Menu
What's new
By:
Filters Better Search

Understanding router access via computer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

jimmyb2

New Around Here
My knowledge of networking is extremely limited thus I need some help to understand what is happening when I use my computer to access my Asus GT-AXE16000 router which is on the 388.2.2.rog version of Asuswrt-Merlin.

I was under the impression that when I open a browser (using Brave browser), type 192.168.50.1 into the address bar, and press "Enter" it would go directly to the router and open the router login screen without going out on the internet.

When I do that the browser shows the login screen to my router. However, in the address bar it now shows "Not secure | http://www.asusrouter.com/Main_Login.asp". Then when I enter my username and password the browser opens up to the router "Dashboard" screen. So I am now logged into the router, but the browser address bar now shows "Not secure | http://www.asusrouter.com/GameDashboard.asp". The information in the address bar looks to me that it is going out on the internet for some reason in order to access the router.

My question: Is my computer going out to the Asus website or anywhere else on the internet before accessing the router, or is it accessing anything on the internet in order to access my router?

If it is, in fact, going out on the internet is there anyway to stop this and directly access the router only?
 
Yes, the router GUI is not secure, as stated by your browser.

To test if it needs to 'go to the internet', to access your router, simply unplug the WAN. (It doesn't).
 
jimmyb2 said:
My question: Is my computer going out to the Asus website or anywhere else on the internet before accessing the router, or is it accessing anything on the internet in order to access my router?
Click to expand...
No it is not going out to the internet. When you log into the GUI using its IP address it translates that to www.asusrouter.com which is a local name defined on the router itself.

Your browser is giving you the "Not secure" warning because you are connecting to the router using HTTP rather than HTTPS.
 
when you get there, you'll be able to use Let's Encrypt to generate an SSL cert for your router and make that issue go away
 
jimmyb2 said:
Thank you. I was worried about that. Much relieved now.
Click to expand...

Others have already covered most of it but for your own understanding, most browsers nowadays warn you when you are on an http site instead of https. Some browsers are more aggressive about it. This in and of itself is not a security risk per se - just warning you not to put in sensitive information on that site.

You can even set many browsers to automatically replace http with https. However the asus by default is only listening on http, so that's why you're getting that warning.

Hardwired to the router there is near 0 chance anyone could snoop your login/password, but as @heysoundude mentioned, you can generate your own free SSL certificate and enable (even force) HTTPS in the router itself. In fact, even if you don't generate a certificate, it will work, but your browser will show you a different (and more dire) warning. In that case, you actually ARE very secure, it is just warning you that the default certificate on the Asus is not trusted and thus is a risk of being a malicious site (but it isn't in this case). This happens with lots of gear as they aren't going to pay for an annual trusted cert for every device they sell, they're just going to use a "self signed" one which is just as secure, but results in that warning (since anyone can generate a self signed cert, they are often used for malicious purposes).

To totally eliminate the warning, generate the letsencrypt certificate then turn on HTTPS and disable HTTP in the settings (or you can leave both enabled but use https). But not really anything to worry about, I use http to mine, I'm not using a password I use for anything else and even if I was, the chances that anyone in my neighborhood are skilled and bored enough to be using a man in the middle + KRACK attack to break my WPA2 are extremely low (and I'd notice the MITM, since I'm not the type to go hey, that's weird, I'm connected to a lower strength wifi signal and it has no internet access, but then it went full strength and my access was back, guess all is well).

Basically, you're already more secure than the phone app was, not really anything to worry about, even over wifi (as long as your wifi is decently secured). But certainly can't hurt to get https set up if you want to. If you now or ever use DDNS that same certificate can be used to secure your DDNS updates too.
 
drinkingbird said:
Others have already covered most of it but for your own understanding, most browsers nowadays warn you when you are on an http site instead of https. Some browsers are more aggressive about it. This in and of itself is not a security risk per se - just warning you not to put in sensitive information on that site.

You can even set many browsers to automatically replace http with https. However the asus by default is only listening on http, so that's why you're getting that warning.

Hardwired to the router there is near 0 chance anyone could snoop your login/password, but as @heysoundude mentioned, you can generate your own free SSL certificate and enable (even force) HTTPS in the router itself. In fact, even if you don't generate a certificate, it will work, but your browser will show you a different (and more dire) warning. In that case, you actually ARE very secure, it is just warning you that the default certificate on the Asus is not trusted and thus is a risk of being a malicious site (but it isn't in this case). This happens with lots of gear as they aren't going to pay for an annual trusted cert for every device they sell, they're just going to use a "self signed" one which is just as secure, but results in that warning (since anyone can generate a self signed cert, they are often used for malicious purposes).

To totally eliminate the warning, generate the letsencrypt certificate then turn on HTTPS and disable HTTP in the settings (or you can leave both enabled but use https). But not really anything to worry about, I use http to mine, I'm not using a password I use for anything else and even if I was, the chances that anyone in my neighborhood are skilled and bored enough to be using a man in the middle + KRACK attack to break my WPA2 are extremely low (and I'd notice the MITM, since I'm not the type to go hey, that's weird, I'm connected to a lower strength wifi signal and it has no internet access, but then it went full strength and my access was back, guess all is well).

Basically, you're already more secure than the phone app was, not really anything to worry about, even over wifi (as long as your wifi is decently secured). But certainly can't hurt to get https set up if you want to. If you now or ever use DDNS that same certificate can be used to secure your DDNS updates too.
Click to expand...
Thank you. I greatly appreciate the detailed explanation. I am using ethernet cable from computer to router. I had tried to use https by typing it out in the address bar, but as you intimated the router would not answer. However, I do intend to attempt setting up https per your and other's suggestions.
 
ColinTaylor said:
You don't have to use Let's Encrypt to generate a certificate. There's an option in the GUI to export a local certificate that you can use. This is what I do.

Click to expand...

True. I think you can even go into the warning and "trust" the root CA of the certificate but that may depend on browser. I used to do it when I ran some of my own stuff, but haven't bothered since then. This wouldn't work for DDNS but sounds like the OP isn't using that anyway. My DDNS is just using HTTP and I use their unique key instead of my password. Don't think anyone is going to bother updating my DDNS IP for a MITM attack now that my home domain is just for my own remote access use.
 
You must log in or register to reply here.

Similar threads

M
Router is suddenly no more accessible.
Replies
1
Views
479
Mariano
M
N
OpenVPN - Local Access on a DDNS to forwarded ports.
Replies
1
Views
363
octopus
octopus
R
Glitch with changing WAN DNS settings on first login
Replies
0
Views
374
Rocketboy235
R
fenguix
Wireguard server: can't connect SMB volumes
Replies
6
Views
638
DJones
D
K
Your isp dhcp is not functioning properly
Replies
5
Views
850
KillerQueen
K
Similar threads
Thread starter Title Forum Replies Date
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
P Asus aimesh node disconnects frequently, corresponding log entries recorded. Need help understanding the log. Asuswrt-Merlin 5
A Tailscale and Asus Merlin Router Asuswrt-Merlin 16
A Duckdns on Asus merlin router Asuswrt-Merlin 1
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
H Astrill router applet problem. Asuswrt-Merlin 0
sthornington Latest (Oct 2024) "best" recommended router for Merlin? Asuswrt-Merlin 19
E Wireguard can't access devices behind asus router Asuswrt-Merlin 5
H Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself) Asuswrt-Merlin 12
R Recommendation for use as a wired router Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 732 (members: 19, guests: 713)
Top