Use https to access OpenWrt router

I don’t know how I missed it but by default OpenWrt router will be accessed via http. Http means that when you login, data will be transmitted via plain text and in many cases it can received by other devices in your network (depending on how you access router, type of router and what is you network configuration).

Many people can say that they have only trusted devices in your network. But devices have vulnerabilities. You never know if your device is vulnerable. Sometimes you may add friend of guest to your network. You have no idea if they update their devices or if they care about security at all. And in any case defense should be layers, so failure in one layer will not lead to compromise whole network.

And it turns out supporting https is very easy. All you to do is login to router via ssh and run following commands:

opkg update
opkg install luci-ssl-openssl

And then restart router. You can install package via GUI and perhaps you can restart only some service instead of whole router, but what I suggested definitely works.

And after that you have to do important step: change password to your router. You had to assume that previous password is compromised. Also, it will be nice to change password for your Wi-Fi network as well. I’m planning to change Wi-Fi password a bit later this week. Depending on level of your paranoia you can even reset router to factory defaults.  I personally do backup router’s etc directory periodically using WinScp application and then compare it to previous version to see what changed. It helps to detect if I accidentally changed something or someone messed with my router. I didn’t find any unauthorized alterations.

I hope it helps someone.