Menu
What's new
By:
Filters Better Search

[SOLVED] Enabled WAN Access - Locked out of my ASUS rt-ac68u router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

mystiqu

New Around Here
Hi

I have an ASUS RT-AC68U with the latest stable Merlin release, 378.56_2.
When I enabled WAN access (http only, not https) and pressed apply - I instantly was kicked out of the router, and now I cannot access it at all.
I only got the following message:

Settings have been updated. Web page will now refresh.
Changes have been made to the IP address or port number. You will now be disconnected from RT-AC68U.
To access the settings of RT-AC68U, reconnect to the wireless network and use the updated IP address and port number.
Click to expand...

There is no change of any IP-adress at all, only enabled WAN access - nothing else.
Everything is also working just as before.

The router is still listening on port 80 on its LAN IP, but keeps responding with a FIN and a RST package - immediately resetting the connection.
The same for the WAN port.

I have tried the folling adresses :
192.168.1.1 (LAN IP)
my.domain:8080, 8443 (WAN IP/hostname) (no-ip.org ddns service)


I've also tried different asus "aliases" which have worked for some people.
http://asus.router.com
http://asus.router.com:8443 (nothing listening here, but had to try...)
http://www.asusnetwork.net
http://www.asusnetwork.net:8443 (nothing listening here, but had to try...)

It's not a browser cache issue as some people have suggested, which I also confirmed using wireshark where I could see that the router is resetting the connection.

Any ideas anyone (I have of course rebooted the router :) )?

I would really like to avoid a factory reset.


[SOLVED]
The problem was that I thought the IP white list under Administration->Web Interface applied to WAN traffic only. Since I did not add any internal IP addresses I got locked out of the router. The external access did not work due to a problem with my fiber switch that seems to block incoming traffic on the remote UI port o_O


Regards,
Mike
 
Last edited:
mystiqu said:
Hi

I have an ASUS RT-AC68U with the latest stable Merlin release, 378.56_2.
When I enabled WAN access (http only, not https) and pressed apply - I instantly was kicked out of the router, and now I cannot access it at all.
I only got the following message:



There is no change of any IP-adress at all, only enabled WAN access - nothing else.
Everything is also working just as before.

The router is still listening on port 80 on its LAN IP, but keeps responding with a FIN and a RST package - immediately resetting the connection.
The same for the WAN port.

I have tried the folling adresses :
192.168.1.1 (LAN IP)
my.domain:8080, 8443 (WAN IP/hostname) (no-ip.org ddns service)


I've also tried different asus "aliases" which have worked for some people.
http://asus.router.com
http://asus.router.com:8443 (nothing listening here, but had to try...)
http://www.asusnetwork.net
http://www.asusnetwork.net:8443 (nothing listening here, but had to try...)

It's not a browser cache issue as some people have suggested, which I also confirmed using wireshark where I could see that the router is resetting the connection.

Any ideas anyone (I have of course rebooted the router :) )?

I would really like to avoid a factory reset.


Regards,
Mike
Click to expand...






Hi,

I too ran into this few days ago.

Searched the web and found this:
http://www.tomshardware.com/forum/newresponse/2515278

This was what I did:

Power off the router via the button at the back, unplug the power cord from the back of the router.
Waited for about 2 mins to let all the retained power all used up..ie the router is really power off.

Reconnect power cord; press button to power it on.

Wolaaa ... all is back like before...

Hope this help you. Good luck.
 
mystiqu said:
Hi

I have an ASUS RT-AC68U with the latest stable Merlin release, 378.56_2.
When I enabled WAN access (http only, not https) and pressed apply - I instantly was kicked out of the router, and now I cannot access it at all.
I only got the following message:



There is no change of any IP-adress at all, only enabled WAN access - nothing else.
Everything is also working just as before.

The router is still listening on port 80 on its LAN IP, but keeps responding with a FIN and a RST package - immediately resetting the connection.
The same for the WAN port.

