search

ExtremeFiretop / MerlinAutoUpdate-Router

Merlin(A)uto(U)pdate is a Merlin router script which allows you to remotely identify a stable firmware update for an ASUS Merlin router, and automatically download and update via an unattended method directly from the router.
https://www.snbforums.com/threads/merlinau-v1-2-7-the-ultimate-firmware-auto-updater-amtm-addon.91326/
GNU General Public License v3.0
15 stars 1 forks source link

[Help] Connection problem to web interface #290

Closed SolidRhino closed 1 month ago

SolidRhino commented 1 month ago

When I set my password and test the connection to the web interface, I get the following error:

CleanShot 2024-08-14 at 20 31 16@2x

The password is correct so I don't know what the error is.

ExtremeFiretop commented 1 month ago

When I set my password and test the connection to the web interface, I get the following error:

CleanShot 2024-08-14 at 20 31 16@2x

The password is correct so I don't know what the error is.

The error says it's unable to login to your local router "RT-AX86U_PRO-E9F0.lan" on port 80. Do you have port 80 blocked for local login?

ExtremeFiretop commented 1 month ago

When I set my password and test the connection to the web interface, I get the following error:

CleanShot 2024-08-14 at 20 31 16@2x

The password is correct so I don't know what the error is.

For diagnostics purposes, can I ask you to send the results of the following commands (including enclosing curly bracket):

{
_shownvram_() { printf "$1=[%s]\n" "$(nvram get "$1")" ; }
_shownvram_ http_enable
_shownvram_ lan_domain
_shownvram_ lan_hostname
_shownvram_ http_lanport
_shownvram_ https_lanport
}
ExtremeFiretop commented 1 month ago

Don't forget you can hit the "Tab" key to view the password as you type it.

Also, make sure nothing else is logged into the WebUI while testing.

SolidRhino commented 1 month ago

The password is correct and nothing else is logged in. When I run your command for dignostic I get the following response:


http_enable=[2]
lan_domain=[lan]
lan_hostname=[RT-AX86U_Pro-E9F0]
http_lanport=[80]
https_lanport=[8443]
ExtremeFiretop commented 1 month ago

The password is correct and nothing else is logged in. When I run your command for dignostic I get the following response:


http_enable=[2]
lan_domain=[lan]
lan_hostname=[RT-AX86U_Pro-E9F0]
http_lanport=[80]
https_lanport=[8443]

Sorry just to be completely clear, you had already mentioned in your first post the password is correct. Can you confirm that you viewed the password with the TAB key?

Do you have "Enable Access Restrictions" on?

image

What authentication method is the router set too:

image

Can you test accessing the routers web UI with the URL below:

http://RT-AX86U_Pro-E9F0.lan

ExtremeFiretop commented 1 month ago

When I set my password and test the connection to the web interface, I get the following error:

CleanShot 2024-08-14 at 20 31 16@2x

The password is correct so I don't know what the error is.

@SolidRhino This is what I get when I try with an invalid made up password:

image

It does not say it can't connect on port 80, it just says login failed, In your case it's telling me the router is actively refusing the connection on that URL I mentioned: http://RT-AX86U_Pro-E9F0.lan

SolidRhino commented 1 month ago

Do you have "Enable Access Restrictions" on?

image

Thank you so much for pointing this out! This option had to be changed.

ExtremeFiretop commented 1 month ago

Do you have "Enable Access Restrictions" on? image

Thank you so much for pointing this out! This option had to be changed.

Happy to help, I figured something had to be blocking port 80, it was just a matter of finding what. Enjoy automated updates!

ExtremeFiretop commented 1 month ago

@Martinski4GitHub

We can detect the use of the access restrictions using this NVRAM value:

enable_acc_restriction=0 (disabled)

or

enable_acc_restriction=1 (enabled)

SolidRhino commented 1 month ago

I have added the router to the allowed list. Then it works.

ExtremeFiretop commented 1 month ago

I have added the router to the allowed list. Then it works.

I am considering blocking entering a password if access restrictions is on with WebUI access restricted. If it's SSH restrictions only, then it won't block.

However, with this design you wouldn't be able to have access restrictions on for the WebUI and it would need to be limited to SSH only.

Would you prefer instructions detailing how to add the routers IP? Or just asking the user to disable WebUI access restrictions to continue?

Is there a reason you require the web access restrictions? Maybe this will help me understand why you would opt to add the routers IP address instead of disabling.

SolidRhino commented 1 month ago

I want to enable web access restrictions so that only I can connect to the router ssh and webinterface on the lan. So I think informatie is better than complete blocking the setup.

Isn't it possible to use localhost to communicate with the webui?

ExtremeFiretop commented 1 month ago

Isn't it possible to use localhost to communicate with the webui?

I'm not sure I'm following, can you clarify this question?

As for the solution, me and Martinski have come to an agreed upon method to detect and advise of this setup. The PR is currently open and pending approval. https://github.com/ExtremeFiretop/MerlinAutoUpdate-Router/pull/292

Thanks!

ExtremeFiretop commented 1 month ago

I want to enable web access restrictions so that only I can connect to the router ssh and webinterface on the lan. So I think informatie is better than complete blocking the setup.

Isn't it possible to use localhost to communicate with the webui?

Can you confirm that: nvram get lan_ipaddr

Is the IP you added to the rule? you don't need to share the IP, just confirm or deny that returns the IP you added. Thanks!