Is this a bug in 18.06.2: list listen_https '0.0.0.0:443

#1

I have historically made the following change to OpenWRT installations:

vi /etc/config/uhttpd
# change "list listen_https '0.0.0.0:443'" to "list listen_https '192.168.1.3:443'"

This no longer works on 18.06.2. When I make this change in 18.06.2 LuCI can no longer connect via SSL even when the IP address matches perfectly.

Is this intended? Is the ability to change from 0.0.0.0:443 no longer a functioning config users can make?

I like to restrict access to only HTTPS. So I also routinely set:

uci delete uhttpd.main.listen_http; uci commit

So with 18.06.2, if I change 0.0.0.0:443 to the router's specific IP address, I lose access to LuCI. I was hoping for some clarification on why this config I have historically used is no longer working.

0 Likes

After restoring backup = no LuCI SSL connection
#2

I think I've found how to "fix this".

It appears to be something to do with IPv4 and IPv6. The problem goes away as long as one comments out the IPv6 address if setting listen_https:

list listen_https '192.168.1.3:443'
#list listen_https '[::]:443'

The problem only appears if the IPv6 address is not commented out. My old config were not commenting out IPv6 line which is why my boxes developed this problem.

1 Like

#3

Did you try to set listen_https for both IPv4 and IPv6 LAN-interface addresses?

0 Likes

#4

I did not. It's unclear to me how to translate 192.168.1.3 into an IPv6 version address. I've only ever dealt with IPv4 on LANs. I'd be interested in learning more about this though if anyone can provide links or cares to comment on the matter.

0 Likes

#5

https://openwrt.org/docs/guide-developer/networking/network.interfaces#current_utilities_for_networking_and_traffic_control
More precisely, you need that one:

ip -6 addr show dev br-lan scope global

Or you can obtain it from OpenWrt-specific utilites, such as:

ifstatus lan

0 Likes

#6

Are you saying there are advantages to using IPv6 in the LAN? You advise setting IPv6 addressing instead of IPv4?

0 Likes

closed #7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

0 Likes