Can I remotely manage my Openwrt Router (Linksys WRT1900ACS)

mardjenf · August 13, 2020, 2:08pm

Can I remotely manage my Openwrt Router (Linksys WRT1900ACS) behind CGNAT, and also access devices behind it e.g. IPCamera? I tried to search but I just see OpenVPN but it needs to be paid right to have OpenVPN config file?

I'm trying to follow these links please help me to be directed on the correct path.

mk24 · August 13, 2020, 3:12pm

Running an OpenVPN server requires taking incoming connections, which means it can't work behind CG-NAT. OpenVPN is free to use but you need to look at the "community" section of their website not the commercial side.

How to do this depends on what the "remote" side of the connection will be. If your remote can take incoming connections you could reverse roles and make it the server and your home the client.

Zerotier works well even with CG-NAT on both ends.

slh · August 13, 2020, 7:24pm

Many ISPs that do cgNAT at least offer IPv6 connectivity as well, if that's possible you can use a VPN over IPv6 as well.

menno.pieters · August 13, 2020, 7:37pm

...which of course only works if wherever you are remote also has IPv6.

mardjenf · August 13, 2020, 11:24pm

I was thinking something like teamviewer that where I can manage the Router or the access the IPCAM does openwrt do have something like that.

for the OpenVPN free to use version can be used even I'm on CG-NAT?

mk24 · August 14, 2020, 12:29am

Client-server models like OpenVPN and Wireguard require one end of the link to accept incoming connections from the Internet.

What is your "remote" end? A fixed location or a mobile device?

mardjenf · August 14, 2020, 2:50am

remote end are the devices behind the OpenWRT specially my IPCAM,

mk24 · August 14, 2020, 1:55pm

No I mean on what device and what type of Internet connection will you be remotely watching or administering? That end of the link may need to be the VPN "server" since you can't run a true server at home.

Once a VPN tunnel is established it works for data flow in either direction.

moamo67 · August 14, 2020, 4:03pm

ocserv openconnect work on mobile

vgaetera · August 14, 2020, 10:33pm

You need at least one public IP address which you can use as a WireGuard or OpenVPN server.

Otherwise, you have to rely on other protocols, third party services and overlay networks like SoftEther VPN, ZeroTier, Hamachi and Tor.

Something like this:

# Install packages
opkg update
opkg install zerotier

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.device="zt+"
uci add_list firewall.wan.device="zt+"
uci commit firewall
/etc/init.d/firewall restart

# Configure VPN service
uci rename zerotier.@zerotier[0]="custom"
uci set zerotier.custom.enabled="1"
uci commit zerotier
/etc/init.d/zerotier restart

mardjenf · August 15, 2020, 6:48am

Anywhere, e.g. while I'm on my mobile data or at office. Is there a similar or same behavior as team viewer where I just install it on OpenWRT and I can remotely manage the router? and then just access the IPCAM there?

mardjenf · August 15, 2020, 6:49am

Sadly at home I don't have we are on CG-NAT. Residential plan only.