Menu
What's new
By:
Filters Better Search

new to Asus routers - help would be appreciated !

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

hasarouter

Occasional Visitor
Hi,

I just bought an Asus AT-AC88U and I have some generic questions on the router itself

my firmware is : 2.094
and AiMesh Router: Current Version : 3.0.0.4.384_32799-gfe72567

a. are these the latest versions
b. is there a mail service I can subscribe to and hear once there are firmware updates?
c. I'm slightly confused at to what is the AiMesh Router software
d. does it support DNS over HTTPs (DoH) ?
e. when I connect to the router via HTTPs, I see an invalid certificate that's issued by the 192.168.1.1 - is this expected? it strikes me as odd, wouldn't a certificate signed by Asus had been more natural ?
f. it asks for an email password to send email alerts, why does it need it?, email address should be sufficient
g. is there a way to turn on SPI - matching each incoming packet with an outgoing one
h. does someone have experience with using WPA enterprise, ie does it work well with IoT devices ?
i. I see the router stores in plaintext the password for the WiFi, is it possible to change this to storing a hash of the password ?
j. can I enable administrative access only from a LAN port ( to disable admin access via the WiFi )

Thanks !
 
1. There's no such thing as an AT-AC88U so I guess you mean RT-AC88U.

a) I don't know why they use the word "Firmware" there, it's misleading. Maybe another translation problem from Chinese.
2.094 is the "signature" version of the AiProtection database. It will update itself periodically.
The actual firmware version is 3.0.0.4.384_32799-gfe72567. You can check for the latest firmware here: https://www.asus.com/us/Networking/RT-AC88U/HelpDesk_BIOS/
3.0.0.4.384.32799 is the current version.
b) No.
c) See a), it's the actual firmware version.
d) I don't believe so.
e) That's normal.
f) Don't know, don't use it.
g) SPI is always on, the router wouldn't work otherwise.
h) Never used it. You would have to setup a RADIUS server on your LAN. I doubt many IoT devices support it.
i) No.
j) No, you can only restrict it by IP.
 
d) No.
f) Because SMTP servers require user authentication to allow email relaying.
 
hasarouter said:
b. is there a mail service I can subscribe to and hear once there are firmware updates?
c. I'm slightly confused at to what is the AiMesh Router software
j. can I enable administrative access only from a LAN port ( to disable admin access via the WiFi )

Thanks !
Click to expand...
b) only shown as exlamation mark in GUI network map on right top corner
c) Aimesh is for meshing more asus routers together and only need to configure the parent router, nodes will find their best backhaul via LAN or WLAN and configure themselves but still with limited functionality. AiCloud are some special Asus features.
j) with a workaround, hide your main SSID with strong password and allow all clients only via guest network, so they cant access router GUI. And disable LAN access too of course.
 
Grisu said:
b) only shown as exlamation mark in GUI network map on right top corner
c) Aimesh is for meshing more asus routers together and only need to configure the parent router, nodes will find their best backhaul via LAN or WLAN and configure themselves but still with limited functionality. AiCloud are some special Asus features.
j) with a workaround, hide your main SSID with strong password and allow all clients only via guest network, so they cant access router GUI. And disable LAN access too of course.
Click to expand...

Re j) is it really hidden or it's just that it doesn't show up in the lists of WiFi's to connect to - eg can an attacker discover a hidden WiFi network ?
 
hasarouter said:
I don't think they do - at least I'm certain 15 years ago SMTP required no authentication , which is why I'm surprised it needs a password
Click to expand...

It does pretty much these days - client auth is needed, and many require TLS/SSL auth, even over trust tunnels like VPN or internal SMTP hosts.
 
One more question, I have upnp switched off yet chromecast, sonos, skype, telegram all work - is upnp really off or there's a catch ?
 
hasarouter said:
One more question, I have upnp switched off yet chromecast, sonos, skype, telegram all work - is upnp really off or there's a catch ?
Click to expand...
I don't use any of those things, but chromecast and sonos sound like things that stream media over the local network. So they wouldn't use UPnP, just multicast traffic.

Just to be clear here, I'm assuming we're talking about UPnP IGD, i.e. the automatic forwarding of ports through the firewall. There is another, completely different UPnP called "UPnP AV" which deals with streaming local media (like DLNA).

You can check if there's any port forwarding currently happening at System Log > Port Forwarding.
 
ColinTaylor said:
I don't use any of those things, but chromecast and sonos sound like things that stream media over the local network. So they wouldn't use UPnP, just multicast traffic.

Just to be clear here, I'm assuming we're talking about UPnP IGD, i.e. the automatic forwarding of ports through the firewall. There is another, completely different UPnP called "UPnP AV" which deals with streaming local media (like DLNA).

You can check if there's any port forwarding currently happening at System Log > Port Forwarding.
Click to expand...

