What's new

How safe it is to open admin access from WAN ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I used to turn on the web from the wan to use ddns and setup in pingdom to check the internet availability :oops:
 
VPN server - Open VPN page has three links like:
  1. Windows
  2. Mac OS
  3. iPhone/iPad
  4. Android
, but none of them works. Do they lead to instructions how to setup VPN? How to set VPN on Android?

Thanks!

It's a double bug. First bug is in the new FAQ handler that doesn't work when accessing the router from anything other than router.asus.com (fixed locally), and also Asus is pointing the OpenVPN page links at the IPSEC FAQs - they haven't migrated the original OpenVPN FAQs to their new support site. The only FAQ left is the one just telling you how to download and install the OpenVPN client (https://www.asus.com/support/FAQ/1004469/).

Just look on these forums,there are dozens of posts about OpenVPN.
 
VPN server - Open VPN page has three links like:
  1. Windows
  2. Mac OS
  3. iPhone/iPad
  4. Android
, but none of them works. Do they lead to instructions how to setup VPN? How to set VPN on Android?

Thanks!
Those are general instructions. If you openvpn tab selected there is an underlined link you can clock in to download the .ovpn config file to use on the remote client.

Sent from my SAMSUNG-SM-T677A using Tapatalk
 
The best way after known security breach is format jffs and reflash with factory setting reset.
Is it possible to use the GUI? Format JFFS partition after reboot, then reboot, reflash the firmware, then restore factory default? I'm going to assume not to restore settings and just setup from scratch?
 
Is it possible to use the GUI? Format JFFS partition after reboot, then reboot, reflash the firmware, then restore factory default? I'm going to assume not to restore settings and just setup from scratch?
Best way!!
 
Just look on these forums,there are dozens of posts about OpenVPN.
HHHHHUURRRRRRRRRAAAAAAAAAHHHHHHHHHHH!!!
I mean, I made it working. That means, VPN on Android cellphone is working now and I am able to login to router.

Now there are more questions for you, Merlin:

1) I can set up to 32 user names and passwords on "VPN Server" page - what are they for? I just created a profile on a client by importing .ovpn file and I am able to VPN to the router without entering any credentials. Username is just "client" on "VPN Status" page.
2) Is there a way to log in router with restricted rights? Another login? The user must be able only to turn on/off "Parental Controls" to let kids go to Internet / stop it.
3) Is there a way to start ParentalControl.asp page with a parameters in query part to on/off "Parental Controls"?

And thank you so much for your work!
Vadim
 
HHHHHUURRRRRRRRRAAAAAAAAAHHHHHHHHHHH!!!
I mean, I made it working. That means, VPN on Android cellphone is working now and I am able to login to router.

Now there are more questions for you, Merlin:

1) I can set up to 32 user names and passwords on "VPN Server" page - what are they for? I just created a profile on a client by importing .ovpn file and I am able to VPN to the router without entering any credentials. Username is just "client" on "VPN Status" page.
2) Is there a way to log in router with restricted rights? Another login? The user must be able only to turn on/off "Parental Controls" to let kids go to Internet / stop it.
3) Is there a way to start ParentalControl.asp page with a parameters in query part to on/off "Parental Controls"?

And thank you so much for your work!
Vadim

In your Advanced VPN Server settings you’ll have seen

1. Username/password authentication

2. Username/password authentication only.

My settings are 1. Yes; 2. No.

By setting 2. to No, public key infrastructure (PKI) (key pairs and certificates) is used. And by setting 1. to Yes, not only is the extremely secure PKI used, but usernames and passwords are used as well.

I use separate a username and password for each client device I permit to connect. And so that the router knows whether or not to allow the device to connect (even though it’s presenting the correct PKI credentials) that’s what that list of up to 32 usernames and passwords is for. If the answer to 1. or 2. is Yes, then you must specify the usernames and passwords in the list. And if the answer to 2. is Yes, then you should be aware that your setup is relying only on the security provided by a username and password: no keys and certificates involved. And because it has been made so simple for us to set up PKI - you don’t need to know anything about how it works or what keys and certs do - there is no excuse or reason to answer Yes to Username and password only (unless temporarily troubleshooting connection issues).


Your Qu2. No. Once you are logged into the router via the webui you have full rights.

Your Qu 3.
I don’t know.
 
Last edited:
3) No.
 
I want to know the same, no google results at all, maybe we can run a test using some tools of it?

I accessed WebUI from WAN for a while, but will not do this again . It's a Russian roulette.
Though, I was hacked by a cryptolocker not via UI, but from another attack vector.
**ckin' forwarded ports...Mea Culpa!:D
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top