Hi,
I configured ddns with duckdns.org, when I chose my domain name, my ip appeared, the ip is from my gateway from my isp, it is my public ip. But I guess if I want to use to acces my router elsewhere I need the address I use from my router (192.168.1.1) not the one from isp (24.45.xx.x) right? Or I did not understand at all 
Should be "the IP that I see on my WAN interface" - is this the case?
If you want to access your router externally (assuming you really have a public IP on your WAN) you will need to configure a firewall rule that allows access to the port you use.
I suggest to use https (on port 443/TCP by default) if you want to access your router directly or run a VPN server like Wireguard and you will be able to access any host on your LAN.
192.168.1.x is a private ip space and not routable on the internet. If you wan't access to your router from the internet, you have to use the public IP. And as @AndrewZ said, modify firewall settings to allow. This is blocked by default for security.
so I need to add that in ddns config too?
Make sure you really have a public IP address on your OpenWrt router WAN interface.
Forget about DDNS and https for a while, configure your firewall to allow 80/TCP and try to access your router as http://{your wan ip here} from outside of your network.
You can probably use the first example from this page: https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_config_examples
Just change the port number from 22 to 80.
If it works, install Luci SSL support and configure your firewall to accept connections on port 443 instead of 80.
Finally, make sure your DDNS client updates the DNS with your WAN interface IP address then test the connection with https://{your DDNS name here} from outside of your network.
thank you I will try, on ddns website I have my public ip, the same from my isp. But I've read ddns was supposed to update that ip? Cause when I clic on update ip (duckdns.org)
I receive that; error: ip address for jxxxxxx.duckdns.org was already 20.xx.xx.174 not updated
doe snot really work for now, here what I add in port forward
config redirect
option dest 'lan'
option target 'DNAT'
option name 'ddns'
list proto 'tcp'
option src 'wan'
option src_dport '80'
EDIT: later I tried with port 443 with my ddns address
I would advise against opening the router's interface to the internet. Regardless of http vs https, the web server in OpenWrt is not hardened for exposure to the internet at large and thus could become a vulnerability.
Instead, you should use a VPN -- I'd recommend Wireguard for this purpose since it is easy to setup, lightweight, and fast.
Regarding your ddns address, you need to make sure you actually have a public IP on the WAN of your OpenWrt device... therefore, please compare the following:
nslookup < your.ddns.domain>All 3 must match. If the first 2 don't match, you may have a problem.
If in doubt, post just the first two octets (in bold: aaa.bbb.ccc.ddd) of the IP address shown in the first point.
the IP address as shown in the LuCI web interface main status page > IPv4 upstream
the results of googling "what's my IP"
and the IP address that is returned when you issue nslookup < your.ddns.domain>
yep, when I put my pc on wan instead of my wg0, the ip is the same (upstream/what'S my ip/ns lookup.
SSH tunneling is another easy and secure option to use and pick a high random port and turn off password auth and use keys.
I manage this way.
on my pc/router, I use ed25519 without passwd
I forgot to add most ISP block port 80 and 443.
So what exactly you use ?
I use high ports usually in the 56xxx range so it doesn't conflict and I'll only see maybe 1 or 2 scans a month.