Disabling HTTPS from Telnet

Discussion in 'Tomato Firmware' started by maple.chick, Mar 15, 2012.

  1. maple.chick

    maple.chick Networkin' Nut Member

    While fiddling around with Tomato, I enabled "HTTPS only" option in Administration for Web Access and now I can't access the router webui at all. I can still connect to the router on Telnet. If I try to connect the router on HTTPS, I get an error saying, "The connection was interrupted" and a "Unable to connect" if I try to connect on HTTP.

    I know I can just reset the router and that will fix the problem but I have a lot of stuff & scripts setup on the router that I don't have any backup for. Is there anyway I can avoid a complete reset? Perhaps a commit to NVRAM via Telnet?
  2. Planiwa

    Planiwa Network Guru Member

    What an interesting problem. You can certainly copy your scripts, log files, etc. off the router with telnet access from a Unix system.

    Are you running in debug nocommit mode? (That's what I do). If so, you certainly have the option of "nvram commit".

    If you remember what you changed in the GUI, you can probably reverse that change by fixing the NVRAM settings. But this may be harder without access to the (a) GUI.

    Hopefully you can set all the right settings in the NVRAM, and then restart the right services, which should give you access again, without rebooting.

    Let me see if I can reproduce (and then fix) the problem. . . .
  3. Planiwa

    Planiwa Network Guru Member

    I have HTTPS enabled, as well as ssh, but not telnet. Here are the NVRAM settings that have http in their name:


    Is the problem that you have https enabled with no password (or an unknown one)?
    Perhaps you might do:

    nvram find http

    to get the above list for your router.

    Hopefully all you need to do is:
    nvram set "http_enable=1"
    nvram set "https_enable=0"
    nvram commit (I don't think this is nnecessary!)
    service admin restart

    It's worth a try and even it it doesn't do the trick, you should still have telnet access.
    But if you want to be extra cautious and copy the files off first, I can show you how to do that.
    Incidentflux likes this.
  4. maple.chick

    maple.chick Networkin' Nut Member

    Huston, we are back in business!

    Thank you so much, Planiwa.

    I wonder why HTTPS isn't working though. Do I need to add a certificate somewhere?
  5. fubdap

    fubdap LI Guru Member

    This will be a good time to backup all your scripts.
  6. Incidentflux

    Incidentflux LI Guru Member

    This reply saved me.

    Is there a fix to to get 'https' login, no issues with https only on my other two Tomato based routers (see signature).

    Do I have to install a "self signed" cert to fix the certificate error?


    Affected device and build
    Linksys WRT160N
    Tomato v1.28.0000 MIPSR2-138 K26 MiniIPv6 (Shibby)
    Last edited: Jan 7, 2017
  7. mstombs

    mstombs Network Guru Member

    If it browser complaining about https security, you can usually override to accept in the insecurity or install the certificate. First try different browsers, newer versions tend to get fussier...
  8. koitsu

    koitsu Network Guru Member

    Tomato should generate a self-signed certificate for you. Administration -> Admin Access, Local Access -> either HTTP & HTTPS or HTTPS, should result in some additional options showing up under the SSL Certificate section.

    The Regenerate checkbox will regenerate the certificate.
    The Save In NVRAM checkbox will save the SSL certificate in a base64 format (I think?) to NVRAM so that it's persistent across reboots.
    The Common Name (CN) field can be used if you refer to your router by FQDN and not IP (ex. for http://myrouter.home.lan/ the CN would be myrouter.home.lan; this is different from http://myrouter/). SAN (subjectAltName) support is not implemented.

    Self-signed certificates are not "known" by browsers (nor, obviously, are they signed by CAs), so be aware you'll get a pop-up or certificate warning when connecting to the router using this feature; some browsers will let you add an exception/acceptance for the self-signed cert. This 100% normal and universal (not specific to Tomato).
    visceralpsyche and Incidentflux like this.
  9. Incidentflux

    Incidentflux LI Guru Member

    I meant I get 'connection refused' by any browser, with Linksys WRT160N, when https was enabled, had to use telnet to re-enable http clear. Seems to be a firmware specific bug with this build. Unless someone can confirm https connects fine when using 'Tomato v1.28.0000 MIPSR2-138 K26 MiniIPv6 (Shibby)'.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice