Enabled HTTPS for remote management, now can't connect locally?

[roseyhead]

Hey there. I've had a hard time explaining my issue so hopefully this makes sense.

This morning I finished setting up my router and getting it all online. I enabled port forwarding for RDP and went to work. I've then RDP'd into my home PC to continue configuring my router intending to enable remote management (so I can connect to my router directly from work, for example).

I went into the router's settings via my home PC, enabled remote access, turned on HTTPS and a couple of other things and hit Save. Now I can't connect to the router from the local network? Internet is still fine, I'm still connected to the PC from here but trying to access the router's control panel via IP won't connect.

Does that all make sense? I'm happy to clarify where I can. Do I need to point my browser at a specific port? I did see it give me a port number but I basically ignored it since I assumed it wouldn't affect local connectivity.

 

[war59312]

https is very buggy at the moment sadly. It's recommended to NOT use it.

You can easily enough go back to http only, if you can SSH into your router via:

nvram set http_enable=0
service restart_httpd

 

[roseyhead]

Looks like SSH isn't an option, it's refusing my connections. I left it turned off because I assumed I wouldn't need it, lol. Thanks a lot for your suggestion! I guess I'll just have to wait til I get home and do a reset on it.

 

[RMerlin]

HTTPS uses port 8443 by default.

 

[roseyhead]

HTTPS uses port 8443 by default.

I managed to find that by trawling through Github but it still refuses to connect unfortunately.

 

[MichaelCG]

You have RDP port forwarded open to the Internet?

 

[GiveMeAName]

I managed to find that by trawling through Github but it still refuses to connect unfortunately.

guessing something like https://router.asus.com:8443/ doesnt work? tried using a different browser? not trying to be patronising but you ensuring your putting https:// before the ip and :8443 after?

hope you find a fix if the above is no use.

 

[roseyhead]

You have RDP port forwarded open to the Internet?

Is that a really bad idea? I know every open port leaves me vulnerable but I need to get to my home PC a lot from the office and other methods don't play well with my multiple monitors.

guessing something like https://router.asus.com:8443/ doesnt work? tried using a different browser? not trying to be patronising but you ensuring your putting https:// before the ip and :8443 after?

I did try all all of those and couldn't get anywhere. Ended up just waiting til I got home then cleared NVRAM through recovery mode and started over.

 

[RMerlin]

Is that a really bad idea? I know every open port leaves me vulnerable but I need to get to my home PC a lot from the office and other methods don't play well with my multiple monitors.

I recommend using a different port than 3389, to prevent regular port scanners from finding it too easily. Have the WAN port use something like 23389 instead, with the LAN port still being 3389. Then have the RDP client use hostname:23389 when connecting to it.

Most port scanners will only check for well known ports, for speed reasons.

Ideally, you should use OpenVPN (or an SSH tunnel) to secure your RDP session as well as webui access, but using a different port like I suggest should still help securing things a bit.

I strongly advise against opening the webui to the WAN at all. Too many security issues were found over the years in the router's httpd. A VPN or an SSH tunnel would be a much better way to do it.

 

[mikelees2]

I have found in the past that when I tried to do this that Aicloud would make its port 8433 and I could no longer access the router. I would then enter from the lan (Non Secure ) and change the port in AICloud 2.0 to a different port and then change the https port to 8433. Then all worked well.

 

[roseyhead]

Thanks for suggesting I open a different port for RDP, I should've thought of that myself. I've also disabled access to the router from outside the LAN because I guess I don't really need it anymore, my old junk modem/router would lose my WOL settings every now and then but hopefully that won't be an issue anymore!

 

[PolarBear]

You have RDP port forwarded open to the Internet?

Is that a really bad idea?

Reportedly, the health service in Lanarkshire (Scotland) was recently infected with ransomeware. According to the article below, the method of infection was through RDP.

http://www.theregister.co.uk/2017/08/30/lanarkshire_nhs_infection_named_as_bitpaymer_variant/

Although the article is rather sensationally presented, IMHO its conclusion about RDP is still valid - it should always be accessed from outside the local network through a VPN tunnel or other security mechanism.