Cloud/remote management possible?

If I won't be able to remotely access the WAN interface of the router is there some sort of remote management solution for OpenWRT?

Something that would allow me to see the router UI and manage it through a cloud interface similar to Peplink InControl, Ubiquiti UISP, Cradlepoint NetCloud manager etc, etc.

ask the people over at DDWRT ?
but there probably isn't ...

My mistake, I meant OpenWRT but I get them mixed up in my head.

well, unfortunately there still isn't, AFAIK :expressionless:

Access your OpenWRT router remotely via Zerotier

Install Netdata

and view the router statistics on port 19999

2 Likes

Zeortier does look interesting.

I'm also wondering about just doing a simple additional OpenVPN connection to a management server I place somewhere. That client config wouldn't have any routing at all, I'd just reach the router GUI via the virtual IP from the management server. I can run multiple OpenVPN client connections on OpenWRT right?

I'm already familiar with OpenVPN and when you have a hammer everything looks like a nail.

Huh, of course you can:

  • SSH (use keys and disable password-based login for safety)
  • Wireguard
  • OpenVPN
  • any other VPN
  • (now that LuCI is HTTPS in version 21, a strong password is now viable, but still could be brute forced) - I don't advise this

Unless you meant that you ISP doesn't give you a Public IP...then you'd have to setup the VPN at a 3rd location and connect thru it.

1 Like

Precisely that.

We already use OpenVPN for connectivity but I want a management interface as well. As far as I can tell that can just be another OpenVPN connection. It's just nice when there's something ready to go like Peplink InControl, Ubiquiti UISP, Cradlepoint NetCloud manager.

Well, wouldn't using one of the above listed methods thru the VPN work?

If not, make a second instance for the management.

1 Like

That's pretty far from the "cloud" control OP was asking about, at least to my interpretation, but yeah, those solutions work.

And remote means logging in to the device(s), or the LAN from outside, then I agree, but that's not really remote, IMHO.

2 Likes

Exactly, even some low end routers have it like GL.iNet GoodCloud.

Those cloud managers are really rather necessary when you are managing say a hundred routers in different buildings in different states. I could hack something together with VPN and I'll look at doing that but it isn't remotely in the same ballpark.

Cucumber Tony: http://www.ct-networks.io/
Or

OpenWISP 7 project: http://openwisp.org/

There's others's too.

Since the OP said we won't be able [to reach the device]...I'm not really sure how a management solution fixes that per se...but maybe you can elaborate for the OP.

3 Likes

While I don't mean to drive you away from OpenWrt or open source setups, a setup of your size/scale may benefit from a commercial solution. The products on the market (both hardware and software) that are designed for cloud management of large fleets will often provide a better experience than you'll get by cobbling together an open source system. I say this in terms of the learning curve (just learn the management environment, not how to build said environment from the ground up), support (likely you'll have some sort of dedicated support avenue, although be aware that some companies like Ubiquiti and maybe others don't really have their own tech support -- it is community based, theoretically to save money and make the products cheaper overall), and reliability (if you run a large fleet, you need to know that the system you're deploying is robust for both your own needs and that of your customers).

Don't get me wrong, you can go with the open source route, and I'm all for that, too. But consider the scale of your business and the benefits/risks of open source vs commercial products.

Investing in the right hardware/software from the get-go will be more cost effective in the long run, even if it is more expensive up front.

3 Likes

That is solid advice. I built our VPN hosting from OpenVPN community edition and yes I see what you are talking about regarding open source support.

The thing is we are having supply chain problems. I've got over a hundred Ubiquiti deployed, and UNMS/UISP is working really well for us. BUT we can't get them. So developing a solution for OpenWRT and being fairly flexible on hardware has some attraction to me right now. Giving it a honest look anyway.

The router would need to reach out to the management server through the internet.

OpenWisp looks interesting at first glance, I'll read more on that. Would very much prefer to self host.

Fair enough... and yeah, sucks.

I see where you are going with this. If you do find an OpenWrt/open source option, I would recommend deploying it on as uniform a hardware fleet as you possibly can. You'll want firmware updates, settings, and all other feature of each device to be as consistent as possible so that you have the ability to test and then roll out updates easily (and with confidence) and also physically replace any problematic units with identical devices to make management/configuration/provisioning as easy as possible. Doing this on random bits of hardware scattered around your fleet could be a recipe for disaster. The need to acquire a fleet of uniform hardware may, unfortunately, lead you back to the whole supply chain issue.

1 Like

I am using two different methods to access my router:

  1. OpenVPN
    2 FWknop with ssh tunneling

Both are working flawlessly and are pretty straight forward to setup (naturally you will also need to know the ip so you will need dynamic dns service such as no-ip/duckdns/etc) .

These methods don't work when the WAN port on the router you want to manage is not on a public IP. What is necessary here is some management engine on the router needs to reach out and establish a connection to a management server on the internet. You then can reach back through that connection to do things in the router.

Just completed custom firmware for a perspective, large fleet of openwrt devices (>1000), used in IoT. As a commercial project, also including certain aspects of "Remote Management", i.e. remote (re-)configuration, FW-upgrade OTA, certain system statistics. I think, all the open source tools are available, i.e. collectd for simple statistics, or zabbix, for much more covenient usage. And can be tailored to the usage case. My client even refused to use the org management system from the openwrt-compatible device, because not being reliable enough. Actually using just one openwrt device type, but this will change. Having different custom openwrt-firmware images/routers to manage this way, is not a big deal, in case still within similar capabilities. Of course, not so flexible like the UBT stuff, to be available for a vast variety of devices, but that might not be required, anyway.
OpenWISP for hotspot systems seems to be far too oversized, for my taste. I prefere aVPN-based, custom system, which can drop a lot of security features, required otherwise. I.e. via VPN, no problem to use simple mqtt or even http for management.
A general remark, anyway: I think, it is a bit far fetched, for a commercial application, like in your case, to ask for a complete open-source solution, ready to use, free of charge :slight_smile:

1 Like

You mention zabbix but something like I'm discussing here is far fetched? Does not compute, zabbix is amazing and I can't believe it's available free. On the other hand we pay for the management systems I mentioned in OP, the ones that do charge anyway as UISP is free. CT-net doesn't sound like our interests are aligned, for example we don't want WiFi on these so all that's lost on us.

Mostly I'm just feeling out what the potential directions we could go here, this thread has been educational.