I have a problem when accessing the web control panel via HTTPS. It looks like some internal call times out after about 30 seconds. However, the page still loads after that. When I use HTTP everything is working fine and the page load times are very fast.
Anyone else with that problem? Thx!
EDIT: I'm running v3.0-r37945M kongat (12/10/18) but I do have the problem since a couple of months.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Wed Dec 12, 2018 12:20 Post subject:
yep its always like that, https for local access is no
go situation its a very broken and apart of its mean
is a pain to use, if you trust your local clients just
use http instead, otherwise admit its like that always.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
HTTPS has been broken for quite some time. It's just getting increasingly worse. If you use syslog, you would have noticed errors even when it seemingly worked. There's a bunch of weird stuff going on behind the scenes. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
HTTPS has been broken for quite some time. It's just getting increasingly worse. If you use syslog, you would have noticed errors even when it seemingly worked. There's a bunch of weird stuff going on behind the scenes.
As far as I know this is a browser problem, as webif uses a self signed cert for https and some browser have issues with it. Might be an issue since some browsers now consider self signed certs as insecure.
I have been looking into support for letsencrypt, but it is a pain in the ass, as you have to expose a webserver on the wan side while you go through the letsencrypt cert issue process and you have to renew the certs after a certain amount of time. If I find the time for it, I'll try to implement a service for that, but it will only work on builds that come with php and lighttpd. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Wed Dec 12, 2018 18:49 Post subject:
htismaqe wrote:
seombre wrote:
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
HTTPS has been broken for quite some time. It's just getting increasingly worse. If you use syslog, you would have noticed errors even when it seemingly worked. There's a bunch of weird stuff going on behind the scenes.
yep a lot of ssl errors and takes a lot of router CPU power... but this is on BS builds only, on Kong builds its fine and not that buggy to use for GUI..
and yes its more cpu demanding as there is tls handshake and so on... as Kong said it uses self signed certificate that must be added to the browser allow exception and than it works ok... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
The self-signed certificate isn't really an issue if you know how to whitelist them. But even once you get past all that, there's still tons of errors going on underneath the hood.
Go take a look at your syslog and you'll see what I mean... _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
The self-signed certificate isn't really an issue if you know how to whitelist them. But even once you get past all that, there's still tons of errors going on underneath the hood.
Go take a look at your syslog and you'll see what I mean...
I see no error in my syslog, only messages that should be there
Example:
Dec 12 20:46:17 kong daemon.info httpd[30499]: httpd : httpd login attempt from 192.168.1.114 . Sending authorization request.
Dec 12 20:46:17 kong daemon.err httpd[30499]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
Will be seen at first logon, after session is established no more messages. Of course these message will also show up if anything else tries to connect to the webif port.
The self-signed certificate isn't really an issue if you know how to whitelist them. But even once you get past all that, there's still tons of errors going on underneath the hood.
Go take a look at your syslog and you'll see what I mean...
I see no error in my syslog, only messages that should be there
Example:
Dec 12 20:46:17 kong daemon.info httpd[30499]: httpd : httpd login attempt from 192.168.1.114 . Sending authorization request.
Dec 12 20:46:17 kong daemon.err httpd[30499]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
Will be seen at first logon, after session is established no more messages. Of course these message will also show up if anything else tries to connect to the webif port.
I like to be informed if any connections to webif occur, even if they are just probes.
Just to be clear, they're not seen only on first logon, at least not for me. They often happen multiple times per session, especially when I navigate multiple tabs/pages in the GUI.
For me, it's not so much that the errors exist, it's that they're being flagged with syslog severity level 3. My syslog server sends me an SMS for every alert 3 and above. I've had to set it to 2 and above because every time I log into my router, I get a dozen text messages.
It would be really nice to be able to manage my router via the GUI and not have my phone blow up all the time. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Dec 12, 2018 21:09 Post subject:
<Kong> wrote:
htismaqe wrote:
seombre wrote:
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
HTTPS has been broken for quite some time. It's just getting increasingly worse. If you use syslog, you would have noticed errors even when it seemingly worked. There's a bunch of weird stuff going on behind the scenes.
As far as I know this is a browser problem, as webif uses a self signed cert for https and some browser have issues with it. Might be an issue since some browsers now consider self signed certs as insecure.
