What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

CloudFlare Proxied DNS, can't login to Asus router

AdrianH

Occasional Visitor
Hi All

Have a Asus RT-AX88U with Merlin installed.

My home domain is hosted at CloudFlare, the A record is updated with a custom DDNS script. The A record is set to DNS-Only. The router is exposed to WAN the port 8443 (which is a supported port for proxied DNS) I can log into the router from external just fine.

If I change the A record at CloudFlare to Proxied, the domain is then proxied with a CloudFlare IP which then forwards and requests onto the actual IP. With proxied being enabled, I can do a NSLOOKUP on my domain, and I can confirm the IP address is indeed a CloudFlare IP. I am still able to browse to the router logon page and enter the credentials but this is when things go wrong.

After entering the username and password, I can click login and something seems to happen, but ultimately does not seem login, and the username and password field is cleared. So I enter the username and password again, click login and the same thing happens. If I do it again though, it then rerurns with that message "Cannot Login Unless Logout Another User First".

This is telling me that I am infact logging in, but the router is then thinking I am a different session or something.

Any ideas?
 
Absolutely playing Captain Obvious here: Have you previously logged off from the router WEBUI, if not you are seeing exactly what I'd expect to see!
 
The most likely explanation is that the Cloudflare proxy IP is changing between requests, so the router’s simple httpd server sees it as a new login IP.
 
The most likely explanation is that the Cloudflare proxy IP is changing between requests, so the router’s simple httpd server sees it as a new login IP.
I was thinking something a little different where I do manage to login to the router, but then the router's WAN IP (ISP) differs from the domain DNS IP (CloudFlare) and that difference is then kicking me out as it has a mismatch of the domain IP.

I am guessing that there is no way to circumvent this?

Does the router log IP addresses when you try login from external?
 
I think this describes why:
If you change the logging level or use skynet you'll be able to pull the info - whether it will help or not is another matter!
What are you hoping to achieve by using proxied IP/DNS?
 
I think this describes why:
If you change the logging level or use skynet you'll be able to pull the info - whether it will help or not is another matter!
What are you hoping to achieve by using proxied IP/DNS?

By using the CloudFlare proxied DNS, you can firstly obfuscate the actual domain IP, setup rules (WAF) to restrict access like region blocks, DDOS is handled at CloudFlare, blocking bots,, as well as implementing the CloudFlare Human challenge check to name a few.

I wouldn't say I need this, just something I am trying for curiosity and experimentation.
 
Don’t allow public access to the router GUI. Use a VPN instead. That’s the conventional wisdom on remote access for router management.
I have read this approach. My issue is that I also expose my Home Assistant so not sure how the VPN will affect this.

There is another option called CloudFlare tunnels which may also be a solution.
 
Last edited:
The easiest way to remotely access your resources is probably to use Asus Instant Guard app and router. It's basic but it mostly does the job!
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top