What's new

IFTTT - how much do you care about security?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hmm, i thought only the BRT-AC828 had support for that ...
Is that on OEM firmware, and you know which models support that feature ?

RT-AC88U, RT-AC3100, RT-AC5300, RT-AC86U, GT-AC5300 and RT-AX88U currently offers it on the stock firmware.
 
It's the market asking for features without understanding their security implications. Asus simply provides their customers what they are asking for, I can't blame them for it...

On the other end of the spectrum, the new IPSec server support seems to be pretty easy to setup. Did a quick test of it last night using my Android smartphone as the client, was effortless to setup. That might be a solid replacement to PPTP for people not willing to deal with OpenVPN (even tho OpenVPN is nowhere as hard to setup as people might think - just export the .ovpn file, and import it on your client and you're about done.)

If customers asked Ford to provide them with cars that had no brakes, and Ford did that, I'd blame Ford for it. It's fine to work towards customers wants and expectations, but not at the price of rendering them susceptible to a damaging breach.
 
If customers asked Ford to provide them with cars that had no brakes, and Ford did that, I'd blame Ford for it. It's fine to work towards customers wants and expectations, but not at the price of rendering them susceptible to a damaging breach.
Enabling IFTTT is a conscious decision by the user. Your analogy doesn't fit that at all.

Sent from my P027 using Tapatalk
 
You're right. I get excited sometimes. Thanks.
 
Either way, getting back to ifttt...

I’m looking forward to ifttt and support for Alexa.

I’m not so concerned on sercurity as some of you. Besides even if someone did get into my home network, what are they going to get from me?

I’m just a simple man.
The primary function of your router is to secure your network from the outside world. Secondary function is acting as a bridge for your wireless devices. Everything else is to add value to the primary and secondary functions. If you compromise #1, you might as well get a handful of public IP's from your ISP, a small switch and forget the router.
 
RT-AC88U, RT-AC3100, RT-AC5300, RT-AC86U, GT-AC5300 and RT-AX88U currently offers it on the stock firmware.

Thank you, very helpful to know, do you know the approx. performance of L2TP/IPSEC on an AC86U ?

PS: It's strange nobody mentioned that the AC86U supports the L2TP server when I asked under 'Buying Advice', titled 'Wireless Router with L2TP Server?' :)

I guess this server was added since Nov 2017 as I've run across a post from you saying that no Asus routers supported L2TP server at that time.
 
Last edited:
Thank you, very helpful to know, do you know the approx. performance of L2TP/IPSEC on an AC86U ?

Performance results for IPSEC while I was debugging it a few months ago:

Code:
Downstream (bcmspu):

P:\Tools>iperf -c 192.168.1.51 -M 1400 -N -t 30
------------------------------------------------------------
Client connecting to 192.168.1.51, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[296] local 10.10.10.1 port 8334 connected with 192.168.1.51 port 5001
[ ID] Interval       Transfer     Bandwidth
[296]  0.0-30.0 sec  1.08 GBytes    309 Mbits/sec


Upstream (bcmspu):
C:\Users\Eric\Documents>iperf -c 10.10.10.1 -M 1400 -N -t 30
------------------------------------------------------------
Client connecting to 10.10.10.1, TCP port 5001
TCP window size: 64.0 KByte (default)
------------------------------------------------------------
[296] local 192.168.1.51 port 2644 connected with 10.10.10.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[296]  0.0-30.0 sec    886 MBytes    248 Mbits/sec

L2TP and IPSEC are not the same thing. L2TP is just a straight tunnel, and does not include encryption. Asus only support L2TP as a client. "Real" IPSEC is what I'm referring to here, and is supported as a server for the listed models. There's no client support at this time.
 
L2TP and IPSEC are not the same thing. L2TP is just a straight tunnel, and does not include encryption. Asus only support L2TP as a client. "Real" IPSEC is what I'm referring to here, and is supported as a server for the listed models. There's no client support at this time.

Looks like it can push some nice speeds!

I just checked the demo interface (http://demoui.asus.com/Advanced_VPN_PPTP.asp)
and like you said IPSEC is there so clients like IOS can access without 3rd party programs,
but unfortunately because there's no support for L2TP, windows will not work out of the box.

I got my hopes up for a second there :)

Thanks!
 
It's an easy way to make Windows IPSEC VPN compatible, too bad it's not enabled out of box, like IOS and MacOS :)

I agree that "proper" built-in IPSEC would make a lot of sense in 2018, now that PPTP (what most people previously used) is deprecated. Microsoft should spend less time with useless gimmicks that nobody will use (like Sets) and more time on actually useful features like support for a pretty common VPN standard.
 
I agree that "proper" built-in IPSEC would make a lot of sense in 2018, now that PPTP (what most people previously used) is deprecated. Microsoft should spend less time with useless gimmicks that nobody will use (like Sets) and more time on actually useful features like support for a pretty common VPN standard.
They are working on really helpful features, like deleting you personal folders (1809-update) to free your mind as well as HDD/SSD. :p
 
I don't think they've added anything useful as far as networking goes into Windows lately,
in fact it's way less user friendly than Windows 7 because you have Settings + Control Panel,
you can't even remove and re-add most networking items properly, unlike on Windows 7 :)
 
So, I've had my first quick glance at Asus's IFTTT new feature... If I read this correctly, it requires you to open your router's webui to the WAN. Uh, no thanks.

If that's really the case (and not just a bad translation from the original Chinese strings), then I'll have to strongly recommend to everyone NOT to enable that feature.

I'll have to think to decide what I want to do about this... I was against the addition of this feature from the start, and with that requirement I am even more against it.

WRT AsusWRT - only if one wants to control the AsusWRT device via IFFTT - which there I would agree, bit of a risk with doing remote things with the gateway/firewall of one's LAN.

IFTTT in general - it can be secure, but it's always going to be a challenge with privacy and security, esp if one is using third party recipes on their platform.

My personal recommendation is to avoid using IFTTT at present. Just too many potential risks there.

Good write up here...

https://www.ftc.gov/system/files/documents/public_comments/2017/11/00026-141804.pdf
 
Well,

IFTTT is still not working on Merlin so since its unsupported and Merlin will never fix it to work with his firmware then there is no security risk at all.
 
If IFTT can only be turned on by the admin and isn't a gaping hole when off, I'm not concerned. I won't use any of those features or allow a (any brand name) functional spying devices onto my property, let alone let it on my network.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top