Trying to share OpenWebif using https, interface refuses credentials

antoniu200 · 20. Oktober 2023, 22:27

Hi,

I am using VTi 15.0.2 on my VU+ Uno 4K SE and I have opened HTTP, HTTPS and streaming port on the router, so I can access the box while I am away.
Currently using OpenWebif 1.5.2-git202030421-r4 and have set up a password for root and created an admin account as described here through telnet.

However, regardless of the browser I am using to access the link, even though I am entering the right passwords (literally copy & pasting), the interface keeps asking again and again for credentials, not allowing any kind of access.

HTTP Authentication is disabled
HTTPS is enabled
HTTPS Authentication is enabled

Any suggestions? Help?

Thank you!

GaborDenes · 20. Oktober 2023, 23:17

antoniu200 schrieb:

HTTP, HTTPS and streaming port on the router, so

very bad idea, please close it asap.
the underlying OS is in no way "secure" not even updated for years.
Only VPN should be used to access the boxes from internet!

Authentification is enabled by default when accessing WebIF from external addresses.

antoniu200 · 20. Oktober 2023, 23:37

Okay, let's say I close the ports on my router: then I won't be able to access the box at all, even if I was using a VPN, since the ports are closed.
I am using a randomly generated subdomain on a .go.ro address.

I am well aware, hence my attempt to secure it the least bit, with randomly generated subdomain provided by the ISP; and password, if by any chance the subdomain is guessed.

I don't have anything against this, quite the opposite.
I was saying authentication does not work properly: I am entering correct credentials, but OpenWebif keeps prompting again and again for them, as if I was entering them wrong, while the same credentials work fine on Telnet, FTP, anywhere else really.

RickX · 21. Oktober 2023, 08:06

Nobody needs to guess your sub domain to find your box.
There are millions of port scanners running, which simply check all IP addresses systematically.

Because of this the recommended way is to use a VPN to access the box from the outside world.
Once you are connected to your home VPN you have full access to your box.
You don‘t need to open the ports. They are tunneled through the VPN.

GaborDenes · 21. Oktober 2023, 10:34

antoniu200 schrieb:

then I won't be able to access the box at all, even if I was using a VPN, since the ports are closed.

You need a VPN to dial-in into your network (VPNserver inside your LAN, usually installed/activated on the router)
not a VPN dialing out.
When you connect to your own VPNserver, you dont need to open the ports on your router, you are inside your LAN

antoniu200 schrieb:

I am well aware, hence my attempt to secure it the least bit, with randomly generated subdomain provided by the ISP; and password, if by any chance the subdomain is guessed.

Obviously you are not aware or underestimate the risks...
Opening ports is a big risk, now matter how you try to secure it. Like @RickX already said, there are millions of port scanners who dont care about your tries to "hide" your open ports.
Btw. my concern is NOT your data, but the high possibility that your box and your LAN will be used to extend a botnet which will be used for DDoS attacks or do more port scans etc.