DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

SSL VPN - Login page accessable via the internet

  • pannarrans
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
01 Feb 2018 09:06 #90612 by pannarrans
SSL VPN - Login page accessable via the internet was created by pannarrans
Hi,

it's a two part question. I've enabled SSL VPN - I understand that port 443 should be permanently open for this as answered in another post somewhere.
However when I connect to the router address from the Internet via a browser I see the router login page even though I've disabled management from the Internet.
If I try and log in with a VPN user, i get password not known, if I try and log in with admin, I don't get a password error, but it does not progress from the login page.

I'd really like to get rid of the login page from the internet as to me it is an additional attack vector that is unacceptable, but also understand why it is there, and whether there's anything I can do to alter it / make use of it if I can't get rid.

Any ideas?

Please Log in or Create an account to join the conversation.

More
03 Feb 2018 10:01 #90631 by admin
Replied by admin on topic Re: SSL VPN - Login page accessable via the internet
If you want to use SSL, you have to allow login from the internet.
(not admin/WUI) but it's the same login screen.

Forum Administrator

Please Log in or Create an account to join the conversation.

  • pannarrans
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
09 Feb 2018 03:33 #90669 by pannarrans
Replied by pannarrans on topic Re: SSL VPN - Login page accessable via the internet

admin wrote: If you want to use SSL, you have to allow login from the internet.
(not admin/WUI) but it's the same login screen.



Why though? The login page as I’ve stated doesn’t work for any account?

Please Log in or Create an account to join the conversation.

More
09 Feb 2018 07:36 #90670 by admin
Replied by admin on topic Re: SSL VPN - Login page accessable via the internet
Sorry, not sure then...

Forum Administrator

Please Log in or Create an account to join the conversation.

More
09 Feb 2018 10:47 #90673 by johnpa7
Replied by johnpa7 on topic Re: SSL VPN - Login page accessable via the internet
Hope I am not stating the obvious, the port setup in SSLVpn>General Setup(The port VPN client connects to) should be different from
System Maintenance>Management>Https (the port web browser connects to)

They cannot be both the same.

Please Log in or Create an account to join the conversation.

More
09 Feb 2018 17:08 #90681 by admin3
Replied by admin3 on topic Re: SSL VPN - Login page accessable via the internet

johnpa7 wrote: Hope I am not stating the obvious, the port setup in SSLVpn>General Setup(The port VPN client connects to) should be different from
System Maintenance>Management>Https (the port web browser connects to)

They cannot be both the same.



They can be the same, that's typically how I would expect to use it, with both operating on TCP 443. Having them on different ports isn't a bad thing though.


PanNarrans wrote: Why though? The login page as I’ve stated doesn’t work for any account?



The web interface part of the SSL VPN server provides a web portal - this used to be to access the Java SSL tunnel, which is now deprecated because Java in web browsers is now essentially unavailable now / insecure.
It's possible that the web interface for the SSL VPN might be taken out, since it serves less of a purpose now, perhaps make a support request to ask for an option to disable the SSL VPN login webpage, while still having the SSL VPN server functional?

Forum Administrator

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami