× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Re: The connection to this site is not private

Lashn
Aspirant

The connection to this site is not private

Me and my brother recently got an XR500 gaming router and when i go to log into the DumaOS site it says the following on the log in screen (your connection to this site is not private) instantly my heart sinks and my brain explodes trying to find out why this is the case? When i do successfully log in it also comes up with the (Not secure) thingy next to the information icon telling me not to enter any valuable information! The site is the routerlogin one and i thought Duma would have had this secured? Also checked my logs and It came up with this [DoS Attack: SYN/ACK Scan] from source: 104.237.191.1, port 443, Monday, September 24, 2018 00:19:02
[DoS Attack: SYN/ACK Scan] from source: 104.237.191.1, port 443, Monday, September 24, 2018 00:18:46

 

I am not a computer tech wizard so this really scares me! ANY information i can gather will be gladly appreciated thanks! ❤️

 

Gaming Router XR500 which is connected via FRITZBOX modem on the latest firmware! 

HOW DO I MAKE THAT WEBSITE SECURE AND PRIVATE 

Message 1 of 18
Netduma_Jack
NetDuma Partner

Re: The connection to this site is not private

Hi Lashn - what url are you putting in exactly? You should put in http://routerlogin.net

If you put an ‘s’ In front of http (so it reads https) then the browser thinks it’s getting an https connection which the admin panel doesn’t have (it doesn’t really need it because it’s on your local network)

Also you can ignore all those Dos attack warnings. It’s just internet noise. If you Google it you’ll see many threads on these forums explaining that it’s nothibg to be concerned about.
Message 2 of 18
Lashn
Aspirant

Re: The connection to this site is not private

My url is currently www.routerlogin.net with no https anywhere and when i enter http at the beginning of the url it says for me to relog with my admin and password i enter it and it just keeps popping back up with login details 

Message 3 of 18
Netduma-Fraser
NetDuma Partner

Re: The connection to this site is not private

Double check you're putting in the correct details. If you are then click cancel and should prompt you to recover user/password by inputting your recovery question answers.
Message 4 of 18
Lashn
Aspirant

Re: The connection to this site is not private

I most certainly am putting in the right details for the https site bit yet it still says im getting it wrong! 

Is the username and password the same on www.routerlogin as to https://routerlogin? If not i have absolotely no idea on what to do i even done my security questions and it says i have them wrong when i 1000% know these questions of by heart

Message 5 of 18
Lashn
Aspirant

Re: The connection to this site is not private

I can use the www. webstie but just not the https thats so odd

Message 6 of 18
Lashn
Aspirant

Re: The connection to this site is not private

Now i cant seem to log in to DumaOS it comes up with missing JSON response

Message 7 of 18
Lashn
Aspirant

Re: The connection to this site is not private

I cant seem to log in to my routerlogin now and the router is spiking very high aswell as disconnecting please i need help 

Message 8 of 18
schumaku
Guru

Re: The connection to this site is not private

@Lashn wrote:

I can use the www. webstie but just not the https thats so odd

No, the Netgear designed "capturing" of routerlogin.com and routerlogin.net (and alternate domains for other product types like Wireless Extenders or Orbi) can't work the same way if https is used on the same (W)LAN. That's why they stick to http on all these devices (regardless of DumaOS or Netgear's OS/DK) and the users get the subject warning on modern browsers.


@Lashn wrote:

I cant seem to log in to my routerlogin now and the router is spiking very high aswell as disconnecting please i need help 


Spiking noise? Hardware issue on the voltage regulation. Time to file for an RMA.

Message 9 of 18
Lashn
Aspirant

Re: The connection to this site is not private

I have no idea what you just said! 

Is there any possible way i can make it http?

Message 10 of 18
Netduma-Fraser
NetDuma Partner

Re: The connection to this site is not private

Login would be the same for http and https. I would strongly recommend just using http. Inputting routerlogin.net in your browser should default to http anyway.

I would recommend doing a factory reset on the router and set up from scratch, setting a new admin/password.
Message 11 of 18
schumaku
Guru

Re: The connection to this site is not private


@Netduma-Fraser wrote:
Login would be the same for http and https.

However https is only available with remote management enabled, and only on the Internet/WAN port/address.

 

@Netduma-Fraser wrote:
I would strongly recommend just using http. Inputting routerlogin.net in your browser should default to http anyway.

Leaving the routerlogin.net handling away - there is no other choice as there is no https daemon listening on the (W)LAN side anyway, isn't it?

 

Message 12 of 18
Netduma-Fraser
NetDuma Partner

Re: The connection to this site is not private

You can access the interface via https://routerlogin.net from the LAN side schumaku. Though I wouldn't recommend it.
Message 13 of 18
schumaku
Guru

Re: The connection to this site is not private


@Netduma-Fraser wrote:
You can access the interface via https://routerlogin.net from the LAN side schumaku. Though I wouldn't recommend it.

Can you please elaborate a little bit more? Is this some hit-and-miss on DumaOS like on the "other" router platform? In fact it's brilliant and it would not cause people complaining about the "Not secure" or "The connection to this site is not private" warnings from the browsers.

Needless to say, form the security audit prospective an almost public shared private key - as it's in place on all Netgear routers, or at least on these of a similar firmware release generation - does not add much privacy. But it would make the browsers and most customers happy.

Message 14 of 18
Netduma-Fraser
NetDuma Partner

Re: The connection to this site is not private

I believe Netgear are looking at a security certificate to ensure accessing via HTTPS is secure, I don't have a date or any more information on this but I know it's something they want to do. I imagine more for when the interface is accessed remotely rather than locally but would apply for both.
Message 15 of 18
schumaku
Guru

Re: The connection to this site is not private


@Netduma-Fraser wrote:
I believe Netgear are looking at a security certificate to ensure accessing via HTTPS is secure, I don't have a date or any more information on this but I know it's something they want to do. I imagine more for when the interface is accessed remotely rather than locally but would apply for both.

For remote by https _and_ a green "good enough" indication in the browser would require an unique URL by router/device _and_ a dedicated certificate signed for each device. 

Message 16 of 18
richc9990
Aspirant

Rif.: The connection to this site is not private on a new orbi 53

hi just installed a new orbi  mesh router plus 2 satelites.   all working fine.  but using chrome browser on windows10 i'm getting the connection is not private message on most (but not all) sites.  including 192.168.1.254 from a laptop.  no problems on a mobile device.

 

i've checked the date and the privacy settings.

 

any thoughts and help please?

Message 17 of 18
schumaku
Guru

Rif.: The connection to this site is not private on a new orbi 53

Not sure right now if Orbi does support https - try https://orbilogin.net/ while connected to your Orbi (W)LAN - and you know. I know that this URL is included in the Netgear installed certificates. Well, you might be happy then because the browser does no longer complain about an insecure connection. I'm not really - as all these certificates are using the same private keys, distributed with each Netgear device.  

Any site with just a plain IP address or even a https site with a self-signed or expired or the like certificate will be marked as insecure - complete unrelated to the new Orbi system.

 

And no, the Orbi won't interfere with other Web sites, neither on your (W)LAN, no on your Internet connection - if your browser says it's not secure, the same problems as lined out above apply. But that's not an Orbi problem.

Message 18 of 18
Discussion stats
  • 17 replies
  • 9945 views
  • 0 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7