Hi
I did a fresh flash of TOS 5.0.3 and encounter the following problem:
The web interface is exposed to WAN by default!
I would consider this as a bug, most people wouldn’t want their management interface open to the public right after (?) the initial setup.
Now I have a NAS in the LAN, for which in configured port forwarding for 80 and 443.
DDNS is setup for ipv4 and 6 and works.
This obviously overwrites the router web interface and worked initially.
But it seems like ipv6 is broken.
If I do a curl -vvv -4 https://mydomain.duckdns.org
I get the correct page and the let’s encrypt cert from my NAS.
If I do the curl with -6
I get this:
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
This cert is issued to turris.cz.
How can I completely turn off the web interface for WAN?