Suggestion: Reboot on schedule (task) and VPN autoconnect

[Halvsvenskeren]

Hi guys.

Awesome software and much appreciated over many years.

I miss a couple of features.

It doesnt reconnect to the VPN server (PPTP). A manual disconnect/connect solves the issue otherwise it just sits "connecting" and nothing happens.

Reboot option on a schedule.

Merry christmas to everybody.

 

[bbunge]

Hi guys.

Awesome software and much appreciated over many years.

I miss a couple of features.

It doesnt reconnect to the VPN server (PPTP). A manual disconnect/connect solves the issue otherwise it just sits "connecting" and nothing happens.

Reboot option on a schedule.

Merry christmas to everybody.

Router model and firmware version, please.

 

[Halvsvenskeren]

AX86U and the latest and greatest.

Sometimes we see multiple connections on the RRAS on the other from the router. Same login/password but multiple connections.

A reboot solves it and it goes back to 1 connection only.

 

[Halvsvenskeren]

I simply missed the reboot scheduler. Sorry

 

[RMerlin]

Nobody should be using PPTP in 2023. The protocol is broken and completely insecure.

 

[Halvsvenskeren]

No its not. Compared to when its was an issue most of the traffic was unencrypted via port 80 and now everything runs https.

And there is a huge difference in how its terminated on the serverside regarding exchange of keys asf.

But its not the issue here.

 

[RMerlin]

No its not. Compared to when its was an issue most of the traffic was unencrypted via port 80 and now everything runs https.

Then by your own word, you don`t need a VPN since "everything is https". Why are you using one then?

Not "everything" goes over TLS. SMB sessions over VPN are rarely encrypted. And MITM attacks to which PPTP is vulnerable also means traffic can be hijacked. You can get redirected to malicious servers. Your PPTP credentials can be stolen, and someone else can connect to your server. All your DNS queries are in the clear (as I doubt you use DNS-over-*) and can be intercepted, even hijacked (as about 1% of the Internet uses DNSSEC to this day).

There is just no excuse to still be using PPTP today, as plenty of more secure alternatives exist. And due to its obsolescence, I wouldn't expect Asus to ever do any further enhancement to its implementation. I'm even surprised they haven't removed that support yet.

Not that they would ever see your feature request anyway, as this isn't an Asus-monitored forum.

 

[Halvsvenskeren]

Then by your own word, you don`t need a VPN since "everything is https". Why are you using one then?

Not "everything" goes over TLS. SMB sessions over VPN are rarely encrypted. And MITM attacks to which PPTP is vulnerable also means traffic can be hijacked. You can get redirected to malicious servers. Your PPTP credentials can be stolen, and someone else can connect to your server. All your DNS queries are in the clear (as I doubt you use DNS-over-*) and can be intercepted, even hijacked (as about 1% of the Internet uses DNSSEC to this day).

There is just no excuse to still be using PPTP today, as plenty of more secure alternatives exist. And due to its obsolescence, I wouldn't expect Asus to ever do any further enhancement to its implementation. I'm even surprised they haven't removed that support yet.

Not that they would ever see your feature request anyway, as this isn't an Asus-monitored forum.

Damn....

You hijacked the thread.

The tunnel is used to point them to a specific IP. They dont use SMB and all other traffic is encrypted. So youre running encrypted traffic in an encrypted tunnel. Be my guest to hack that in transit.

I could easily send you the endpoint IP's and then you can waste all the time you want trying to do what the internet says can be done.

You cant do MITM unless you hijack either the DNS used by the endpoint or the IP it connects to. Redirects use spoofed DNS and we use DNSSEC to validate the DNS used.

All the socalled secure alternatives all suck donkeyballs when it comes to setup and maintain.

Thats why PPTP and L2TP still is used.