Posted: Thu Dec 06, 2018 20:27 Post subject: https
Is there anyway to do a secure login to my FW. When I had my Asus router set up I could do this with pixelserv and a script that someone else had created, for the less tech savy like me. I know I don't really need this, but I would like to be able to.
Posted: Thu Dec 06, 2018 20:39 Post subject: Re: https
bc64 wrote:
Is there anyway to do a secure login to my FW. When I had my Asus router set up I could do this with pixelserv and a script that someone else had created, for the less tech savy like me. I know I don't really need this, but I would like to be able to.
LAN:
On Administration tab > Web access section > check 'HTTPS'
Posted: Thu Dec 06, 2018 20:50 Post subject: Re: https
d00zah wrote:
bc64 wrote:
Is there anyway to do a secure login to my FW. When I had my Asus router set up I could do this with pixelserv and a script that someone else had created, for the less tech savy like me. I know I don't really need this, but I would like to be able to.
LAN:
On Administration tab > Web access section > check 'HTTPS'
Posted: Thu Dec 06, 2018 21:28 Post subject: Re: https
d00zah wrote:
bc64 wrote:
I did this. While it let me login, it has a not secure in the address bar. I appreciate your reply.
LAN, or WAN? Did you uncheck 'HTTP', or use 'https://[routerIP]' as the URL?
Can't test right now...
Under Administration Web Access I unchecked http and checked https. I use https://[routerIP] as URL. It still says Not secure when I log in. There should be a padlock on the left side of the address bar?
Posted: Thu Dec 06, 2018 21:42 Post subject: Re: https
bc64 wrote:
Under Administration Web Access I unchecked http and checked https. I use https://[routerIP] as URL. It still says Not secure when I log in. There should be a padlock on the left side of the address bar?
Does the browser offer any explanation of what it's unhappy with? Firefox offers additional info when I left-click on the icon(s) to the left of the URL (padlock if secure). Might not like the cert?
Will look once I can interrupt my connection with a config change. _________________ NetGear XR500 - FW Version: DD-WRT v3.0-r55819 std (04/17/24)
Linux 6.1.86 #130 SMP Wed Apr 17 05:48:30 +07 2024 armv7l
Updated from: DD-WRT v3.0-55779 std (04/12/24) via GUI (FF), NO reset
Gateway: SmartDNS, DDNS (FreeDNS), IPv4 DHCP, Static leases, SFE Disabled, QoS Disabled
AP: 2.4GHz NG-Mixed 40MHz, 5GHz AC/N-Mixed 80MHz, WPA2 w/ AES, MAC filtering, Isolated Guest VAP on wlan1, Vanilla FW
Services: USB Storage, NAS, Samba
Storage: Samsung Portable SSD T7 Shield USB 3.2 2TB, /jffs, /opt, /data (ext4)
Posted: Thu Dec 06, 2018 22:24 Post subject: Re: https
d00zah wrote:
bc64 wrote:
Under Administration Web Access I unchecked http and checked https. I use https://[routerIP] as URL. It still says Not secure when I log in. There should be a padlock on the left side of the address bar?
Does the browser offer any explanation of what it's unhappy with? Firefox offers additional info when I left-click on the icon(s) to the left of the URL (padlock if secure). Might not like the cert?
Will look once I can interrupt my connection with a config change.
You know, I rebooted my router and then I couldn't login at all. I had to reset and restore a backup I had just done earlier in the day.
Posted: Thu Dec 06, 2018 23:13 Post subject: Re: https
bc64 wrote:
You know, I rebooted my router and then I couldn't login at all. I had to reset and restore a backup I had just done earlier in the day.
Hmmm... haven't been following current issues closely... just passing through for an update... but I vaguely recall an issue w/ the httpsd crashing. Appears it might still be unresolved?
I know you noted it at the start, but https REALLY is overkill for LAN access.
