thats the point . this is the only thing dude i wanted you and all members to know

suppose you opened 192.168.1.1 and luci username and password page come . This is where you need to be aware , how will you confirm that its your luci and not other router ( a honeypot ) or not MITM

and yes its not openwrt specific , but we can save our community users from this

• Physically plug into the router while all its other interfaces are disconnected/disabled (this is how you setup a router in most cases, especially commercial ones)
• If another device was spoofing 192.168.1.1, you would fail to get Internet
• Verify ARP MAC matches serial of router you purchased
• This is a chicken-and-the-egg theory
  • the devices needs Internet to install the LuCI SSL package
  • you have not even mentioned that yet
  • most importantly the router has to be configured first

(Also, what does this have to do with a certificate? Certs are issued to domain names...)

LOL...

• Save them from configuring their own routers!?!?
• Save them from breaking-and-entering their neighbor's house to plug into their router "accidentally"!?!?

wrong again

Unless they spoofed Internet too. It doesn't matter when no other device is connected. Now please stop playing and make a point.

you bought router
correct that you dont put wifi on and plugged LAN cable configured and unplugged from lan
now you enable wifi all ok ?

now ?

from here learn yourself how can you get exploit ? ok

Not OK...I didn't magically understand anything...I'm expecting you to explain something here...

Also, if you're implying that a 192.168.1.1 can be spoofed via Wireless LAN...LOL

The only thing I understand - is that you're implying WiFi, in all its forms, is insecure.

Am I correct?

If someone is this security paranoid, as I suggested:

Using a management VLAN only addresses all your concerns:

• No WiFi
• Physically at device
• Configured to be only port/network LuCI/SSH is reachable from

Last option is console access, only.

dude i understand one thing only , you are really not in favour of any advancement , its fine your choice keep LAN wire with you configure safely

al da best

I wish you well too; but for someone as security paranoid as you, don't get me wrong:

I'd turn off uHTTPd and dropbear and run console only.

I can't imagine a network security person like yourself not taking that as sound advice.

(The LAN wire chide was funny, but again, used to take me out of context.)

thats because i manage around 3200 openwrt access points all across the world and client gets angry if i dont do my research and always ask them to insert cable

more over i cannot compromise with their security too

THEN WHAT DO YOU SUGGEST!!!

you notice that you NEVER FOLLOW THROUGH??

so i tried to share what i got to know from my R n D , but you have alternatives for all .. LOL

Please stop confusing the community. In all these threads, you ask a question, then you always fail to follow through.

I said I wouldn't enable wireless, then you make a joke about me carrying a LAN cable.

Grow up sir, and just explain yourself like an adult.

i have joined the community and will always be fair with them , i will give whatever required let the need come
right now every one is happy with alternatives
let all realise the need , i am happy that yesterday this didnt happen

I got my first solution accepted and the user itself denied alternative even before i reacted well about the alternative

If this is your opinion, I would advice you to stop posting and responding to people.

A lot of people are beginning to get agitated that you are harboring some secret way to secure routers and configure multiple multiple vendor equipment with OpenWrt; and you always fail to follow through and share.

You obviously claim you have an alternative (you even claim to have invested in Research and Development now). So it seems quite silly to keep reminding people when they ask you to explain.

You wrote a script for someone.

No clue how "alternative" applies in that context, and I don't want to know. The community can read for themselves. Congrats on your first solution.

I also tried to help out others , its not only me who is not following lol
https://wordpress.com/post/ureachedme.wordpress.com/24

Yes, there are also 2 other known Central Management solutions available on OpenWrt.

In fact, someone informed you of them:

The other is Cucumber Tony: http://www.ct-networks.io/

Other notes:

• It appears you have displayed a private message between you and @nemesis. I think that was poor taste.
• It seems you solicited @nemesis
• It also seems you created that paged around or near the time you contacted @nemesis !!!

https://ureachedme.wordpress.com/2018/11/28/openwrt-central-management/

I've been waiting for you to tell us...perhaps in its own post announcing it to the community!

I'm also concerned about the JavaScript you have running...but that's another story...

dude CT just managed the hotspot portion i used it two years back

and tries openwisp and openwisp2 also i have shared what i experience from them and scope of improvements that i will give to my controller

I don't care. Please follow through regarding your solution. Thanks.

you detective its very much obvious that i wrote that post for @nemisis only , because he accepted what openwisp currently misses and perfectly answered my public posts