WiFi handover, which works well. Of course, older devices don’t all understand when they’re meant to swap base stations, so the world isn’t perfect, but this is hardly a problem with the new WiFi network.

Devolo supply, via a download from the Internet, a network configuration utility called devolo Cockpit. Despite its name, it does not involve gentlemen chicken being nasty. It is actually an overpretty utility that supports setting up a new power LAN network, and adding new devices to an existing network. It works well. Importantly, it allows configuration of mains and WiFi networking, including handover, without requiring WPS (although they do offer it).

The black mark, though, concerns the WiFi configuration software on the devices themselves. Each WiFi devices’s firmware is version 2.0.0, but it really should be marked as beta. It does successfully support configuration of the features, such as handover between WiFi stations, which is why I think the problem is the WiFi configuration itself. It fails in a number of areas:

  • The interface is HTTP only, not HTTPS;
  • The admin user name is fixed;
  • Once logged in, an information page displays the admin password without any kind of concealment;
  • You can’t log out, only disconnect;
  • The MAC address filter forgets all whitelisted addresses if you switch the feature off then on again;
  • The list of permitted MAC addresses only shows the addresses, not the device names, even though it knows those names;
  • It cannot block WiFi devices talking to each other;
  • It offers no logging. I’m going to have to put an SBC on the power net to gather logs, although I’d do that anyway for intrusion detection.

Despite these significant security shortcomings, and because the devices support working WiFi device whitelists, I believe they still offer better security than anything that depends on WPS.

I suspect part of the problem is that the WiFi devices have firmware version 2.0.0, which suggests it is brand new. I’m one of those people who prefer to wait until a new version of some software has been out for a while before I upgrade. This time, I’ve been caught by new product ‘get it out the door now’ flakiness. Still, Devolo is no Sinclair, and it does upgrade the firmware of its products, so I expect these problems will eventually be resolved.

I have not been able to test the encryption that Devolo assure me is used between devices on the wires. My data reservoir server encrypts everything anyway, but devices connecting via WiFi are usually so hobbled that one can’t force them to do the same. That’s not Devolo’s problem, but they offer a solution that I can’t verify.

These Devolo WiFi and mains networking products lies outside my DMZ. Basically, the lack of WiFi security is so ridiculous that there’s no point in even pretending what’s there is safe. They are a step down from the competing Fritz!Box products that I’ve seen. That’s why I treat them as untrustable transport for my real stuff. They’re for watching crap movies, not for anything serious. All this is why I’m not too hacked off with the dismal lack of security awareness in these Devolo products; I didn’t expect anything better. All the same, I will extend my intrusion detection to cover this network, so I can watch what’s going on.

After one day, these Devolo products seem potentially useful, and they seem to do their networking tasks speedily and reliably, but I would advise anyone considering buying these devices for their WiFi features to wait until Devolo has improved the WiFi configuration. If you’re security conscious, make sure these devices lie outside your DMZ.