I have been looking into support for letsencrypt, but it is a pain in the ass, as you have to expose a webserver on the wan side while you go through the letsencrypt cert issue process and you have to renew the certs after a certain amount of time. If I find the time for it, I'll try to implement a service for that, but it will only work on builds that come with php and lighttpd.
safari on latest ios
latest firefox on windows
latest edge on windows
latest chrome on windows
all "trigger" the https syslog spam on every router i touch with https on, it wasnt always like this either iirc, after some httpd changes it started from no where..
remote management over https is also as slow as dial up.. stock firmwares over https remote management is as fast as http. so slow i have to vpn then use http over that to get a mix of security and usable speed.
my free syslog host recently went from a tiny 100mb a month to a nearly unusable 50mb a month.. https spam isnt helping. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Well the thing is, it wasn't always like that. A couple of months ago (I don't know exactly when, sorry. But definitly this year.) that worked like a charm and without any problems.
HTTPS has been broken for quite some time. It's just getting increasingly worse. If you use syslog, you would have noticed errors even when it seemingly worked. There's a bunch of weird stuff going on behind the scenes.
As far as I know this is a browser problem, as webif uses a self signed cert for https and some browser have issues with it. Might be an issue since some browsers now consider self signed certs as insecure.
I have been looking into support for letsencrypt, but it is a pain in the ass, as you have to expose a webserver on the wan side while you go through the letsencrypt cert issue process and you have to renew the certs after a certain amount of time. If I find the time for it, I'll try to implement a service for that, but it will only work on builds that come with php and lighttpd.
safari on latest ios
latest firefox on windows
latest edge on windows
latest chrome on windows
all "trigger" the https syslog spam on every router i touch with https on, it wasnt always like this either iirc, after some httpd changes it started from no where..
remote management over https is also as slow as dial up.. stock firmwares over https remote management is as fast as http. so slow i have to vpn then use http over that to get a mix of security and usable speed.
my free syslog host recently went from a tiny 100mb a month to a nearly unusable 50mb a month.. https spam isnt helping.
I just ran a test using https on windows, on a 37900 build I see these:
daemon.err httpd[1679]: Request Error Code 408: No request appeared within a reasonable time period
but that is already fixed in 37908, no other error message and I can click around like crazy. I just tried wan https on a 37900 broadcom build I see no slowdown at least not with chrome under linux. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
I just logged into my router via regular http (not secure https), which creates this entry in the syslog.
Code:
Dec 12 16:27:57 ROUTER daemon.info httpd[1293]: httpd : httpd login attempt from x.x.x.h. Sending authorization request.
Dec 12 16:27:57 ROUTER daemon.err httpd[1293]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
I then navigated from the Status tab to the Administration tab and then back to the Status tab, creating another entry in the syslog.
Code:
Dec 12 16:28:22 ROUTER daemon.info httpd[1293]: httpd : httpd login attempt from x.x.x.h. Sending authorization request.
Dec 12 16:28:22 ROUTER daemon.err httpd[1293]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
The 2nd line item in each of those entries is captured as syslog Severity 3 - Error.
I am running r37900 (12/02/2018) and using Safari on macOS Mojave. This problem has existed since I started using DD-WRT on the R7800. The first release I used was kongat r36375. _________________ Routing:.......Asus RT-AX88U (Asuswrt-Merlin 384.14) Switching:....Netgear GS608_V3 & GS605_V4, TrendNet TEG-S82G & TEG-S50G
Last edited by htismaqe on Wed Dec 12, 2018 22:34; edited 1 time in total
It's logging successful logins as errors. Which isn't exactly desirable.
HTTP is stateless, thus we have to log on a request, not after: As someone can just stop communication then httpd does no further processing which then would trigger no message at all. This way probes can be seen in logs, not just failed logins. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
I just logged into my router via regular http (not secure https), which creates this entry in the syslog.
Code:
Dec 12 16:27:57 ROUTER daemon.info httpd[1293]: httpd : httpd login attempt from x.x.x.h. Sending authorization request.
Dec 12 16:27:57 ROUTER daemon.err httpd[1293]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
I then navigated from the Status tab to the Administration tab and then back to the Status tab, creating another entry in the syslog.
Code:
Dec 12 16:28:22 ROUTER daemon.info httpd[1293]: httpd : httpd login attempt from x.x.x.h. Sending authorization request.
Dec 12 16:28:22 ROUTER daemon.err httpd[1293]: Request Error Code 401: Authorization required. please note that the default username is "root" in all newer releases
The 2nd line item in each of those entries is captured as syslog Severity 3 - Error.
I can't reproduce this on my units with my builds I can't speak for BS builds, his might behave differently as he has multithreading enabled for his webif. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
