With Merlin Firmware 384.4_2 I always have to login twice into the Asus router. Is it a Hacker?

[Kae]

First of all, thanks a lot to Merlin for doing such a great job on his firmware, and supporting us and the world with it!

And thank you to the community here for all the great advice! Great Forum!

I have the following problem, and others might have it too than:
With Merlin Firmware 384.4_2 I always have to login twice into the Asus router.
I could not find anything here on the forum nor on the internet to the cause and the solution to this problem.

The Asus login screen always asks me to put in my password and login name a second time, after I already entered it once and hit enter to login into the Asus RT-AC86U router with the newest Merlin version installed.

To login I am using firefox, and have addons on firefox installed like disconnect, ublock origin, disable webrtc, https everywhere and panic button.

Is it maybe a Hacker virus on my router or computer (MacOS), a Merlin firmware problem with the router or a firefox addon problem?

Are any of these firefox addons unsafe to use? Some addons that are supposed to protect privacy actually collect user data...

How to solve the double login problem into the router?

I heard that hackers can implement a virus into the router or computer so the user has to enter his login credentials twice, and this way the hacker can get the user (victims) password and login name.
I hope this is not the case here.

If this questions has already been answered elsewhere here, maybe someone can point me to the post?

Thank you for your help, to everybody.

Kae.

 

[skeal]

First of all, thanks a lot to Merlin for doing such a great job on his firmware, and supporting us and the world with it!

And thank you to the community here for all the great advice! Great Forum!

I have the following problem, and others might have it too than:
With Merlin Firmware 384.4_2 I always have to login twice into the Asus router.
I could not find anything here on the forum nor on the internet to the cause and the solution to this problem.

The Asus login screen always asks me to put in my password and login name a second time, after I already entered it once and hit enter to login into the Asus RT-AC86U router with the newest Merlin version installed.

To login I am using firefox, and have addons on firefox installed like disconnect, ublock origin, disable webrtc, https everywhere and panic button.

Is it maybe a Hacker virus on my router or computer (MacOS), a Merlin firmware problem with the router or a firefox addon problem?

Are any of these firefox addons unsafe to use? Some addons that are supposed to protect privacy actually collect user data...

How to solve the double login problem into the router?

I heard that hackers can implement a virus into the router or computer so the user has to enter his login credentials twice, and this way the hacker can get the user (victims) password and login name.
I hope this is not the case here.

If this questions has already been answered elsewhere here, maybe someone can point me to the post?

Thank you for your help, to everybody.

Kae.

Did you reset to factory defaults and reconfigure manually with no import after the flash to merlin? If not I highly suggest you do.

 

[RMerlin]

Test a different browser to determine if the issue is related to your Firefox installation.

 

[Kae]

Test a different browser to determine if the issue is related to your Firefox installation.

Thank you for the quick answer.

I tried it with the safari browser as well. It is still the same problem. The router login screen is asking me to login twice.

I am running MacOS 10.9.5.
The Asus router is connected to a Telekom Speedport router via cable to a Speedport LAN port as a dual router setup. The Asus router is supposed to always run as a VPN Client router. The Telekom Speedport router is directly connected to the internet service provider, and the Asus router is connected through the Telekom Speedport router (LAN port) to the Internet.

- Is this a firmware issue, or is it a hacker or a virus problem?
Do I have to reset to factory defaults as "skeal" above suggested and reconfigure manually with no import after the flash to merlin? Where can I find the all the safest correct manual settings for running the Asus router as a VPN router (in a dual router setup)?
Before I have to do all the work for the manual configuration again for maybe nothing, including all the VPN client settings, I would rather try something else first.
If resetting the router is not the problem, than the same problem will remain after the reset and manual configuration.
Maybe I configured the router incorrectly?

- The login connectin to the interface of the router is also not a secure https connection, but only an insecure http connection..., is that normal?

I have installed 5 vpn clients with open vpn, with paid vpn provider settings under the vpn client tab as well. Everytime I change or add any vpn client servers, and than I reboot, the router will ask me to login twice, instead of only once. Safari and Firefox both show the same problem.

-Could you add more VPN client servers than 5? Maybe 15?

Thank you for your help and your quick reply.

Kae.

 

[Kae]

Did you reset to factory defaults and reconfigure manually with no imp

Did you reset to factory defaults and reconfigure manually with no import after the flash to merlin? If not I highly suggest you do.

ort after the flash to merlin? If not I highly suggest you do.

Thank you for the answer.
Before I have to do all the work for the manual configuration again for maybe nothing, including all the VPN client settings, I would rather try something else first.
If resetting the router is not the problem, than the same problem will remain after the reset and manual configuration.

Where can I find the correct manual settings? Maybe I can check if all the settings are correct?

Thank you.

Kae.

 

[john9527]

Make sure you are not blocking cookies from the router in your browsers....

 

[eastavin]

Thank you for the answer.
Before I have to do all the work for the manual configuration again for maybe nothing, including all the VPN client settings, I would rather try something else first.
If resetting the router is not the problem, than the same problem will remain after the reset and manual configuration.

Where can I find the correct manual settings? Maybe I can check if all the settings are correct?

Thank you.

Kae.

FWIW I came to believe there is something odd about the 384.4_2 code on a RT-AC68U v C1. I had a whole whack of weird things like that happen with no discernable pattern or log reports... nothing happening when you hit apply or rebooting and the router staying locked in its problem or ignoring your change, having to reboot twice to get it to apply a change where no reboot is normally required, traffic reports or bandwidth monitoring working differently when a vpn client is enabled vs when its not, slow response on email, browser fill and more on any computer on the network. Going back to 384.4_0 resolved most of them. But even getting back to 384.4_0 was problematic as the router would not take the downgrade.

