I have Lede in a network with th internet gateway that forward the internet port 80TCP to the LEDE router. It worked fine for 1 month, now i have access to Lede-Web interface from lan but not from internet..
Why?
Sharing your uhttpd and firewall configs may help.
How i can reply with long text? is there a function to quote or anithing else?
Please use "Preformatted text </>" for logs, scripts, configs and general console output.
The WebUI [LuCI] should never be directly accessible from WAN
- Since LuCI requires root as the user for login, it should never be accessed via plain HTTP [port 80], but HTTPS [port 443] via LAN or VPN.
- Accessing LuCI via HTTP sends the root password via plaintext, instead of HTTPS, which encrypts all information to/from the web server [uhttpd]
If you want access to LuCI from WAN, either tunnel access through SSH or configure a VPN server on the router.
2 Likes
I agree with @JW0914 -- allowing direct WAN access to the management interface is asking for trouble.
Even with HTTP-S, unless you've carefully configured that only TLSv1.2 or later, and only known-secure ciphers and key-exchange protocols are permitted, and have a signed certificate, you've still got potential for trouble. Port-forwarding with ssh, or reverse proxy with a trusted server and a signed certificate are better approaches.
Does uhttpd even support this?
I've never come across anyone who's ever used uhttpd as a WAN facing web server for anything, as unlike nginx (which can't be used with LuCI, as it lacks plain cgi support) and apache, I don't think uhttpd even has configurable options to secure it as a WAN facing web server
I wouldn't trust uhttpd in any public-facing application. If I were ever to consider exposing the management interface, I'd absolutely go through at least my nginx reverse proxy, if not more. ssh tunneling works well enough for me for the few times I want to access the OpenWRT/LEDE web server from "outside".
2 Likes
thank you very much for the information. i coonfigured a vpn for the
access from the web, i used openvpn and its work fine . Thanks!!
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn
I configured a vpn for remote access with openvpn