I was wondering that how safe the web access panel is really from local spoofers.
By default the router uses HTTP, so traffic is not encrypted.
This means that a malicious actor could in theory analyze network traffic when using the same wireless network.
I make sure to either connect to the router directly via cable when managing it, or use the onboard VPN server option when connecting wirelessly.
I have the following questions:
Using the before mentioned: is it safe to assume that no actor could spoof the credentials when using the unencrypted (HTTP) interface? (So, I only access it directly via cable, or via VPN when connecting via a wireless network.
Why is it so that by default the web interface is unencrypted? Is there a rational design choice from the developers for this?
Of course I could do for instance 192.168.8.1:443 to use an encrypted connection, but in that case the AdGuard Home web interface is not accessible, encryption is impossible for it when using the onboard solution(, or I am just not aware how to do it). This makes it rather inconvenient. Is it possible to set up the onboard solution to use encryption?
Is it possible to do so from the GUI? The problem is that the field is only editable if the field is checked in, but when checking it in and updating the port number, it can not be saved due the error I have sent you screenshot above.
The settings are not applied when Enable Encryption is checked. You can change the port number once it has been checked.
At the bottom of the page there is a “Save configuration” button that you need to click on to apply it. It is disabled by default. You will need to enter the certificate file before you can click on it.
Maybe Drop-in Gateway can solve this problem If you must use another router to provide DHCP.
If you can change the topology, you can try it.
The LAN port of the your FritzBox connect to the WAN port of the GL.iNet router via an ethernet cable. Log in to the your FritzBox’s admin panel to set the DHCP gateway to GL.iNet router’s IP.