NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi RBS50 lag spikes
Hi community, I'm struggling since few days on my Orbi RBR50 + RBS50 setup. I'm having a lot of lag spikes with a very hig latency (more than 1000ms) on my satellite, but not on my router. H...
wim-bart wrote:
And when i wanted to look at the Orbi management pages, Edge, Firefox, Chrome, Safari don't work. had to hack register to get in. So have to make my browser unsafe to be able to work with my Orbi system.
It would help to know more about browsers that "don't work".
Modern browsers have become almost paranoid in warning users about potential security issues.
Nearly every residential WiFi router (from everyone) uses a non-encrypted (http) web connection to access the management web site on the WiFi router. By definition, a connection that is not encrypted is vulnerable. Anyone who can capture the communication between web browser and web server can record all sorts of sensitive data. So, the newest web browsers proclaim, in BIG BOLD type, "Not Secure. Go Back! Go Back!". When a device on the local network (LAN) opens a connection to the router web server, all of the data communication takes place over the LAN. Zero data packets go out of the router to the internet. Evil doers may have compromised every network device in the entire internet, but they cannot capture this traffic because it never leaves the LAN. Thus the common sense thing to do is say, "Thank you for the paranoia. Please open the web site like I asked." and go on with life.
But... wait! Suppose some "Mission Impossible" hacker has cracked my WiFi system. (Out of all the WiFi systems in the world, they want to spy on ME!) WiFi communication is encrypted, so even those http packets going between web browser and web server are encrypted. But.. aha! It is technically possible to break that WiFi encryption! Well, the Orbi WiFi router provides an encrypted version of the web interface (https). So now all that communication is doubly encrypted. But.... modern web browsers notice that the SSL certificate used to encrypt the communication is self-signed. It is not validated by an accepted certificate authority. "Unsafe! Go Back! Go Back!". Once again, I decided to open a web server on my own LAN. I am not trusting that some server claiming to be "Gold Lovers Paradise" is actually who they say they are. I am trusting that MY Orbi is really "my Orbi". I simply want the communication to be encrypted. So I tell the web browser, "Thank you for the paranoia. Please open the web site like I asked."
Once the web browser has accepted my instructions to "open this site", it quits complaining.
I use a PC that is wired to the Orbi router. It is physically impossible to intercept the web connection between my PC and the Orbi. Even if someone has snuck into my house and attached some gizmo to the network, this communication goes only between the PC and the router. It cannot be hacked.
Sorry for the rant, but this business of web browser paranoia is just ridiculous.
It ain't that simple. To solve the issue with the Orbi RBK50/RBS50 the following policy needs to be set in the registry.
Edge:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
Value: RSAKeyUsageForLocalAnchorsEnabled
data 0x0
Chrome:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
Value: RSAKeyUsageForLocalAnchorsEnabled
data 0x0
So the issue is that this forces browsers to ignore that the Orbi (and other systems) accept RSA key exchange with TLS 1.2.
As TLS 1.3 is not very wide spread, it will become the future and when I want to use my employers VPN (i need to make money) i have to remove the registry setting because our SSL VPN portal requires 1.3 with RSA KE disabled.... Nice....
So in my opinion, the Orbi does do something not very well with its admin pages and the certifdicates. But you can work around it. But never take shortcuts on security.