Is the Admin Panel in the browser actually safe from local spoofers and is AdGuard encryption possible?

Greetings!

I was wondering that how safe the web access panel is really from local spoofers.
By default the router uses HTTP, so traffic is not encrypted.
This means that a malicious actor could in theory analyze network traffic when using the same wireless network.

I make sure to either connect to the router directly via cable when managing it, or use the onboard VPN server option when connecting wirelessly.

I have the following questions:

  • Using the before mentioned: is it safe to assume that no actor could spoof the credentials when using the unencrypted (HTTP) interface? (So, I only access it directly via cable, or via VPN when connecting via a wireless network.
  • Why is it so that by default the web interface is unencrypted? Is there a rational design choice from the developers for this?
  • Of course I could do for instance 192.168.8.1:443 to use an encrypted connection, but in that case the AdGuard Home web interface is not accessible, encryption is impossible for it when using the onboard solution(, or I am just not aware how to do it). This makes it rather inconvenient. Is it possible to set up the onboard solution to use encryption?

Thanks for your answers!

For Router Admin Panel:
You can access it using https in 4.x firmware.

  • Just enter the address starting with https into the address bar of your browser, e.g. https://192.168.8.1
  • Our App use the https API by default.
  • The router has a self-signed certificate built in. If you need to replace it, please replace /etc/nginx/nginx.cer and /etc/nginx/nginx.key

For ADGuard Home Web:
The ADGuard Home web is independent, it is not maintained by us.
You need enable https access: AdGuard Home: Encryption Settings

2 Likes

Hi!

Thank you for the answer.

As you and I have mentioned, I can specify the protocol in the browser window.

However as you can see, when trying to enable encryption, it is not possible to do so.

Thank you for the tip regarding the cert!

1 Like

The prompt shows that port 443 is already occupied. Router Admin Panel already uses 443 as the port for https access. So, you need to change to a different port, for example 3001.

2 Likes

Is it possible to do so from the GUI? The problem is that the field is only editable if the field is checked in, but when checking it in and updating the port number, it can not be saved due the error I have sent you screenshot above.

The settings are not applied when Enable Encryption is checked. You can change the port number once it has been checked.
At the bottom of the page there is a “Save configuration” button that you need to click on to apply it. It is disabled by default. You will need to enter the certificate file before you can click on it.

I think, it is important to highlight the differences between these two paths. I overlooked the difference:


/etc/nginx/nginx.cer


/etc/nginx/nginx.key

Does anyone know, how to configure AdGuardHome, so I can see the IP addresses in this overview, and not just these two?
image

There are some discussion

The 4.2 snapshot firmware has options to configure this.
image

2 Likes

I updated to the latest firmware snapshot:


As you can see, only the requests from the DHCP router, which is also the cable modem, are listed. Anything else I have to configure/change?

Did you turn on the switch in my screenshot?

Yes, I did:
image

Your client is not connected directly to the GL router? If there is a NAT between the two, the router cannot know which device initiated the request.

The GL router is via the WAN interface connected to the DHCP router. I use just one specific GL router as AdguardHome router.

Maybe Drop-in Gateway can solve this problem If you must use another router to provide DHCP.

If you can change the topology, you can try it.
The LAN port of the your FritzBox connect to the WAN port of the GL.iNet router via an ethernet cable. Log in to the your FritzBox’s admin panel to set the DHCP gateway to GL.iNet router’s IP.

Hi, I just saw that all clients are listed on that page in the AdGuardHome page


If it is possible to display the clients here, it shouldn’t be a big problem on the front page, or?

What does front page mean? AdGuard Home’s Home Page or AdGuard Home page in GL UI?

I meant in the AdGuardHome client. I believe, here lays the error. But this has nothing to do with Gli-Net, but rather AdGuardHome.

Are you referring to the “Persistent Clients” above? This list needs to be added manually by the user via IP or MAC.