What's new

Can't access router using DDNS address from LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Morac

Senior Member
I have my GT-AX6000 set up to use DDNS from Goole Domains. I decided to try and set up Let's Encrypt so I can access it using https. Using the steps on https://www.asus.com/support/FAQ/1034294#lets, Let's Encrypt worked fine and it installed a certificate.

The problem I'm running into though is that I cannot access the router using the DDNS hostname and port (8443) from my local network. I can access it from https://www.asusrouter.com:8443 but since the certificate doesn't match that hostname it shows as not secure.

I can ping the router using the DDNS hostname, but not access the web page.
I have remote access disabled and would like to keep it that way.

Is there some way to access the router internally using the DDNS name?
 
I have my GT-AX6000 set up to use DDNS from Goole Domains. I decided to try and set up Let's Encrypt so I can access it using https. Using the steps on https://www.asus.com/support/FAQ/1034294#lets, Let's Encrypt worked fine and it installed a certificate.

The problem I'm running into though is that I cannot access the router using the DDNS hostname and port (8443) from my local network. I can access it from https://www.asusrouter.com:8443 but since the certificate doesn't match that hostname it shows as not secure.

I can ping the router using the DDNS hostname, but not access the web page.
I have remote access disabled and would like to keep it that way.

Is there some way to access the router internally using the DDNS name?
Just get-in via any of router built-in VPNs. E.g. wireguard. The only thing to do is to change IP from VPN configs to your Google DNS name.

Personally I use the very same approach when remote access is disabled but using my AWS Route 53 DNS service (I have Route 53 IP update docker app running on NAS) to connect to Asus's wireguard server.
 
are you using the host and domain name? So it would be something like:

Yes.

I basically gave up. The UI over SSL is very sluggish and since I only access it on my local network over WiFi which is already encrypted I'll just use http.

Also when I enabled Let's Encrypt it somehow automatically accepted the ASUS privacy license. I withdrew that, but it still seems to be doing some thing with it behind the scenes as I see the following in the logs even though I never agreed to the EULA:

Dec 28 12:35:13 Mastiff: Got AAE_SIG_EULA_FLAG_SIGNED
Dec 28 12:35:13 Mastiff: Got AAE_SIG_REMOTE_CONNECTION_TURNED_ON
 
Just get-in via any of router built-in VPNs. E.g. wireguard. The only thing to do is to change IP from VPN configs to your Google DNS name.

Personally I use the very same approach when remote access is disabled but using my AWS Route 53 DNS service (I have Route 53 IP update docker app running on NAS) to connect to Asus's wireguard server.
I don't want to run a VPN on the router as I don't access it outside my home.
 
I have my GT-AX6000 set up to use DDNS from Goole Domains. I decided to try and set up Let's Encrypt so I can access it using https. Using the steps on https://www.asus.com/support/FAQ/1034294#lets, Let's Encrypt worked fine and it installed a certificate.

The problem I'm running into though is that I cannot access the router using the DDNS hostname and port (8443) from my local network. I can access it from https://www.asusrouter.com:8443 but since the certificate doesn't match that hostname it shows as not secure.

I can ping the router using the DDNS hostname, but not access the web page.
I have remote access disabled and would like to keep it that way.

Is there some way to access the router internally using the DDNS name?
The DDNS certificate is for the DNS name associated with your external IP address. If you want to use it you would have to enable remote web access and rely on NAT loopback.

I don't want to run a VPN on the router as I don't access it outside my home.
Then there's no point creating a public DDNS name.

I can access it from https://www.asusrouter.com:8443 but since the certificate doesn't match that hostname it shows as not secure.
Use the router's self-created certificate. https://www.asus.com/support/FAQ/1034294#cert
 
Last edited:
I was always under the impression that SSL certificates are for DNS names and not for IP addresses. And I hate to say it, but even with external access off, my certificate(s) are up and running!
 
I use no-ip for my ddns, and access the router over the LAN using the no-ip domain.
My domain is XXXXXX.ddns.net, so I set the same domain under LAN>LAN IP thus:
Screenshot_2023-12-28-21-28-42-75_3aea4af51f236e4932235fdada7d1643.jpg
 
I have my GT-AX6000 set up to use DDNS from Goole Domains. I decided to try and set up Let's Encrypt so I can access it using https. Using the steps on https://www.asus.com/support/FAQ/1034294#lets, Let's Encrypt worked fine and it installed a certificate.

The problem I'm running into though is that I cannot access the router using the DDNS hostname and port (8443) from my local network. I can access it from https://www.asusrouter.com:8443 but since the certificate doesn't match that hostname it shows as not secure.

I can ping the router using the DDNS hostname, but not access the web page.
I have remote access disabled and would like to keep it that way.

Is there some way to access the router internally using the DDNS name?
Serious question, why does it matter that it shows up as 'not secure'.

Accept it and move on, or just connect via the IP, I mean, you know what the internal IP of your router is, right :)
 
Serious question, why does it matter that it shows up as 'not secure'.

Accept it and move on, or just connect via the IP, I mean, you know what the internal IP of your router is, right :)

I don’t care really, but for some reason if I try to log into my router on my iPad or iPhone, the password autofill doesn’t show up (hasn’t since upgrading to iOS 17). I think that is because of a MDM work restriction that blocks establishing untrusted TLS connections. That prevents me from accessing any web site in Safari with an invalid SSL certificat, but seems to also prevent using password managers on insecure sites. Exporting the certificate doesn’t work as I can’t import it in iOS.

At this point I simply gave up.
 
I don’t care really, but for some reason if I try to log into my router on my iPad or iPhone, the password autofill doesn’t show up (hasn’t since upgrading to iOS 17). I think that is because of a MDM work restriction that blocks establishing untrusted TLS connections. That prevents me from accessing any web site in Safari with an invalid SSL certificat, but seems to also prevent using password managers on insecure sites. Exporting the certificate doesn’t work as I can’t import it in iOS.

At this point I simply gave up.
Got it. I don't run any apple stuff, that sounds like a nuisance. Makes perfect sense that you want to solve the issue :)
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top