Risk level remotely connecting to router webui over http?

[Axxel6307]

Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

 

[ColinTaylor]

...open my asus webui app to connect to my router to turn it off remotely.

Turn what off? Remote access? The router (there's no option to do that)?

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...

 

[Axxel6307]

Turn what off? Remote access? The router (there's no option to do that)?

Yes. But the much bigger problem is that Asus' HTTP web server is easily hackable and if it's normally open to the WAN it's just a matter of time (whether you're away from home or not)...

No, i mean shut my router off remotely using the webui.

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?

 

[ColinTaylor]

No, i mean shut my router off remotely using the webui.

I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

So if its too risky leaving wan access enabled whether over https or http, is there a workaround way to connect to my router remotely?

Yes, use the OpenVPN server on the router and connect to that.

 

[Axxel6307]

I'm still not sure what you mean by "shut my router off". Do you mean physically power off the router? - There's no option for that. Or do you mean "disable the remote access features"?

Yes, use the OpenVPN server on the router and connect to that.

I'm sorry you are right. I meant reboot my router. I just said shutoff for simplicity since It's another can of worms why I need to reboot it remotely lol.
Anyway, thanks for the info bud.

 

[RMerlin]

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

The vast majority of home routers have very poorly written web servers, which are constantly the target of attacks. Don't expose your router's webui to the Internet, you are highly likely to have it compromised. Asus for instance fixes new web-related issues every few months, and Netgear recently recommended to their users not to expose their router's WAN to the Internet as a protection against the VPNFilter malware.

Use a VPN tunnel.

 

[DonnyJohnny]

Once in awhile away from home i need to open my asus webui app to connect to my router to turn router off remotely when i don't want my wifi running.

I'm in and out in just a few seconds. But it's done over http. Can my routers webui/admin password be seen during this brief connection and give someone a backdoor to my network?

I suggest you reflash, reinitialise (factory default) if you have been leaving your router open to WAN via the asus app for some time.
Don’t use Asus app at all and NEVER open Wan access or ssh. Use OpenVPN server access via openvpn connect (iOS/android).
Good luck if you choose to leave it open.

 

[XIII]

Why is OpenVPN safer than SSH via keys only (i.e., no password)?

 

[RMerlin]

Why is OpenVPN safer than SSH via keys only (i.e., no password)?

The openvpn code was recently audited. I don't think dropbear code ever was.

The increased security lies in the underlying code, not in the authentication mechanism itself.

 

[XIII]

Thanks.

Maybe I should indeed disable SSH over WAN and use it over OpenVPN instead.

 

[Xentrk]

Thanks.

Maybe I should indeed disable SSH over WAN and use it over OpenVPN instead.

Enable SSH from the lan, then connect to the router using OpenVPN. You can then connect vis SSH.

See https://x3mtek.com/openvpn-server-setup-instructions-for-asuswrt-merlin/

 

[sfx2000]

The openvpn code was recently audited. I don't think dropbear code ever was.

I'll have to thank @Xentrk for popping this thread up...

Dropbear, while not having gone thru the openvpn audit, is fairly secure - use certs, and it's very secure...

 

[modisx5]

Enable SSH from the lan, then connect to the router using OpenVPN. You can then connect vis SSH.

See https://x3mtek.com/openvpn-server-setup-instructions-for-asuswrt-merlin/

Link is broken... please post again.

 

[Tech9]

Link is broken... please post again.

The member you quoted does not visit SNB Forums anymore and you replied to a thread >6 years old.

If you need OpenVPN access back to your home network just set OpenVPN server on your router, export the *.ovpn configuration file and import it on the client device you'll be using to access your network. You may need to install OpenVPN Connect application on this device, available for multiple platforms. If you have Dynamic WAN IP address you have to use DDNS service. Use search for more details, the matter was discussed multiple times.