Access AX88U Web GUI remotely using Instant Guard vs port forwarding

[welim]

Dear Sir/Mdm,

I setup DDNS in the AX88U router and then enable Web access via WAN.
From remote site, I can use my laptop connect to any internet to access the AX88U GUI. I was told this is a security risk.

I wanted to understand what security risk it has? At the end of the day, it needs the DDNS to get the WAN IP and then the username/password to enter into the router GUI page.

With this, I can remotely add port forwarding so that I can also control my remote clients connected to AX88U. But all this required additional username/password.

Because people told me about security risk, I go enable "instant Guard" VPN in the AX88U. Then install instant Guard VPN client on my mobile phone to connect to AX88U. With this, I can access the web GUI using local IP address. It also need to key in username/password before able to enter. I would like to understand the differences on "security risk" ?

My last question will be if I use "instant Guard" VPN Server, there is no VPN Client for windows. Is it true?
It can only work with mobile devices ?

Best Regards,
Wee-How

 

[Crimliar]

Instant Guard is a useful tool, but there are times when you'll be better off using a full-blown VPN. Most of my usage comes when I'm on holiday, and I'm looking to tunnel family data for security reasons, which often means running my phone as an access point. If I need more than this I have WireGuard set up too and ready to be enabled using Instant Guard.
But that's my usage scenario, everyone's is different!!

 

[ColinTaylor]

I setup DDNS in the AX88U router and then enable Web access via WAN.
From remote site, I can use my laptop connect to any internet to access the AX88U GUI. I was told this is a security risk.

I wanted to understand what security risk it has? At the end of the day, it needs the DDNS to get the WAN IP and then the username/password to enter into the router GUI page.

Exposing the router's web interface to the internet using a common port number (e.g. 8443, 8888, 8000, etc.) is high risk. It will be the primary target of bot attacks. The Asus web interface is not a hardened security product and has a long history of being comprised leading to routers being infected with malware.

If you need to remotely connect to your router you should use robust security software, e.g. OpenVPN, WireGuard or Instant Guard (which uses IPSec IKEv2). These products are thoroughly tested for security.

 

[Tech9]

there is no VPN Client for windows

Use OpenVPN, Windows client works well.

OpenVPN Connect - Client Software For Windows | OpenVPN

OpenVPN’s Connect VPN software for Windows workstation platforms is developed & maintained by our team of experts. Download the client VPN software for your PC.

openvpn.net

 

[Justinh]

Wireguard's client

Installation - WireGuard

www.wireguard.com

 

[welim]

Exposing the router's web interface to the internet using a common port number (e.g. 8443, 8888, 8000, etc.) is high risk. It will be the primary target of bot attacks. The Asus web interface is not a hardened security product and has a long history of being comprised leading to routers being infected with malware.

If you need to remotely connect to your router you should use robust security software, e.g. OpenVPN, WireGuard or Instant Guard (which uses IPSec IKEv2). These products are thoroughly tested for security.

Ok noted. I've remove this=> "Enable Web Access from WAN" and then use instant guard and able to access it using local IP address