Menu
What's new
By:
Filters Better Search

How safe it is to open admin access from WAN ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I used to turn on the web from the wan to use ddns and setup in pingdom to check the internet availability :oops:
 
VadimPanov said:
VPN server - Open VPN page has three links like:
  1. Windows
  2. Mac OS
  3. iPhone/iPad
  4. Android
, but none of them works. Do they lead to instructions how to setup VPN? How to set VPN on Android?

Thanks!
Click to expand...

It's a double bug. First bug is in the new FAQ handler that doesn't work when accessing the router from anything other than router.asus.com (fixed locally), and also Asus is pointing the OpenVPN page links at the IPSEC FAQs - they haven't migrated the original OpenVPN FAQs to their new support site. The only FAQ left is the one just telling you how to download and install the OpenVPN client (https://www.asus.com/support/FAQ/1004469/).

Just look on these forums,there are dozens of posts about OpenVPN.
 
VadimPanov said:
VPN server - Open VPN page has three links like:
  1. Windows
  2. Mac OS
  3. iPhone/iPad
  4. Android
, but none of them works. Do they lead to instructions how to setup VPN? How to set VPN on Android?

Thanks!
Click to expand...
Those are general instructions. If you openvpn tab selected there is an underlined link you can clock in to download the .ovpn config file to use on the remote client.

Sent from my SAMSUNG-SM-T677A using Tapatalk
 
DonnyJohnny said:
The best way after known security breach is format jffs and reflash with factory setting reset.
Click to expand...
Is it possible to use the GUI? Format JFFS partition after reboot, then reboot, reflash the firmware, then restore factory default? I'm going to assume not to restore settings and just setup from scratch?
 
tck81 said:
Is it possible to use the GUI? Format JFFS partition after reboot, then reboot, reflash the firmware, then restore factory default? I'm going to assume not to restore settings and just setup from scratch?
Click to expand...
Best way!!
 
RMerlin said:
Just look on these forums,there are dozens of posts about OpenVPN.
Click to expand...
HHHHHUURRRRRRRRRAAAAAAAAAHHHHHHHHHHH!!!
I mean, I made it working. That means, VPN on Android cellphone is working now and I am able to login to router.

Now there are more questions for you, Merlin:

1) I can set up to 32 user names and passwords on "VPN Server" page - what are they for? I just created a profile on a client by importing .ovpn file and I am able to VPN to the router without entering any credentials. Username is just "client" on "VPN Status" page.
2) Is there a way to log in router with restricted rights? Another login? The user must be able only to turn on/off "Parental Controls" to let kids go to Internet / stop it.
3) Is there a way to start ParentalControl.asp page with a parameters in query part to on/off "Parental Controls"?

And thank you so much for your work!
Vadim
 
VadimPanov said:
HHHHHUURRRRRRRRRAAAAAAAAAHHHHHHHHHHH!!!
I mean, I made it working. That means, VPN on Android cellphone is working now and I am able to login to router.

Now there are more questions for you, Merlin:

1) I can set up to 32 user names and passwords on "VPN Server" page - what are they for? I just created a profile on a client by importing .ovpn file and I am able to VPN to the router without entering any credentials. Username is just "client" on "VPN Status" page.
2) Is there a way to log in router with restricted rights? Another login? The user must be able only to turn on/off "Parental Controls" to let kids go to Internet / stop it.
3) Is there a way to start ParentalControl.asp page with a parameters in query part to on/off "Parental Controls"?

And thank you so much for your work!
Vadim
Click to expand...

In your Advanced VPN Server settings you’ll have seen

1. Username/password authentication

2. Username/password authentication only.

My settings are 1. Yes; 2. No.

By setting 2. to No, public key infrastructure (PKI) (key pairs and certificates) is used. And by setting 1. to Yes, not only is the extremely secure PKI used, but usernames and passwords are used as well.

I use separate a username and password for each client device I permit to connect. And so that the router knows whether or not to allow the device to connect (even though it’s presenting the correct PKI credentials) that’s what that list of up to 32 usernames and passwords is for. If the answer to 1. or 2. is Yes, then you must specify the usernames and passwords in the list. And if the answer to 2. is Yes, then you should be aware that your setup is relying only on the security provided by a username and password: no keys and certificates involved. And because it has been made so simple for us to set up PKI - you don’t need to know anything about how it works or what keys and certs do - there is no excuse or reason to answer Yes to Username and password only (unless temporarily troubleshooting connection issues).


Your Qu2. No. Once you are logged into the router via the webui you have full rights.

Your Qu 3.
I don’t know.
 
Last edited:
3) No.
 
hotsauce2007 said:
I want to know the same, no google results at all, maybe we can run a test using some tools of it?
Click to expand...

I accessed WebUI from WAN for a while, but will not do this again . It's a Russian roulette.
Though, I was hacked by a cryptolocker not via UI, but from another attack vector.
**ckin' forwarded ports...Mea Culpa!:D
 
You must log in or register to reply here.

Similar threads

N
Asus Router Security Discussion
Replies
8
Views
458
Tech9
Tech9
F
Admin port visible on WAN
Replies
9
Views
767
Viktor Jaep
Viktor Jaep
L
Is it safe to install Gnuton on my TUF3000V2 router?
Replies
2
Views
397
Tech9
Tech9
chetstone
Which user script to use to start a daemon at boot-up?
Replies
3
Views
373
chetstone
chetstone
R
RT-AX86U Pro LAN Port on Guest Network
Replies
9
Views
909
Jherb
J
Similar threads
Thread starter Title Forum Replies Date
L Can an original 2022 Asus Wrt be safe? Asuswrt-Merlin 25
L Is it safe to install Gnuton on my TUF3000V2 router? Asuswrt-Merlin 2
E Is safe to setup "Alert preference"? Asuswrt-Merlin 5
A Open NAT game profiles Asuswrt-Merlin 8
D Nord Open VPN client connected but not secure? Asuswrt-Merlin 1
J Max number of open NAT connections on GT-AXE16000 and GT-BE98 Asuswrt-Merlin 9
R ASUS RT-AX86 Open VPN No LAN Access Asuswrt-Merlin 18
T Open ports on WAN for service running on the router Asuswrt-Merlin 8
S Open ports query on AX88U Asuswrt-Merlin 6
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 879 (members: 18, guests: 861)
Top