This is a great little router (GL-AR150). I have several sites loaded from my commercial vpn, VPNUnlimited. I also loaded configurations from my home pfSense OpenVPN server, both tun and tap. (Use Inline-Other on the client download wizard).
One thing I noticed is that it only prompts for the password initially after the profile is first uploaded, then never again.
Would it be possible to prompt for userid/password info on every start up of the VPN? I hardened my router password after noticing this, but would like it if added security were involved with every start-up of the VPN server, just as it is on a PC.
Thanks, again. Great work.
this is possible but you have to do this manually. SSH to the router and start the vpn.
That’s not really practical. If I’m in a hotel room getting onto their wi-fi, I don’t want to add SSH to the need to change router settings to match their wifi and possible mac address spoofing. It’s just one more thing and requires a lot of skill.
I can do this with my android phone and openvpn. There’s a check box to save sign on credentials. I was wondering if the same feature could be added to the router?
I don’t think it’s a bad idea at all - that said, the router already has a password to login, so probably not really necessary? However, why not!
In your smartphone, the window can popup anytime and you can just input your name and password. But the router is another device. I don’t know where the window can pop up if you don’t use the browser.
Of course, we can ask the user to start the openvpn manually each time from the UI, when he need to type the password again. But most people will go crazy. The openvpn connection can drop any time because of some issues. It will always try to reconnect. Without remembering the username and password, it cannot keep the connection.
Maybe there is some easy way to do this. I will research on this.
Nice explanation Alzhao - and it answers my “why not” query perfectly!
When a profile is loaded for the 1st time, it prompts for a user ID and one or two passwords, depending on the configuration. The router supports multiple configurations for multiple VPNs. You select a VPN then enable / disable as needed.
FYI, I have 3 profiles loaded for my home VPN. Two tun and 1 tap. pfSense supports multiple simultaneous servers. One (tun) offers pass through only. The other two (tun and tap) offer remote lan connection. I’ll probably remove two of them as I become more experienced with this router. Each has different security.
I have several configs loaded for VPN Unlimited. Some are faster than others on some days. Also, some are for foreign countries so I can watch their TV online while traveling.
I assumed you would disconnect the credentials when the VPN is disabled and provide the same prompt that shows on the initial load to reconnect.
Of course, a check box to save credentials could also be put in, just like in my cell phone openvpn app. If checked, it acts like it does now. The credentials are saved if enabled or disabled. Any change in VPN would also clear the credentials automatically when enabled unless you have the capacity to save them with a profile. Perhaps unchecking the ‘save credentials’ box will clear all saved credentials on all profiles. Lots of options.
Basically, you’re tying into programming that’s already there, with something new for a check box and a routine to clear out the credentials when the VPN is disabled.
Anyone who is travelling will spend a lot of time on the interface with a browser. Impossible not to.
Which brings me back to my original statement of “why not”, LOL