[Help!] HTTPS on my GL-Inet router

I need to make my router Admin panel be accessible not by HTTPS and block HTTP.

I am using Mudi v2 from Gl-Inet. Powered by OpenWRT

Chat gpt prompted to generate custom CA:


#!/bin/sh
openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 36500 -key ca.key -out ca.crt -subj "/C=XX/ST=XX/L=XX/O=Example/OU=CA/CN=ca.example.lan"
openssl genrsa -out router.lan.key 4096
openssl req -new -key router.lan.key -out router.lan.csr -subj "/C=XX/ST=XX/L=XX/O=Example/OU=Devices/CN=router.lan"
openssl x509 -req -days 36500 -in router.lan.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out router.lan.crt
echo "CA and signed router.lan certificate generated in current directory"

It will generate certificates and key. What to do next?

Anybody done something like this?

ubus call system board

@psherman

        "kernel": "5.10.176",    
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "GL.iNet GL-E750",
        "board_name": "glinet,gl-e750",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.4",
                "revision": "r20123-38ccc47687",
                "target": "ath79/nand",
                "description": "OpenWrt 22.03.4 r20123-38ccc47687"
1 Like

https://openwrt.org/docs/guide-user/luci/getting_rid_of_luci_https_certificate_warnings#create_install

Powered by?
You need to use OpenWRT, because it has https checkboxes in default ui.
Start at https://firmware-selector.openwrt.org/

"distribution": "OpenWrt",
"version": "22.03.4",
"revision": "r20123-38ccc47687",
"target": "ath79/nand",
"description": "OpenWrt 22.03.4 r20123-38ccc47687"

is the real deal ...

1 Like

Not to clean up llm damage. One can find respective setting in web UI

Start by upgrading to the latest supported release:

https://firmware-selector.openwrt.org/?version=23.05.3&target=ath79%2Fnand&id=glinet_gl-e750

1 Like

I have exactly Mudi V2, is it ok?
Also this will install clear OpenWRT? Or GL version?
Do I need to have computer to do this?

The version o linked to is official openwrt. Do you want to use this or gl-inet’s customized fork?

1 Like

It is not really important. But what will I loose if I install official one? Is there any IMEI change?

What type I need to use? Susupgrade? Or factory?

Full reset losing all configuration with either software release

If you’re using the gl-inet firmware, you need to ask them for help since it is very different than openwrt from the official project.

You can make a backup of your existing config, install openwrt (do not keep settings), and configure and try the using official version. If you don’t like it, you can flash back to gl-inet’s version and restore your original config (and then ask them for help).

@psherman thank you for detailed answer. If I will flash your official version, what will I loose?

Will I still have Tor, Wireguard/OpenVPN, custom plugins, working display, working switch, IMEI change?

You need to install the packages you need. Wireguard and OpenVPN, as well as tor are available. The others - it depends what they are and if they are gl-inet custom things.

1 Like