Joined: 18 Mar 2014 Posts: 3770 Location: Netherlands
Posted: Wed May 15, 2019 13:10 Post subject:
Wow that was a really quick answer. Can you explain it in more detail please? Also, is there anyway to test it? Just go to services -> OpenVPN and set to disable, would that be an accurate test?
Does this change need a router reboot?
Can you make a rule for me to block ALL incoming connections that doesn't go through OpenVPN?
Also, since I already have you here: Why is my DD-WRT setup page accessible through my WAN IP? I want that to only be accessible locally.
To test just disable the OVPN client, do not worry your settings are retained
Reboot is usually not necessary but to be sure reboot
All incoming connections are blocked by default that is what the firewall is for, my rule blocks connections originating from the router (br0) and going out of the WAN (VLAN2).
Your setup page should not be accessible from the WAN by default unless you enable it on Administration/Management/Remote Access
If you are referring to the System information page that is visible by default.
You can disable it on Administration/Management/Web Access, set the Enable Site info to Disabled or enable the password protection.
It is on by default, but you can not log in unless you enabled remote access
We have had discussions with the devs, although it is not a security risk per se, the fact that attackers can see what you are using can give them an attack vector.
So for my internet facing routers it is disabled
Exactly to what I am reffering to, it is a security risk per se just to let the "attackers" know you run DD-WRT and what version.
Otherwise you pretty much answered my questions, although, one thing.
OpenVPN is activated in my router, by settings tab services -> OpenVPN. That's why I was asking for a good way to test out the settings.