Discussion in 'Tomato Firmware' started by RixNox, Feb 20, 2013.
Is it safe enough to leave accessible the router from the web, or should this be discouraged?
Considering routers have no real protection against brute-force attacks and that most people use a very simple password and the default username, I would advise against it. If you really need to get frequent access remotely, setup a VPN server. The VPN server code is probably more hardened against attacks/exploits than the mini web server used by all router firmwares.
So I could setup the VPN server builtin Tomato and use that to authenticate and access the web interface?
Correct. Ideally OpenVPN, but even PPTP would be safer than leaving the web interface open.
I'd suggest using SSH (to the router itself, authenticated solely with a key), then use an SSH tunnel entry to forward source port 8080 (i.e. 127.0.0.1:8080) to 192.168.1.1:80 (assuming 192.168.1.1 is your router's IP). You can then visit the web GUI of your router by SSH'ing into it, then opening up a web browser and visiting http://127.0.0.1:8080/ . All of this is secure/encrypted since all the I/O between the webserver and your browser goes across SSH transparently. No need for a VPN -- that's just making things messier than it needs to be.
Thanks a lot, I will try that