1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Remote web access to Tomato - Safe enough?

Discussion in 'Tomato Firmware' started by RixNox, Feb 20, 2013.

  1. RixNox

    RixNox Serious Server Member

    Is it safe enough to leave accessible the router from the web, or should this be discouraged?
     
  2. RMerlin

    RMerlin Network Guru Member

    Considering routers have no real protection against brute-force attacks and that most people use a very simple password and the default username, I would advise against it. If you really need to get frequent access remotely, setup a VPN server. The VPN server code is probably more hardened against attacks/exploits than the mini web server used by all router firmwares.
     
  3. RixNox

    RixNox Serious Server Member

    So I could setup the VPN server builtin Tomato and use that to authenticate and access the web interface?
     
  4. RMerlin

    RMerlin Network Guru Member

    Correct. Ideally OpenVPN, but even PPTP would be safer than leaving the web interface open.
     
  5. RixNox

    RixNox Serious Server Member

    Thanks :)
     
  6. koitsu

    koitsu Network Guru Member

    I'd suggest using SSH (to the router itself, authenticated solely with a key), then use an SSH tunnel entry to forward source port 8080 (i.e. 127.0.0.1:8080) to 192.168.1.1:80 (assuming 192.168.1.1 is your router's IP). You can then visit the web GUI of your router by SSH'ing into it, then opening up a web browser and visiting http://127.0.0.1:8080/ . All of this is secure/encrypted since all the I/O between the webserver and your browser goes across SSH transparently. No need for a VPN -- that's just making things messier than it needs to be.
     
    RixNox and gfunkdave like this.
  7. RixNox

    RixNox Serious Server Member

    Thanks a lot, I will try that [​IMG]
     

Share This Page