I created an isolated SSID on my Surf SOHO running Firmware 6.2.2 build 1790. By isolated, I mean that the SSID was using a VLAN and also had Layer 2 Isolation enabled. This SSID works fine.
Until I try to use the Peplink Router utility version 1.4.2 on Android while connected to the isolated SSID. The utility reports that the router is unreachable by its VLANs IP address (also not reachable by the non-vlan IP address but that is to be expected.
Then, I try the web interface using something like https://1.2.3.4:999
Instead of the login page, I get a 404 error. Page “cgi-bin/manga/index.cgi” is not found.
Is this to be expected?
If so, is the lockout from the router due to the VLAN or the Layer 2 Isolation?
Either way, the documentation needs to be updated to reflect this.
Router Utility should always point to the WAN IP of Surf Soho.
*Then, I try the web interface using something like https://1.2.3.4:999
Instead of the login page, I get a 404 error. Page “cgi-bin/manga/index.cgi” is not found. *
Can you elaborate more on this? IP 1.2.3.4 is the “isolated” Vlan IP or WAN IP?
I got my Peplink Surf SOHO (HW1) all configured with several VLANs and everything was working properly and mostly as I wanted. Then I enabled administration over HTTPS rather than HTTP and of course it’s restricted to a specific VLAN for web administration. This VLAN has no wireless attached - wired only and specific port on the router. NOW I AM LOCKED OUT
All I get now is this stupid 404 error when trying to login to the web admin panel from my laptop. It says “404 not found” address is https://[my vlan router ip]/cgi-bin/MANGA/index.cgi/
Can you please help? I do not have a backup of the config file - should have done that first before making any changes after I had everything set up but alas I did not and now I cannot admin my own site!!
Chad,
Some level setting to insure this is a new problem:
Does a LAN scan while in the VLAN see the router?
If not, can you PING see the router from the VLAN?
Can you get online from this vlan?
Does the VLAN have layer 2 isolation set?
Did you try just https://lanipaddress without the rest of the URL?
Have you changed the port number for logging on? If not, can’t hurt to add port 443
What version of the firmware are you running?
For anyone reading this, lesson learned, to make configuration backups.
I am very lucky. As I had literally just configured the SOHO unit yesterday afternoon, the configuration was still fresh in my mind. I have two (2) Pepwave Surf SOHO HW1 and so I simply daisy-chained the other device, reset it to factory, and configured it the same (with a few modifications which the last 24 hours have allowed me to observe and adjust - a plus!) and I will simply swap the device in to replace the one I am locked out of. Thank god I had the wisdom to purchase two devices eh?
I was not aware that InControl required a subscription until I got reading about it. I’ve never used it - had made an account a few years ago but never did anything with it beyond adding the devices to the account. I did sign in and discover “Warranty Expired” warnings for both routers and naturally it didn’t allow me to do anything so I just removed them from the account. I’m a little disappointed that a subscription is required for basic home use. I have no need or desire to pay an additional toll for the privilege of Pepwave having access to my routers and the possible security implications of that. I appreciate however that InControl2 probably would have saved me on the spot in this sticky situation and I am considering perhaps pony-ing up for a subscription in the future. For now, I’m going to tough it out.
Also want to thank those who replied and gave some ideas and such to resolve the issue. I’m still not sure exactly what caused this — and that’s what I’m concerned about. The only thing I had changed at the end was to click the check box for secure administration. Upon provisioning and coming back up, I was never able to get to my router again. I did some searching but really didn’t find anything; there were at least one or two others that had the same issue, but their threads had went cold and no final resolution had ever been laid out. Maybe they just reset the router and started over, as I did, rather than spend time trying to evaluate and figure out the underlying problem but I’d still like to know.
Also — I would really like 1) for secure admin to WORK and 2) for the cert/security warning NOT to be popping up. I’m not alarmed by them, as I understand why that part is happening, but it’s annoying and I’d like to solve it if possible.
I have a few other questions from some (alarming, to me) discoveries I had the chance to observe and test out in the last 24 hours and I’m going to create a new thread to discuss those as they relate to firewall and overall security parameters which aren’t directly related to the web admin lockout that I’m a victim of here.
