"Remote" administration through OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

"Remote" administration through OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
"Remote" administration through OpenVPN
"Remote" administration through OpenVPN
2022-09-03 14:25:30
Tags: #VPN #remote management
Model: Archer AX3000  
Hardware Version: V1
Firmware Version: 1.0.4 Build 20200426 rel.69563(5553)

I recently had my parents who live many states away purchase the AX3000 and walked them through getting it physically connected. I turned on remote management via a Zoom call, and then got everything configured. I set up OpenVPN so I could connect to their home network for other administrative tasks. Then I figured I would disable remote management so it's not exposed on the internet. Even though my URL shows an RFC1918 range is the management URL I'm going to, if I start to disable remote management I get a popup indicating that I'll be disconnected and won't be able to manage the router going forward. I suspect this is because the OpenVPN IP range assigned is not being treated as an internal network, but rather an external one for some oddball reason. Has anyone successfully managed this device over VPN without having remote management enabled?

  0      
  0      
#1
Options
3 Reply
Re:"Remote" administration through OpenVPN
2022-09-03 17:45:34 - last edited 2022-09-03 17:53:35

  @unregistered436 

 

I have done it before but have found VNC, Team Viewer, or RDP to be better options as it allows you a secure way to do most the tasks you may be referring to without some of the headaches that setting up a VPN properly can raise.

 

To answer your question, you should be able to login to the web gui of the router once connected via VPN.  Turning off remote management only disables the ability to login to the routers web gui from an external IP.  If connected via VPN, you would essentially be logging in from an internal network IP.  I used to do this, but found the previously mentioned easier and more flexible.  

 

Team Viewer would require more coordination with your parents but a VNC server can be hosted on one of their computers and it can be configured to start at boot.  This would minimize the required effort on their part.  TightVNC has always worked well for me.  RDP (Remote Desktop) also works well, but would require a Windows computer to have remote assistance options enabled which I do not think they are by default.  The downside to RDP is that is will take over the session so if you parents have any work on the screen, they ay lose it whenever you connect.

 

The biggest issue you will find with all these solutions is that if your parents do nat have a static IP from their ISP, you would have to setup up DyDNS on the router to to allow connecting without always knowing what the routers external IP is that the ISP issues.  Anytime the router or modem is rebooting, the router is subject to being issued a new IP.  DyDNS would allow you to connect to either OpenVPN, or one of the mentioned options using a URL.

 

 

Hope this helps.  

  0  
  0  
#2
Options
Re:"Remote" administration through OpenVPN
2022-09-03 18:34:13

  @pcuttle I don't trust VNC or RDP being exposed to the public internet as compared to OpenVPN. They've also got multiple computers, printers, cameras, etc. that are not necessarily on at all times, so hitting the router is way easier. I already have DynDNS set up to refresh once an hour, and it definitely does make things easier as well.

 

On "paper" I really *should* be able to log into the router after disabling the external management functionality as other routers I've used allow this. However in this case it's the router itself that is warning me that I'll be disconnected even though I'm hitting the LAN side over OpenVPN. I can certainly test turning it off with the parents on a Zoom so I can recover... but was hoping someone could tell me if they'd seen this popup message before and if it was true. As you can see in the screenshot, I'm hitting an internal LAN IP.

 

8925727e8b0c41daa9e8d0229edec208

 

  0  
  0  
#3
Options
Re:"Remote" administration through OpenVPN
2022-09-03 19:57:57

  @unregistered436 

 

It is possible the router treats the VPN connection as remote management as well.  I have not seen this case on my other routers either.  VNC servers are secure just make sure you set up authentication with a strong password and you are using a current version of whatever product.  RealVNC and TightVNC are well maintained options.

  0  
  0  
#4
Options