Access from outside

Malakian · October 25, 2025, 1:22am

Hello,

I'm asking for your advice.

Currently, I have a modem/router with a traditional ISP. It gives me internet access via Wi-Fi at home.

At the exit of the modem/router, I installed an OpenWRT router built from a Raspberry Pi.

This router connects to a commercial VPN and has its own Wi-Fi network.

I can therefore access the internet either through the modem/router's Wi-Fi (without a VPN) or through the OpenWRT router's Wi-Fi (with a VPN).

On the OpenWRT router's network, I have NAS hard drives, and on the router's network, I have other NAS hard drives.

When I'm away from home, I can access my hard drives on the modem/router's network using a personal VPN (OpenVPN) and a service like no-ip, which points a domain name to the IP address assigned to me by my ISP.

However, I don't see how to access my hard drives on the OpenWRT router's network from outside.

Have you any idea to do this ?

slh · October 25, 2025, 1:54am

Two orthogonal strategies:

exposing your internal NAS and stuff to your router network (port forwardings XOR switching it from router to AP operations (XOR routed subnets))
creating a road-warrior style wireguard VPN on the OpenWrt router and only forwarding its port to (through-) the outside ISP router

I'd do neither, replace the ISP router with a mere modem (respectively switch the existing one to bridged modem mode, if possible) and use OpenWrt as the single central router (with subnets to your heart's desire). But if that option isn't on the menu, I'd favour the second option over the first.

Tilator · October 25, 2025, 10:18am

Can you SSH the router from outside?

If you can, would it be easiest to mount the NAS to some folder on the router and access that?

Malakian · October 25, 2025, 4:55pm

Thanks for yours anwers.

@slh I am sorry but I don’t understand your strategies.

@Tilator I can even not SSH the OpenWRT router when I am on the modem/router network.

The only way for m to reach the OpenWRT router is to be on its subnetwork.

Is a service like Tailscale able to solve the problem ?

Tilator · October 25, 2025, 5:16pm

So you try to connect the RPi/OpenWrt device by it’s WAN side connection?

Then you have to allow that traffic.

Malakian · October 25, 2025, 5:51pm

Sorry if I was not clear.

The OpenWRT has 2 physical network interfaces :

One connected to the modem/router, I call it I1 for example
The other one connected to the OpenWRT subnetwork, I call it I2

So I1 is used for the WAN side connection.

I2 is used for the OpenWRT subnetwork.

The only way to reach the OpenWRT router by SSH is to be on the subnetwork, so behind I2.

If I am on the modem/router network, so on the WAN side, I can not reach the OpenWRT router by SSH. The answer is “Connection refused”.

Tilator · October 25, 2025, 6:04pm

That’s how I figured it out to be. It’s firewall on your RPi blocking you. You have to allow the traffic there.

Malakian · October 25, 2025, 6:42pm

You were right about that. I have allowed the traffic.

So I am able to SSH the OpenWRT router from the WAN side.

However, I can’t access the NAS that is on the OpenWRT subnetwork from the WAN side.

From the WAN side the NAS is unknown.

So how it helps to access from outside ?

Tilator · October 26, 2025, 5:10pm

Just as I told you before.

Mount your NAS to a proper place and you can access it just as you can access your RPi now.