What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RT-AC86U HTTPS LAN LOGIN "Broken"

A

akatwn

New Around Here
Just set up new 86U with Asuswrt 384.7 Beta 2 and all well except login to router via HTTPS LAN.

upload_2018-9-29_16-56-34.png


Using Chrome for login https://192.168.50.1:8443 results in

upload_2018-9-29_16-58-31.png

Apparently the Let's Encrypt Certificate is not transferring to LAN, though login via Remote Access works well xxxxxx.asuscomm.com:8443 (just logged in via Remote Access to test, will not be using of course).

I am able to login to router by clicking "Advanced" . Of course the login continues to read "Not Secure".

Any ideas on why HTTPS LAN login not working?

I searched the forum and some indicate this is simply a "broken" process for now.

I called Asus tech support (after loading stock Asus firmware) and worked up to Level 2, and "engineers" sent me a long questionnaire to answer regarding computer / router / settings / logs ,etc. Don't know when or if I'll ever hear back from tech support, though they at least acted interested and were responsive during my phone call.

Working towards using OpenVPN, but a bit of a learning curve for me.

Side note: I'm thrilled that JFFS partition works so I can finally have persistent static ARP for Wake on WAN.

Many thanks to Merlin for taking care of asuswrt-Merlin, and all of the contributors to this terrific forum!
 
akatwn said:
Apparently the Let's Encrypt Certificate is not transferring to LAN, though login via Remote Access works well xxxxxx.asuscomm.com:8443 (just logged in via Remote Access to test, will not be using of course).
Click to expand...

The certificate is only valid for the hostname for which it was issued, not for the IP.
 
Also worth noting that whilst in your LAN your router should smart enough to resolve your DDNS to the local IP. Or if it’s not you can create a hosts.add entry in jffs/config


Sent from my iPhone using Tapatalk
 
Merlin and JDB, thanks for your timely and informative replies.

Apparently the 86U is not smart enough to resolve the DDNS to the local IP, unless I'm missing something.

Have never worked with hosts.add entry, though I know my way around the jffs partition to some degree using WinSCP and Putty (self taught and learning, not an IT guy, though I wish I were lol ).

JDB, please give me a hint on the hosts.add for resolving DDNS to the local IP, if you have time.

Thanks again.
 
If you use the DDNS hostname, it would require you to enable WAN access, which is a very bad idea.
 
Yes, https://xxx.asuscomm.com:8443 works fine with secure https with Enable WAN access (I did a quick test to confirm when I first got the router), but as Merlin pointed out, that's a no go.

As illustrated in the first snippet above, the router clearly says "Access Setting Page via https://192.168.50.1:8443. That would indicate that asus thinks the router will resolve the DDNS to the local IP. The second snippet is the result of trying to login via https://192.168.50.1:8443 .

Thanks ColinTaylor and Merlin for replies.

I'm still working with asus tech support on this issue. Tech support just emailed asking me to send amplifying data. If I get any positive results from tech support, I'll report back.
 
Asus tech support cannot do anything there, this is simply how the router and IP name resolution works in general. If you absolutely need to bypass this, you have to define yourself a host entry with that name matching your router's IP, either on the router, or on your client machines.
 
Create a file called hosts.add (ensure it has no .txt or any other extension).

Make the contents an entry for your router's local IP and your DDNS hostname, for example;
Code: 
192.168.50.1 myname.asuscomm.com

Copy the file using winSCP to the /jffs/configs/ folder (create the folder if it doesn't already exist).

Reboot.

Now, when in your LAN, if you resolve your DDNS name it will go to the router's private LAN IP, if you are outside your LAN it will go to the router's public WAN IP. You can test it by using ping.

This assumes you are running Merlin, have already enabled the jffs partition and that you are using the router as your DNS server.
 
Last edited:
You must log in or register to reply here.

Similar threads

P
RT-AXE7800 - AiCloud 2.0 Smart Access issue
Replies
14
Views
776
pete99
P
C
Need help getting USB Samba Share working on Linux (RT-BE92U)
Replies
2
Views
580
iTyPsIDg
I
D
Feature request: Two factor authentication web login. (TOTP)
Replies
8
Views
1K
DJones
D
B
How to migrate RT-AC86U to RT-AX86U-PRO?
2
Replies
22
Views
522
BosseSwede
B
B
How to permanently disable wifi and bluetooth on Ubuntu Server 24.04.1?
Replies
10
Views
3K
Digilog
D
Similar threads
Thread starter Title Forum Replies Date
nospamever RT-AC86U and IPv6 Asuswrt-Merlin 7
C Migrating from RT-AC86U to RT-BE86U need advice Asuswrt-Merlin 5
U Need Help Setting Up 3 VLANs (Home, Guest, IoT) on ASUSWRT-Merlin (RT-AC86U) Asuswrt-Merlin 9
P WiFi drops Internet rt-ac86u on 386.14_2 Asuswrt-Merlin 8
L My ASUS router RT-AC86U is a very old device, so, I need your guys help! Asuswrt-Merlin 17
O RT-AC86U reboots everyday evening for no reason Asuswrt-Merlin 15
C 386.14_2 - RT-AC86U - Web UI Inaccessible After Upgrading Asuswrt-Merlin 5
UTAVATU [Asuswrt-Merlin 386.14_2] RT-AC86U Asuswrt-Merlin 3
Harry Azcrac ASUS Merlin on RT-AC86U OpenVPN Server not blocking IP when a client connects Asuswrt-Merlin 2
M AC86U - SSH Disabled few seconds after boot - 386.14. Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 733 (members: 29, guests: 704)
Back
Top