If Pepwave has any information which would benefit the community as to the possible cause(s) and mitigations for this issue — would appreciate you to follow up and post that in this thread as it will be found in a simple Google query and perhaps assist other customers in the future. Thank you.
A subscription to InControl2 is NOT required. It is optional. And the purpose of it is not to give Peplink access to your router but to give you access to your router.
I’m still not sure exactly what caused this —
If you backup your settings you can try it again. If it fails again, simply reset the router, login with the default password and import the saved settings. No big deal. And, as always, check that you are using the latest firmware, you didn’t say what version you have installed.
Secure admin does work. The security warning is a browser/TLS issue, not a Peplink issue. You cant have a digital certificate for a home use only IP address. Not the way the world works.
Are you saying I can gain control (or COULD have…) of my SOHO router(s) via InControl2 without an active subscription and with an out of warranty device(s)? I wasn’t aware of that.
I am absolutely running the latest firmware for revision HW1 (which both of my SOHOs are) - that is v6.3.5 build 2763. I do appreciate Pepwave addressing the KRACK vulnerabilities and such and releasing firmware for an “out of date” device like my first generation SOHOs, for sure.
And yes, I understand about the cert, but I thought it was worked around for home users somehow. Besides the obvious, having InControl2 do it - for a fee.
No, that is not what I meant to say or imply. I just meant that HTTPS local access to the router does work. Why it failed for you in your specific case, I don’t know.
That Peplink updates firmware version 6 is HUGE reason to use their routers. Total black/white contrast with consumer devices.
I don’t know why it failed either, and I wish I did. Because I’m going to attempt it again on my 2nd SOHO that I’m now using. This time, I have backed up config files in case it goes south. I’ve never seen anything like that before. Looked like a bad script or a parsing problem on the SOHO. As I said, I saw a few other people have the same issue but nothing was ever final as to the problem or how it was rectified. I’m the kind of guy that wants to know exactly why and how something happened even if it’s faster to just reset the device and start over…so I am prepared next time.
I have also encountered this HTTPS problem many times. Never could nail it down. And never found a mitigation, other than to not use HTTPS for web admin which always bugs me. I’m wondering if a firewall rule is blocking it, although one should not even see a 404 error if that were the case. At any rate, I’d just like to say I’ve seen this problem several times personally and I’d like a mitigation (beyond just to not use secure admin…) - also of note - I always use an obscure high number port when I flip the switch. I don’t believe I’ve ever tried the default 443 but I’d prefer not to use a default port either way!
HTTPS for local router admin access works fine. If it was buggy, many Peplink users would have reported it. You initially said that it doesn’t work from a VLAN.
To find the problem, we need to start at the beginning. Does HTTPS work for you at all? That is, does it work when all networks are allowed access to the router and you start from the untagged LAN. Start from each VLAN? If so, then restrict access to just one VLAN to verify that this is exactly where your problem lies.
Once I’m on a VLAN (for example) if the port is anything other than 443 I will be locked out permanently. This is repeatable and it also locks out the mobile app. I am not restricting access to a specific VLAN. Setting is “ANY” as default. The lockout scenario happens either way. I have not tested with port 443 because I do NOT want to use port 443. Does that make sense? If I’m going to switch to secure admin, I want to be using a non default port. Which should not be a problem. So no, actually, it doesn’t work properly.
If I set admin to secure and default port 443 it works but only on the default untagged LAN. If I make that change to a non-standard port or change the port assignments of the LAN ports, I am permanently locked out. There is no network access restriction set. “ANY” is the allowed management.
And I have not tried for the 100th time because I’m tired of factory resetting the damn routers. This should not be a problem at all. And it is repeatable across the board on several devices. I sign in, switch to secure admin, set a non-default port, and once the router comes back up - I’m totally locked out for good unless I factory reset the device. Or (as I’ve read here) purchase a subscription to the Peplink Cloud to access the device, which I’m not willing to do. And should not have to.
When you change to a non-standard port then you also need to type it in your browser as well, example: https://192.168.1.1:8000 (if you set the port to 8000). You would also need to update the mobile app as well.