At least you had the backup & knew to use it. Good luck. _________________ NetGear XR500 - FW Version: DD-WRT v3.0-r55819 std (04/17/24)
Linux 6.1.86 #130 SMP Wed Apr 17 05:48:30 +07 2024 armv7l
Updated from: DD-WRT v3.0-55779 std (04/12/24) via GUI (FF), NO reset
Gateway: SmartDNS, DDNS (FreeDNS), IPv4 DHCP, Static leases, SFE Disabled, QoS Disabled
AP: 2.4GHz NG-Mixed 40MHz, 5GHz AC/N-Mixed 80MHz, WPA2 w/ AES, MAC filtering, Isolated Guest VAP on wlan1, Vanilla FW
Services: USB Storage, NAS, Samba
Storage: Samsung Portable SSD T7 Shield USB 3.2 2TB, /jffs, /opt, /data (ext4)
Last edited by d00zah on Fri Dec 07, 2018 1:02; edited 1 time in total
Posted: Thu Dec 06, 2018 23:28 Post subject: Re: https
d00zah wrote:
bc64 wrote:
You know, I rebooted my router and then I couldn't login at all. I had to reset and restore a backup I had just done earlier in the day.
Hmmm... haven't been following current issues closely... just passing through for an update... but I vaguely recall an issue w/ the httpd crashing. Appears it might still be unresolved?
I know you noted it at the start, but https REALLY is overkill for LAN access.
At least you had the backup & knew to use it. Good luck.
Yes, thanks for your help. I guess I'll just leave it the way it is.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Dec 07, 2018 10:15 Post subject:
there is a Kong build for R9000 you should try it..
it suppose to be the better one http://www.desipro.de/ddwrt/K4-AC-ALPINE/ _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Yes, I installed the latest Kong build and it's running great. Don't think I'm going to try to do a secure connection into my FW though. I really don't need it.
Posted: Fri Dec 07, 2018 20:52 Post subject: SSL Certificate
More than most likely you just need to generate a valid SSL certificate that the router can use. DD-WRT uses a self-signed certificate that would show up in most browsers as insecure. If you want a free SSL certificate looking into Let's Encrypt. You can even get one generated online here: https://gethttpsforfree.com/
You may need a working linux environment in order to generate the CSR though. I usually do it an Ubuntu VM. You may be able to do it on the router itself but it would be faster on something else. _________________ Before asking a question on the forums, update dd-wrt: Where do I download firmware? I suggest reading it all.
QCA Best WiFi Settings
Some dd-wrt wiki pages are up to date, others are not. PM me if you find an old one.
Atheros:
Netgear R7800 x3 - WDS AP / station, gateway, QoS
TP-Link Archer C7 v2 x2 - WDS Station
TP-Link TL-WDR3600 v1 - WDS Station
TP-Link 841nd v8 - NU
D-Link 615 C1/E3/I1 x 7 - 1 WDS station
D-Link 825 B1 - NU
D-Link 862L A1 x2 - WDS Station
Netgear WNDR3700v2 - NU
UBNT loco M2 x2 - airOS
Broadcom
Linksys EA6400 - Gateway, QoS
Asus N66U - AP
Netgear WNDR3700v3 - not used
MediaTek
UBNT EdgeRouter X - switch
Posted: Fri Dec 07, 2018 21:22 Post subject: Re: SSL Certificate
ian5142 wrote:
More than most likely you just need to generate a valid SSL certificate that the router can use. DD-WRT uses a self-signed certificate that would show up in most browsers as insecure. If you want a free SSL certificate looking into Let's Encrypt. You can even get one generated online here: https://gethttpsforfree.com/
You may need a working linux environment in order to generate the CSR though. I usually do it an Ubuntu VM. You may be able to do it on the router itself but it would be faster on something else.
I appreciate your reply. The thing is, I'm not that tech savy. I run Windows 10 and that's about as savy as I get. While I would like to be able to get a secure connection into my router, I know I don't really need it. It was just something nice to have. Thanks again for your reply.