1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

IFTTT - how much do you care about security?

Discussion in 'Asuswrt-Merlin' started by RMerlin, Dec 3, 2017.

  1. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    IFTTT is already on its own separate page, there's no "other place" to move it.

    Beside, configuration settings must be regrouped by logical functions, not by level of risks involved. DNSFilter fit just as well in its new location as in the previous one in terms of logical functions.
     
  2. escape75

    escape75 Regular Contributor

    Joined:
    Oct 1, 2013
    Messages:
    56
    Hmm, i thought only the BRT-AC828 had support for that ...
    Is that on OEM firmware, and you know which models support that feature ?
     
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    RT-AC88U, RT-AC3100, RT-AC5300, RT-AC86U, GT-AC5300 and RT-AX88U currently offers it on the stock firmware.
     
    escape75 likes this.
  4. AntonK

    AntonK Regular Contributor

    Joined:
    Apr 10, 2015
    Messages:
    152
    If customers asked Ford to provide them with cars that had no brakes, and Ford did that, I'd blame Ford for it. It's fine to work towards customers wants and expectations, but not at the price of rendering them susceptible to a damaging breach.
     
    jerry6 likes this.
  5. jerry6

    jerry6 Very Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    640
    Location:
    Montreal
    security is the reason i hang out here , very important
     
    quant88 and SMS786 like this.
  6. SMS786

    SMS786 Regular Contributor

    Joined:
    Nov 29, 2017
    Messages:
    157
    +10000!
     
  7. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    Enabling IFTTT is a conscious decision by the user. Your analogy doesn't fit that at all.

    Sent from my P027 using Tapatalk
     
    AntonK likes this.
  8. AntonK

    AntonK Regular Contributor

    Joined:
    Apr 10, 2015
    Messages:
    152
    You're right. I get excited sometimes. Thanks.
     
  9. SwampKracker

    SwampKracker Regular Contributor

    Joined:
    Aug 7, 2013
    Messages:
    103
    The primary function of your router is to secure your network from the outside world. Secondary function is acting as a bridge for your wireless devices. Everything else is to add value to the primary and secondary functions. If you compromise #1, you might as well get a handful of public IP's from your ISP, a small switch and forget the router.
     
  10. escape75

    escape75 Regular Contributor

    Joined:
    Oct 1, 2013
    Messages:
    56
    Thank you, very helpful to know, do you know the approx. performance of L2TP/IPSEC on an AC86U ?

    PS: It's strange nobody mentioned that the AC86U supports the L2TP server when I asked under 'Buying Advice', titled 'Wireless Router with L2TP Server?' :)

    I guess this server was added since Nov 2017 as I've run across a post from you saying that no Asus routers supported L2TP server at that time.
     
    Last edited: Nov 8, 2018
  11. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    Performance results for IPSEC while I was debugging it a few months ago:

    Code:
    Downstream (bcmspu):
    
    P:\Tools>iperf -c 192.168.1.51 -M 1400 -N -t 30
    ------------------------------------------------------------
    Client connecting to 192.168.1.51, TCP port 5001
    TCP window size: 64.0 KByte (default)
    ------------------------------------------------------------
    [296] local 10.10.10.1 port 8334 connected with 192.168.1.51 port 5001
    [ ID] Interval       Transfer     Bandwidth
    [296]  0.0-30.0 sec  1.08 GBytes    309 Mbits/sec
    
    
    Upstream (bcmspu):
    C:\Users\Eric\Documents>iperf -c 10.10.10.1 -M 1400 -N -t 30
    ------------------------------------------------------------
    Client connecting to 10.10.10.1, TCP port 5001
    TCP window size: 64.0 KByte (default)
    ------------------------------------------------------------
    [296] local 192.168.1.51 port 2644 connected with 10.10.10.1 port 5001
    [ ID] Interval       Transfer     Bandwidth
    [296]  0.0-30.0 sec    886 MBytes    248 Mbits/sec
    
    
    L2TP and IPSEC are not the same thing. L2TP is just a straight tunnel, and does not include encryption. Asus only support L2TP as a client. "Real" IPSEC is what I'm referring to here, and is supported as a server for the listed models. There's no client support at this time.
     
  12. escape75

    escape75 Regular Contributor

    Joined:
    Oct 1, 2013
    Messages:
    56
    Looks like it can push some nice speeds!

    I just checked the demo interface (http://demoui.asus.com/Advanced_VPN_PPTP.asp)
    and like you said IPSEC is there so clients like IOS can access without 3rd party programs,
    but unfortunately because there's no support for L2TP, windows will not work out of the box.

    I got my hopes up for a second there :)

    Thanks!
     
  13. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    Strongswan is able to leverage the hardware-accelerated crypto module from Broadcom, hence the results.

    For Windows clients: https://www.asus.com/support/FAQ/1033576
     
  14. escape75

    escape75 Regular Contributor

    Joined:
    Oct 1, 2013
    Messages:
    56
    It's an easy way to make Windows IPSEC VPN compatible, too bad it's not enabled out of box, like IOS and MacOS :)
     
  15. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,270
    Location:
    Canada
    I agree that "proper" built-in IPSEC would make a lot of sense in 2018, now that PPTP (what most people previously used) is deprecated. Microsoft should spend less time with useless gimmicks that nobody will use (like Sets) and more time on actually useful features like support for a pretty common VPN standard.
     
    SMS786 likes this.
  16. Grisu

    Grisu Very Senior Member

    Joined:
    Aug 28, 2014
    Messages:
    1,294
    They are working on really helpful features, like deleting you personal folders (1809-update) to free your mind as well as HDD/SSD. :p
     
    jsbeddow likes this.
  17. escape75

    escape75 Regular Contributor

    Joined:
    Oct 1, 2013
    Messages:
    56
    I don't think they've added anything useful as far as networking goes into Windows lately,
    in fact it's way less user friendly than Windows 7 because you have Settings + Control Panel,
    you can't even remove and re-add most networking items properly, unlike on Windows 7 :)
     
  18. sfx2000

    sfx2000 Part of the Furniture

    Joined:
    Aug 11, 2011
    Messages:
    13,491
    Location:
    San Diego, CA
    WRT AsusWRT - only if one wants to control the AsusWRT device via IFFTT - which there I would agree, bit of a risk with doing remote things with the gateway/firewall of one's LAN.

    IFTTT in general - it can be secure, but it's always going to be a challenge with privacy and security, esp if one is using third party recipes on their platform.

    My personal recommendation is to avoid using IFTTT at present. Just too many potential risks there.

    Good write up here...

    https://www.ftc.gov/system/files/documents/public_comments/2017/11/00026-141804.pdf
     
    Quoc Huynh likes this.