I have historically made the following change to OpenWRT installations:
# change "list listen_https '0.0.0.0:443'" to "list listen_https '192.168.1.3:443'"
This no longer works on 18.06.2. When I make this change in 18.06.2 LuCI can no longer connect via SSL even when the IP address matches perfectly.
Is this intended? Is the ability to change from 0.0.0.0:443 no longer a functioning config users can make?
I like to restrict access to only HTTPS. So I also routinely set:
uci delete uhttpd.main.listen_http; uci commit
So with 18.06.2, if I change 0.0.0.0:443 to the router's specific IP address, I lose access to LuCI. I was hoping for some clarification on why this config I have historically used is no longer working.
I think I've found how to "fix this".
It appears to be something to do with IPv4 and IPv6. The problem goes away as long as one comments out the IPv6 address if setting listen_https:
list listen_https '192.168.1.3:443'
#list listen_https '[::]:443'
The problem only appears if the IPv6 address is not commented out. My old config were not commenting out IPv6 line which is why my boxes developed this problem.
Did you try to set
listen_https for both IPv4 and IPv6 LAN-interface addresses?
I did not. It's unclear to me how to translate 192.168.1.3 into an IPv6 version address. I've only ever dealt with IPv4 on LANs. I'd be interested in learning more about this though if anyone can provide links or cares to comment on the matter.
Are you saying there are advantages to using IPv6 in the LAN? You advise setting IPv6 addressing instead of IPv4?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.