Can not use SSH even when the two OpenWRT devices are connected wirelessly

Hi everyone, I am very new to OpenWRT.

So what I wanted to do was connect two OpenWRT devices (LIMA) to each other wirelessly and use SSH between them.

What I can already do:

  1. Connect both of them with LAN cable and use SSH between them.
  2. Connect both of them wirelessly using either Ad-Hoc or AP-Client.

What I cannot do:

  1. Send files between them using SSH while they are connected wirelessly.

Does anyone knows what the potential problem might be?
Should I share screenshots of some configs?

We need to know the exact topology of your network. Can you provide more information -- how are they currently connected to each other? Let's see the configurations on each device.

Further, ssh isn't normally a method of file transfer... scp is, though -- have you tried using scp?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
2 Likes

But you are aware that scp is part of openssh and dropbear and both are technically ssh?

technically, you still don't do file transfers using the ssh command...

https://en.wikipedia.org/wiki/Secure_copy_protocol#Secure_Copy_Protocol

Secure Copy Protocol

The SCP is a network protocol, based on the BSD RCP protocol,[5] which supports file transfers between hosts on a network. SCP uses Secure Shell (SSH) for data transfer and uses the same mechanisms for authentication, thereby ensuring the authenticity and confidentiality of the data in transit. A client can send (upload) files to a server, optionally including their basic attributes (permissions, timestamps). Clients can also request files or directories from a server (download). SCP runs over TCP port 22 by default.[6] Like RCP, there is no RFC that defines the specifics of the protocol.

SCP uses Secure Shell (SSH) for data transfer

Command <> protocol

You just don't get it that the user wrote "SSH" and not ssh? And ssh, scp, ssh-add, ssh-keygen, etc are all part of "OpenSSH" and "libopenssh", and "dropbear" implements a subset of it.
But sure go ahead and continue with your nitpicking and be off track.

(If you use scp from OpenSSH, you connect and authenticate by using "SSH" and for instance ~/.ssh/config. Same goes for sftp. And you transfer any kind of data through this "SSH Connection".)

Assuming he'd written ssh instead, would he been able to transfer any files ?

1 Like

Look. scp is still ssh if you want to believe it or not. And in case you don't know, you can transfer files using ssh and dd or tar just fine, too.

Hii. Thanks for replying. Sorry for the late reply.

Yes, I meant scp when I said SSH.

So currently, I am using Ad-Hoc. I ideally want to use AP-Client but I thought this would be easier for now.

My network and wireless files are almost the same for both boards. They might be a mess since I have tried so many things from the internet. (Will it be better to just restore the backups and start over). The firewall file was also messed up. So I have just restored the backup.

network -

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fde5:d6f5:82b1::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '10.75.75.2'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option force_link '1'

config interface 'wwan'
        option ifname 'wan0'
        option proto 'static'
        option ipaddr '10.75.75.2'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option force_link '1'

wireless -

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/qca953x_wmac'
        option htmode 'HT20'
        option disabled '0'
        option short_gi_40 '0'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option network 'wwan'
        option mode 'adhoc'
        option ssid 'Lima'
        option encryption 'none'

firewall -

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT
config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fc00::/6
        option dest_ip          fc00::/6
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT
config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

# include a file with users custom iptables rules
config include
        option path /etc/firewall.user

This is what the network section looks like while connected to using Ad-Hoc in LUCI

One major issue is that you have two interfaces with the same IP address. This is not valid and will break things.

Also, what version of OpenWrt are you running?

ubus call system board
{
        "kernel": "4.14.171",
        "hostname": "LimaRight",
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "8devices Lima board",
        "board_name": "lima",
        "release": {
                "distribution": "OpenWrt-8devices",
                "version": "v2.11",
                "revision": "r0+10958-038b2ccc82",
                "target": "ar71xx/generic",
                "description": "OpenWrt-8devices v2.11 r0+10958-038b2ccc82"
        }
}

Ok. Let me change the IP addresses of the interfaces.

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

Thanks. I will think of changing software if this does not work.
However, I changed the IP address and did a few things and it looks like this now.

Does this indicate that it is connected now?

config interface 'wwan'
        option proto 'static'
        option ipaddr '10.75.75.4'
        option netmask '255.255.255.0'
        option ip6assign '60'

this is what the interface looks like. I can still not ssh.

No, it just indicates you changed the address. I have no idea if it is connected or not.

But you still have an issue with 2 interfaces using the same subnet, which is not allowed in a routing scenario. And it looks like the wwan network isn't assigned to a firewall zone.

But beyond that, given that you aren't running anything close to an official version of OpenWrt, I don't know how your device actually is supposed to work.

Thanks for your time.

Hii again. So I installed a mainstream version of openWRT.

{
        "kernel": "5.10.176",
        "hostname": "LimaLeft",
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "8devices Lima",
        "board_name": "8dev,lima",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "ath79/generic",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
        }
}

And also used AP - Client again. However, I could not connect them with SSH wirelessly. I can access the AP with my laptop, but not with the other OpenWRT board.

AP network -

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd82:3e7d:6e22::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.75.75.2'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option type 'bridge'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option type 'bridge'

config device
        option name 'wlan0'
        option promisc '1'
        option acceptlocal '1'
        option sendredirects '1'
        option ip6segmentrouting '1'
        option multicast '1'

AP wireless -

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'lan wan wan6'

Client network -

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdac:bc18:c07e::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.75.75.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option proto 'dhcp'

Client wireless -


config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'sta'
        option network 'wan'
        option ssid 'OpenWrt'
        option encryption 'none'

As for firewall, I disabled the firewall in both from startup.

remove the bridge statements from these two sections.

remove this entire section:

The radio must only have a single network associated with it. Remove wan and wan6.

On the second device, change the network to lan.

Hii. Sorry for the super late reply, I got sick from a flu and couldn't work for quite some time.
I tried what you said, but the network was not even connecting after the changes you suggested.
Can you help me from a fresh page?

Client device:
Network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdac:bc18:c07e::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option proto 'static'
        option ipaddr '10.75.75.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan'

config interface 'wan'
        option proto 'dhcp'

config interface 'wwan'
        option proto 'dhcp'

Wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'OpenWrt'
        option encryption 'none'

AP device:
network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd82:3e7d:6e22::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.75.75.2'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

Wireless:


config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
        option network 'lan'

I have turned off the firewall on both devices for now.
These devices are connected by wifi but I cannot send files from one device to other using ssh/scp.

Thanks for your time.

Remove this:

and remove the device (br-lan) from the lan interface of the client device...

config interface 'lan'
        option proto 'static'
        option ipaddr '10.75.75.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

Then change wifinet1's network to lan

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'lan'
        option ssid 'OpenWrt'
        option encryption 'none'
1 Like