So every once in a while I tell myself it is what it is and just use what works cleanly until the next version comes along. My suggestion is to go back one release and see if it works differently. It did for me. Others may have better advice.

 

[RMerlin]

Is this a firmware issue, or is it a hacker or a virus problem?

Something must be interfering with the authentication process, or causing httpd to crash. Try accessing your router through its IP rather than a hostname to see if it makes any difference (I've seen something similar occur in the past but only while in Repeater mode for some reason).

It's unlikely to be hacker/virus related, due to the nature of the symptoms themselves.

The login connectin to the interface of the router is also not a secure https connection, but only an insecure http connection..., is that normal?

HTTPS support can be enabled under Administration -> System. After that you'll be able to access the webui over https.

Could you add more VPN client servers than 5? Maybe 15?

No. That alone would increase nvram usage by 10 KB - just for the default settings, without any user configuration entered yet.

 

[Kae]

Update:
The double login problem was solved by stopping Ublock Origin (thanks @john9527).

I now changed the login mode from unsecure http to secure https under the administration / system tab (thanks @RMerlin) . But the connection is still unsecure. Because each time I try to login now, the browser tells me that the connection is not secure because the owner of the website (showing my routers ip address) has not configured the website correctly, and that the security certificate is invalid.

When I than add this security certificate as a permanent exception to the security certificates list, the next time I log in, the browser will still bring the same error notification, and asks me again to add the security certificate as an exception, telling me the certificate can not be validated and is invalid.

Why is the certificate deemed insecure and invalid, and why does it always bring the same error each time I reboot and want to login again, without remembering that I already added the certificate to the secure certification exception list?
Is it safe to add it to the security expection list, or should something else be done to built a secure https connection to the asus router? How to make it secure, AND stay ANONYMOUS at the same time, as this router is used as a VPN router, in a dual router setup?

Do I now have to Enable DDNS client under the under WAN - DDNS tab to make the certificate work correctly?
Will my router than still stay anonymous (vpn router), since apparently the asus router will than contact Asus to get the certificate from them, when enabling DDNS client?
Asus wants that the user agrees to their "Terms of Service" for using their “Lets Encrypt” Service to get a secure certificate for the router from them, and they will than also automatically periodically connect the Asus router to the Asus server to renew the certificate. That does not sound anonymous and secure anymore when it comes to my and other peoples router privacy.
So, what to do to stay anonymous and have a secure valid HTTPS connection to the router interface, without having to send data to the Asus server? Or is that secure and “private”?

Under the "WAN - DDNS” tab in the router setting it further says:

"The wireless router currently uses a private WAN IP address.
This router may be in the multiple-NAT environment and DDNS service cannot work in this environment.”

So, what is the solution than?

Is the solution to put the Asus router in bridged mode, and than run it as a VPN router?

I think other router companies have a secure https connection to the router interface as a standard, isn’t it? Why is Asus doing it differently?

Thank you.

 

[Kae]

FWIW I came to believe there is something odd about the 384.4_2 code on a RT-AC68U v C1. I had a whole whack of weird things like that happen with no discernable pattern or log reports... nothing happening when you hit apply or rebooting and the router staying locked in its problem or ignoring your change, having to reboot twice to get it to apply a change where no reboot is normally required, traffic reports or bandwidth monitoring working differently when a vpn client is enabled vs when its not, slow response on email, browser fill and more on any computer on the network. Going back to 384.4_0 resolved most of them. But even getting back to 384.4_0 was problematic as the router would not take the downgrade.

So every once in a while I tell myself it is what it is and just use what works cleanly until the next version comes along. My suggestion is to go back one release and see if it works differently. It did for me. Others may have better advice.

Thank you for your answer.
Stopping Ublock Origin did the trick.
I also changed the login mode from http to https.
But now it says that the https secure server certificate is invalid.

Maybe you also had an adblocker or cookie blocker installed?

 

[Kae]

Make sure you are not blocking cookies from the router in your browsers....

Thank you. That did the trick and was the problem. Now I only have to login once.

 

[RMerlin]

So, what is the solution than?

Just ignore the message, it's misleading. Your connection is fully encrypted, the only reason they claim it's not secure is because it cannot validate that you are really connected to your router at the specified IP/hostname using a certificate issued by a trusted authority.

If you want to get rid of it, you need to either fiddle with Let's Encrypt, or generate your own CA + certificate, and import that CA in the trusted store of all your devices.

 

[Kae]

Just ignore the message, it's misleading. Your connection is fully encrypted, the only reason they claim it's not secure is because it cannot validate that you are really connected to your router at the specified IP/hostname using a certificate issued by a trusted authority.

If you want to get rid of it, you need to either fiddle with Let's Encrypt, or generate your own CA + certificate, and import that CA in the trusted store of all your devices.

Thank you very much. This is very helpful.

@RMerlin
Is there a way to donate money other than through paypal?
I used papal once, and they ripped me off, so I avoid using them...

 

[RMerlin]

Thank you very much. This is very helpful.

@RMerlin
Is there a way to donate money other than through paypal?
I used papal once, and they ripped me off, so I avoid using them...

Only Paypal, sorry.

 

[snbjam]

I just wanted to add that I was also having the double login problem, and in addition, when I tried to reboot the router from the firmware or do a firmware upgrade, I would instead be taken back to the login.

After trying many browsers, disabling AV, security software, it finally came down to a host config issues (and this was only over http)

I had two hostnames in my hosts pointing to the same accesspoint, ie, APNAME1 and APNAME2 both going to the same IP address. I was connecting to APNAME1 and the router thought it's name was APNAME2. cleaned up the hosts so there was only 1 name -- which matched what the router thought it was, and my problem was solved.


this was a RT-AC66 that I was trying to upgrade from fw 378.56_2 and another from 384.4_2