What's new

RT-AC66U B1 gui access only on wan with https

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

biros

New Around Here
Hi everyone,
Last night, after 2 years i enabled the free letsencrypt cert feature with the wan access via https which works with the asuscomm ddns service flawlessly.
I might misunderstand this feature and i don't speak fluent internet either, but by doing this, my internal devices which are forwarded shouldn't be accessible by the same https path too (different portnumber)?
Like: https://user.asuscomm.com:router_gui_port <- this works, but this: https://user.asuscomm.com:forwarded_device_port doesn't (it works on http and not just one device so i assume there is no problem with port forwarding).
Is asus limiting this feature to services provided by them only? If yes ok, if not, what am i doing wrong?
New user here, sorry if it's duplicate, i did a search and haven't found anything relevant (google or here).
Thank you!
 
Last edited:
It works, you have to forward the ports. Don't enable Web Access from WAN though, it's not secure. Use OpenVPN Server instead.
 
Ok, then what could be the problem? I get "ERR_SSL_PROTOCOL_ERROR" for every forwarded device but the webgui (every forwarded device works via http). I will disable the gui access via wan after i cracked this issue.
 
It is difficult to understand the problem you are describing.

What ports or services you trying to connect to on your LAN? If you are trying to use https then the device you are connecting to must be running an https server, not just an http server.
 
Additionally, the router's letsencrypt certificate is only applicable to accessing the router itself. If you want to connect to https servers on your LAN they will require their own certificates.
 
Last edited:
Ok, the i don't speak fluent internet part lies here. But i understood and thank you for that. So the https "secure" access with a dvc + ddns is for the router webgui only; ex.: https://user.asuscomm.com:webguiport (and it's not recommended to leave it accessible, then i wonder why the dvc lol?).
If i have, let's say a node-red server behind the router with a ui dashboard (or anything with with an gui) and i forward its port of the internal ip to a random port of the external ip; ex.: https://user.asuscomm.com:random port of ext ip <--- the dvc will not "cover" this ...
I use the inbuilt openvpn server and works great, i just wanted to simplify the access to the uis behind the router.
 
Actually you can export the Letsencrypt certs and use them on a server on your LAN. Keep in mind that the certs expire after a number of days.
 
pretty neat idea, is it possible to automate the export?
Automate? Yes but more of a pain than it is worth. You would be better off to set up LetsEncrypt on your servers and automate it there.
 
You should be able to. Use scp to copy the certificate and keys to your local machines.
thanks for the tip, i can access /jffs/.le/ but "dir" returns this: "-sh: dir: not found", is there a different command to list the contents of a folder in asuswrt? (stock).
 
Automate? Yes but more of a pain than it is worth. You would be better off to set up LetsEncrypt on your servers and automate it there.
i was thinking to copy it via nodered from /jffs/.le/ to my nas and i could pick it up from there. But yeah, you're right, your suggestion is more pro and more elegant. thx
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top