Thanks ! and I guess Skype these days is no longer P2P-based and instead each client talks to Microsoft servers

So effectively upnp would only be needed for a camera to watch our home while we're away I guess - are there any cameras you're aware of that do not require upnp ? ( it's entirely possible, if they could ie connect to the manufacturer's servers instead of letting the client app connect to the camera )
 
Sorry, I don't know anything about cameras. Like you, I'd guess that there must be some that don't require port forwarding. I'd imagine any of the high-end "Nest"-like devices that can be administered from "the cloud". The cheap Chinese devices won't because it would require the manufacturer to maintain an ongoing server infrastructure.
 
hasarouter said:
Thanks ! and I guess Skype these days is no longer P2P-based and instead each client talks to Microsoft servers

So effectively upnp would only be needed for a camera to watch our home while we're away I guess - are there any cameras you're aware of that do not require upnp ? ( it's entirely possible, if they could ie connect to the manufacturer's servers instead of letting the client app connect to the camera )
Click to expand...

I've never enabled UPnP and have never had related issues... Skype and Chromecast have always worked... as does a Wyze Cam camera.

OE
 
hasarouter said:
Thanks for this, it looks like I'm out of date with respect to networking protocols
Click to expand...

The SMTP protocol in itself when dealing MTA-to-MTA doesn't require authentication. However mail submission (MUA to MTA) will require authentication to prevent spammer abuse.

Many ISPs will use ACLs to provide unauthenticated access to their own customers (i.e. no authentication might be needed if you are submitting a mail from an IP address belonging to that ISP). In the router's case, it cannot guess what SMTP your ISP uses, therefore it relies on a public SMTP - in this case, Google's.
 
RMerlin said:
The SMTP protocol in itself when dealing MTA-to-MTA doesn't require authentication. However mail submission (MUA to MTA) will require authentication to prevent spammer abuse.

Many ISPs will use ACLs to provide unauthenticated access to their own customers (i.e. no authentication might be needed if you are submitting a mail from an IP address belonging to that ISP). In the router's case, it cannot guess what SMTP your ISP uses, therefore it relies on a public SMTP - in this case, Google's.
Click to expand...

MTA and MUA - these days, between SPF/DKIM and DMARC - even if one can find an "open" relay, you'll likely get bounced... SPF and DKIM do start to build, or should I say rebuild, the circle of trust around SMTP.

MUA to MTA - the trust relationship is built on the edge with the SMTP user/pass there, whether it is SSL or TLS (or combination thereof).

There's still open SMTP on port 25, but thru efforts of groups like M3AAWG (the Anti-SPAM, anti-malware industry group, search for them if curious), open relays are going away, or becoming more difficult to use.

ssmtp - it's a small application that acts as an outgoing MUA, and does support TLS/SSL to a valid account - it's in the debian repos, and perhaps in the redhat as well - I think entware also has a version in their repository. I host a github source repo for historical purposes...
 
Thanks @RMerlin , @sfx2000 - it's been a bit since I had worked with an SMTP server, it's actually good to hear fake mail is essentially dead, though I wish I didn't have to give my email password to the router (which stores it in plaintext it seems)
 
hasarouter said:
Thanks @RMerlin , @sfx2000 - it's been a bit since I had worked with an SMTP server, it's actually good to hear fake mail is essentially dead, though I wish I didn't have to give my email password to the router (which stores it in plaintext it seems)
Click to expand...

Even ssmtp stores the password in plain text unfortunately, so one has to consider the read/write permissions in the directory where the config is stored - but this also goes towards general device and account security - only trusted users should be able to access the device in the first place, and then, admin privileges from there to edit/view files on the host...
 
You must log in or register to reply here.

Similar threads

G
Asus AI Cloud
Replies
7
Views
730
DiliMe
D
M
  • Locked
Express VPN Free 90-Promotion/ Asus RT-AX86U Pro New Purchase not working??!
Replies
19
Views
538
thiggins
thiggins
HeadBanger
New fibre instal problems - help!
Replies
4
Views
446
HeadBanger
HeadBanger
M
Asus AiMesh with wired access point headache, out of my mind, angry
Replies
14
Views
1K
craigeryjohn
C
R
Solved At Wits End. OpenVPN Certificate Connection issue with Asus Router
Replies
4
Views
1K
Clark Griswald
Clark Griswald
Similar threads
Thread starter Title Forum Replies Date
doggyofone Best Use for 3 Asus Routers ASUS AC Routers & Adapters (Wi-Fi 5) 11
F ASUS routers lose speed periodically, where is the problem? (RT-AC59U V2 and RT-AC58U V3). ASUS AC Routers & Adapters (Wi-Fi 5) 17
M Asus RT-AC68U ASUS AC Routers & Adapters (Wi-Fi 5) 5
P Asus 4g ac68u no wifi and lan detection ASUS AC Routers & Adapters (Wi-Fi 5) 0
A ASUS RT-AC86U ASUS AC Routers & Adapters (Wi-Fi 5) 0
Rana Imran Android Devices Won't Connect to ASUS RT-AC5300 5GHz Band ASUS AC Routers & Adapters (Wi-Fi 5) 3
Chinquapin Asus RT-AC56U Android Client gives: Error message: X509:parse_perm:error in cert::error:0480006C:PEM routines::no start ASUS AC Routers & Adapters (Wi-Fi 5) 0
D Asus DSL-AC68U can someone check my line stats ASUS AC Routers & Adapters (Wi-Fi 5) 0
S Asus gt ax1100 ASUS AC Routers & Adapters (Wi-Fi 5) 11
V router asus rt-ac86u LIMIT ASUS AC Routers & Adapters (Wi-Fi 5) 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 960 (members: 26, guests: 934)
Top