I have tried the folling adresses :
192.168.1.1 (LAN IP)
my.domain:8080, 8443 (WAN IP/hostname) (no-ip.org ddns service)


I've also tried different asus "aliases" which have worked for some people.
http://asus.router.com
http://asus.router.com:8443 (nothing listening here, but had to try...)
http://www.asusnetwork.net
http://www.asusnetwork.net:8443 (nothing listening here, but had to try...)

It's not a browser cache issue as some people have suggested, which I also confirmed using wireshark where I could see that the router is resetting the connection.

Any ideas anyone (I have of course rebooted the router :) )?

I would really like to avoid a factory reset.


Regards,
Mike
Click to expand...


I know you said https access was disabled, but did you try 192.168.1.1:8443?

I don't know if you use John's NVRAM Restore tool, or if your glitch would migrate across if you did. And I understand your reluctance to do a manual restoration of settings after a factory reset, but I justify the effort of resetting by wondering if there's one thing that's obviously corrupted, what else might be corrupted that isn't obvious and which might affect security. Not that such glitches happen often.
 
Thanks for all the replies!

Alex Txn:
Power off the router via the button at the back, unplug the power cord from the back of the router.
Waited for about 2 mins to let all the retained power all used up..ie the router is really power off.
Click to expand...
Aah, I was so close - had it turned off for 5 minutes (did not help) but the power cord was still connected.
I'm gonna give it a try in a few days (away for the weekend) and report back the result.

Martinr:
I know you said https access was disabled, but did you try 192.168.1.1:8443?
Click to expand...
Yupp, gave this a try as well.
I've not used John's NVRAM Restore tool - gonna check it out!

And I understand your reluctance to do a manual restoration of settings after a factory reset, but I justify the effort of resetting by wondering if there's one thing that's obviously corrupted, what else might be corrupted that isn't obvious and which might affect security. Not that such glitches happen often.
Click to expand...
A most valid point :)
I'll see if I can at least access it and write down (and/or export) the most important configuration before I do a factory reset, making the restore process less "cumbersome".
 
You're not using Avira are you?
http://www.snbforums.com/threads/ca...splay-correctly-in-browser.27815/#post-213234

And, to eliminate one variable, did you try using another computer/mobile device to access?
Click to expand...


No and Yes.
Both of the above is instantly ruled out since the server (router) is resetting the connection ;)
If an antivirus would be the problem, the traffic would either not reach the router or the client itself would reset the connection.
The router is still listening on port 80 on its LAN IP, but keeps responding with a FIN and a RST package - immediately resetting the connection.
The same for the WAN port.
Click to expand...

Using a packet sniffer is a great way of ruling out client and cache related problems early in the process
Wireshark and Fiddler are two of my favourites.
Use NMAP to verify the ports you are trying to connect to (or check the server response to the SYN packages using a packet sniffer).
 
Hi again

Sorry to say that it did not help to shut it down and remove the power cord for five minutes.
Tried sending requests from chrome, firefox, exploder soapUI (http GET and POST) - the router just keeps shutting down the connection :confused:
I guess I'm forced to do a factory reset :(

//Mike
 
Ok, the router is now restored back to its original state, this time I have exported all the settings ;)
I've added logging to a syslog server and I'll see if I can reproduce the problem.
Hopefully there is something interesting in the logs which can give a hint to what the router is doing :)

//Mike
 
mystiqu said:
Ok, the router is now restored back to its original state, this time I have exported all the settings ;)
I've added logging to a syslog server and I'll see if I can reproduce the problem.
Hopefully there is something interesting in the logs which can give a hint to what the router is doing :)

//Mike
Click to expand...


But it's working perfectly after the reset?
 
I enabled WAN access again and I can still access the router - YAY :)
However, my fiber switch seems to block all incomming traffic to my open ports - but that's another story...

Did you by any chance enabled this "Allow only specified IP address"?
Click to expand...
Yes, I added a few IP addresses - but that's for WAN access only, not internal access which also stopped working - unless there actually is a bug which makes the router filter on internal traffic as well (would explain a lot since I did not add any local IP-addresses).

