What's new

AC-RT88u Remote access with two factor auth

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Xot B.

New Around Here
Hi Team,

I am trying to find out for the last few hours on how to implement a 2-factor authentication (2FA) for my asus router which has already enabled with https for remote administration away from home. I wanted it to be extremely secure, so would like to implement a 2-factor for authentication for web logins.

Google authenticator is an option and for that I need to OpenVPN, which I don't have. Can it be done without it ? and will it work for web logins ?

IP Address filtering is already available but for remote devices, it is harder to predict dhcp ip's if I am travelling domestic or internationally , IPs will change.

MAC filtering does not exist on asuswrt for remote web logins.

Any thoughts.
 
I am trying to find out for the last few hours on how to implement a 2-factor authentication (2FA) for my asus router which has already enabled with https for remote administration away from home.

You can't. And based on the numerous previous security issues with the webui, I strongly suggest NOT to expose it to the WAN. Even if you somehow managed to get 2FA working, too many security issues allowed to completely bypass authentication in the past. Rely on a VPN instead to remotely manage your router.
 
You can't. And based on the numerous previous security issues with the webui, I strongly suggest NOT to expose it to the WAN. Even if you somehow managed to get 2FA working, too many security issues allowed to completely bypass authentication in the past. Rely on a VPN instead to remotely manage your router.

You have an excellent point. One other thing that I was think about was to use a Windows server in the DMZ and use that to manage the router. Did you mean use VPN configured on router itself and expose that IP to the WAN ? or Just VPN client for all devices inside the network ..
 
Configure the VPN server on the router. No need to "expose" anything. Just connect to the router's WAN IP address on the port you've chosen.
 
Configure the VPN server on the router. No need to "expose" anything. Just connect to the router's WAN IP address on the port you've chosen.
Any good vpn server you recommend ? Expressvpn , nordvpn and thousand of them out there.
Can I still host my website through a vpn server ?

No need to expose anything - I didn’t get that logic. If don’t expose the port such 22, 3389 etc - How can you connect (incoming traffic) to the devices inside the LAN ?
 
Any good vpn server you recommend ? Expressvpn , nordvpn and thousand of them out there.
Those are irrelevant. They are VPN hosting services running on the internet. We're talking about the OpenVPN server that is built into the router.
Can I still host my website through a vpn server ?
No, not through a VPN. But you don't need to, the web server would continue to use the normal WAN connection. You haven't mentioned this website before so I'm assuming you're already port-forwarding to it on your LAN.
No need to expose anything - I didn’t get that logic. If don’t expose the port such 22, 3389 etc - How can you connect (incoming traffic) to the devices inside the LAN ?
The VPN server automatically opens a port (1194 by default) and everything is tunnelled through that.
 
Those are irrelevant. They are VPN hosting services running on the internet. We're talking about the OpenVPN server that is built into the router.

No, not through a VPN. But you don't need to, the web server would continue to use the normal WAN connection. You haven't mentioned this website before so I'm assuming you're already port-forwarding to it on your LAN.
The VPN server automatically opens a port (1194 by default) and everything is tunnelled through that.

If openVPN server is built into the ASUS router, then it would be nice. I don’t think I was able to see that, I will login and find out. Few weeks ago, I was searching to install google-Authenticator on ASUS router then I found someone install the openVPN software on ASUS using the SSH terminal access to the router.

I have lots of ports forwarded out of my router but based on my understanding it is extremely secure and unhackable. For example: ssh (port 22) is wide open to the internet but no one login without the 4096 ssh public key.

I still love to explore your option (openVPN 1194) that makes a very secure access my the LAN network. I will research that and let us see what I can find -or if my router is capable of that functionality.
 
I have lots of ports forwarded out of my router but based on my understanding it is extremely secure and unhackable.
That's entirely down to how secure the server is that you are connecting to. That is the problem with the router's own web server, it has a history of security vulnerabilities.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top