I'm seeing odd behaviour in the VPN management under v4.5.1 on a 2927 in the VPN section. Editing or creation of a new profile (using IKEv1 IPSec) the encryption is defaulting to 3DES or DES only, select AES, save and it switches back after going back in to the profile. I made some changes to a couple of VPN's after upgrading to v4.5.1 the other day, a routine task, two of them stopped working and after some initial head scratching realised the outbound WAN IP addresses had swapped around! I ultimately had to downgrade to v4.4.6.2 again to make work, upgrading to v4.5.1 seems to still work for these VPN's but any changes screws them up.

Anybody else seen this issue? I'll get it reported to Draytek.

Further to this I've found a work around. I tried setting up a new connection on a 2927 running v4.5.1 and the same behaviour happened, I should note this particular VPN was outbound and using Aggressive (peer ID) authentication. Changing to IKEv2, as a 'main' VPN (Aggressive not supported in IKEv2), saving, then editing and changing back to IKEv1 allowed me to see the AES encryption options and saving again seemed to store these permanently.

I'll raise with Draytek support.

I'm hitting this also but can't seem to get it to stick by switching to IKEv2, saving, then back again to IKEv1.  Still reverts to DES/3DES after selecting aggressive and saving

That's odd as I did get this to initially work, trying again though had the same result as you so might have just been lucky.

Good news is I've reported this to Support who have tested, acknowledged and found a fix that should be rolled out in the next firmware update, hopefully very soon.

Thanks.  I'm in a similar situation to you.  I've currently managed to get IKEv2 working for now so I'm not touching either config because it looks like just going in to the remote LAN to LAN settings changes stuff.  I'll wait for the next firmware update and then try again.