//Mike
 
mystiqu said:
I enabled WAN access again and I can still access the router - YAY :)
However, my fiber switch seems to block all incomming traffic to my open ports - but that's another story...


Yes, I added a few IP addresses - but that's for WAN access only, not internal access which also stopped working - unless there actually is a bug which makes the router filter on internal traffic as well (would explain a lot since I did not add any local IP-addresses).

//Mike
Click to expand...

That whitelist affects both WAN and LAN connections. This is by design.
 
Excellent.

Just to clarify: so the reason you were locked out was that you invoked the whitelist (Admin tab "Allow only specified IP address" - client list underneath max of 4) thinking it only affected external addresses whereas, if you do invoke it, you must also list the internal addresses you want to give access to otherwise no internal address will be granted access?

It makes sense once it's pointed out, but I'm sure I would dropped the same clanger.
 
martinr said:
Excellent.

Just to clarify: so the reason you were locked out was that you invoked the whitelist (Admin tab "Allow only specified IP address" - client list underneath max of 4) thinking it only affected external addresses whereas, if you do invoke it, you must also list the internal addresses you want to give access to otherwise no internal address will be granted access?

It makes sense once it's pointed out, but I'm sure I would dropped the same clanger.
Click to expand...

Exactly!
And the reason (which I just found out) I could not reach my router from an external network is most likely due to NAT444 / CGN, which my ISP uses (my public IP is not really public, I think... ;) )

//Mike
 
Anyone get a solid fix for this issue, I have the same with my rt-ac66u_b1.
Settings have been updated. Web page will now refresh.
Changes have been made to the IP address or port number. You will now be disconnected from etc etc...

Identical. Just refuses to connect, but only on my desktop. Can access from laptop. It's like the router is trashing something on my desktop. When I restore my desktop from an image before I bought this router, it works until I make a change on the router, like adding a mac address to mac filter list. have done everything already. Nothing works. Only my desktop, not my laptop it connects fine. Yes, reset modem to factory, tried the unplug for minutes.

Only things I changed on the router from factory is admin password, add encryption, turn on mac filter for 2.4 and 5.0, add mac addys, and ddns. Thats it. I never had this problem with my 66u i still have. Only way i can get my desktop to connect is to restore from image again.. Will not work with IE, Chrome or Firefox, same results... no malware, or viruses.. Laptop and desktop on wireless. Internet works perfect on desktop.
again, my laptop connects just fine to the router... no issues.

After clearing all cache I get...

This site can’t be reached
10.0.0.1 refused to connect.

Try:

ERR_CONNECTION_REFUSED
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Enable Web Access from WAN can't stay enabled
Replies
2
Views
296
Alipasijaner
A
M
Allow admin web GUI access on another interface (tailscale0)
Replies
0
Views
188
mr8
M
D
Solved Can I reach my TOR enabled Asuswrt-merlin router from within TOR?
Replies
4
Views
616
domic
D
G
Solved aicloud ports open
Replies
1
Views
394
gaksenov
G
H
locked out of asus merlin (Administration > System > Only Allow Specific IP)
Replies
5
Views
728
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
W Solved Solved (for me): WiFi issues and/or crashes with Merlin on RT-AC86U Asuswrt-Merlin 1
magicus [solved] More than 64 static DHCP addresses? Asuswrt-Merlin 3
J Solved *SOLVED* Asus RT-AX86U Pro on latest Merlin 3004.388.4, cannot get RT-AC68U (on any firmware) to connect as a AI Mesh Node Asuswrt-Merlin 3
M SOLVED: very asymmetric UL/DL speed on 2.5G line Asuswrt-Merlin 25
Calafax AX86U setup & ethernet-only access--solved Asuswrt-Merlin 13
A Enable Web Access from WAN can't stay enabled Asuswrt-Merlin 2
RMerlin CVE 2023-50868 and CVE 2023-50387 in dnsmasq when DNSSEC is enabled Asuswrt-Merlin 30
R DDNS unable to detect WANIP with Dual Wan Load Balancing enabled Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 587 (members: 16, guests: 571)
Top