Reply

VPN and https 7000P

smunro622
Tutor

VPN and https 7000P

bought a nighthawk 7000P and trying to figure out 2 things,

Q1: how to i enable https for login in i do not want to use http

Q2: i have vpn setup and checked the box for "All sites on the Internet & Home Network " but i am unable to access the internet thru my router.

Why do i care... trying armour stacked with open dns.... i guess do i need a route from vpn to wan?

Model: R7000P|Nighthawk AC2300 Smart WiFi Router with MU-MIMO
Message 1 of 9
DarrenM
Sr. NETGEAR Moderator

Re: VPN and https 7000P

you shouldn't need HTTPS as the connection is local and isnt going out to the net.

 

DarrenM

Message 2 of 9
bluesxman
Aspirant

Re: VPN and https 7000P

That assumes nothing malicious can find its way onto your local network which is a bad assumption.  HTTPS is clearly a common, well-known feature that adds security.  Asus figured it out, why can't Netgear?

Message 3 of 9
smunro622
Tutor

Re: VPN and https 7000P

Nope I agree I returned the router huge fail...I would not suggest Netgear to anyone.
Message 4 of 9

Re: VPN and https 7000P

And I agree with Darren. 

 

A rouge application is more likely to attack another client on your network over your router.

 

Enforcing strict https authentication is not a bad thing, but can introduce challenges for less experienced users who might inadvertently lock themselves out of their routers.  Browsers are not foolproof and TLS/SSL/Certificate implementation doesn't work 100% of the time.  I am all for layered security, but consider your audience.

 

Https is supported (by Netgear) for remote administration IPv4 and IPv6.  If you absolutely must have this feature and feel so vulnerable without it, then (for now) you should consider brand X.

 

      

~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.68 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.84

Message 5 of 9
schumaku
Guru

Re: VPN and https 7000P

Agree with everybody looking for https by default of course.

The crux is that the vendors should must deploy valid signed certificates - what can only done half way, covering the predefined domains used for local ... logically there must be ways to create CSRs to lst CAs sign certificates, and much more. Otherwise users will ask why they get more certificate warnings, why the browser does claim the site is very insecure with a non-matching FQDN, ...

 

Taking the many open issues into account - let's start with the mandatory update of dnsmasq, the lack of an ability to configure firewall rules for Internet->Router or Internet-(port-forwarding)->LAN, the more than outdated "Genie" Web UI, the massive issues with Attached Devices and the related management of several Nighthawk routers proof that there is a massive product management problem here.

Message 6 of 9

Re: VPN and https 7000P

@schumaku

 

Thanks Kurt!  Hope all is well. 

~Comcast 1 Gbps/50 Mbps SB8200 > R8000P
~R8000P FW:1.4.1.68 ~R7000 FW:1.0.9.42
~R6400 FW:1.0.1.52 ~Orbi-AC3000 FW:2.5.1.8
~EX3700 FW:1.0.0.84

Message 7 of 9
bluesxman
Aspirant

Re: VPN and https 7000P

It depends what you mean by more likely, and what platforms are on the network.  Regardless, the router is a higher value target.

 

As for audience, I doubt they'd be going to the advanced tab to enable HTTPS in the first place.  Furthermore, you don't have to turn off HTTP when you do that, you can still have both running as an option.  Finally, this didn't stop Netgear from providing all sorts of config that less experienced users could use to break their own network, so if that's a legit reason to punt on HTTPS then they're hurting that same audience in all sorts of other ways.

 

In the end, casual users won't go looking for HTTPS login (or much else), and there's always factory reset if they get in trouble so don't compromise on basic security.

Message 8 of 9
smunro622
Tutor

Re: VPN and https 7000P

I bought the router to use bitdefender/netgear armour with it, I was going to layer on Open DNS for URL filtering. When I compare this to Asus or Linksys routers this is sub par in my experience. Comparing feature to feature and ease of use Netgear ranks below other items I was looking at.
Message 9 of 9
Top Contributors
Discussion stats
  • 8 replies
  • 1270 views
  • 2 kudos
  • 5 in conversation
Announcements

Orbi WiFi 6E