DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2820n - secured (https) connection for local web admin?

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
23 May 2018 15:38 #91740 by dottedquad
Hi,

I have a 2820n with firmware version 3.3.8_2471201.

I want to force local web admin to use a secured (TLS1.2) https connection, but can't figure-out how.

Anyone know if that can be done? If so, how?

Please Log in or Create an account to join the conversation.

More
24 May 2018 10:59 #91756 by anaglypta
TLS 1.2 support was added to the 2820 with firmware 3.3.7.7 (January 2016). I don't think it's possible to select which TLS version this router uses like you can on the 2860 for instance, but to enable TLS support go to System Maintenance > Management and make sure that Enable SSL 3.0 is unchecked.

John.

Please Log in or Create an account to join the conversation.

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 May 2018 13:45 #91759 by dottedquad
Thanks.

Following your suggestion, I have now enabled SSL3.0 in 'System Maintenance > Management'. The 2820n then rebooted after a warning that enabling SSL3.0 might cause security problems (!). After re-booting, web login is still unsecured.

What do I now configure to get the local web login page to default to https:?

My 2820 user guide (v 3.2) shows a section entitled 'HTTPS Encryption Setup' under 'System Maintenance'. But I don't see that on my 2820n. Is it only available for some 2820 variants, but not all?

Please Log in or Create an account to join the conversation.

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 May 2018 14:02 #91760 by dottedquad
John: having re-read your post I see you said uncheck enable SSL 3.0. So I have reverted, and am back where i started!

Martin

Please Log in or Create an account to join the conversation.

More
24 May 2018 14:22 #91761 by anaglypta
OK no problem. First the Enable SSL 3.0 should be unchecked (disabled). The 2820 is now a venerable old router, and does not have all the features available for the newer routers, so you will have to work around some of the short comings.

In System Maintenance > Management, there is a section called Management Port Set Up. Make sure this is set to User Define Ports, and alter the port for HTTP to something like 1212. This will stop web browsers from finding the Router Login page using the unencrypted HTTP protocol (Unless someone knows the port you have set it to). On later routers there is a tick box to enforce HTTPS Access, so this work round is unnecessary.

In order to access the router you should now type HTTPS://192.168.1.1 into your web browsers address bar (or whatever the IP address is of your router) and press enter.

The first time you try to access the router your web browser will throw an error saying the site is not secure. This is because the router is using a self signed certificate which your browser does not trust. You then need to tell the browser to create an exception for this site, and it should then display the Router login screen. I would create a bookmark/favourite in your browser at this point to make it easier to access the router in the future.

Depending on which browser you are using, the address bar may show Insecure, HTTPS with strike through (Chrome), or a padlock with a yellow exclamation mark (Firefox). The connection, however, IS encrypted and secure. The warnings are there because the certificate wasn't signed by a trusted root authority.

John.

Please Log in or Create an account to join the conversation.

  • dottedquad
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
24 May 2018 14:38 #91763 by dottedquad
That worked. Many thanks.

Martin

Please Log in or Create an account to join the conversation.

Moderators: Chris