Control and config openwrt from cloud

hello , I am working on cloud hotspot management system using openwrt with freeradius,
I can make authentication and accounting without problem , but freeradius using nasid as identifier to talk with openwrt .
what I want to do is to execute command from cloud on specific openwrt router ,
for example if I have two routers ,
the first one in london , the another one in india
I want to send reboot command to the router which is in london .
I have the mac address of the routers but not have the public IP of it
so how can I send reboot command from cloud to the router which has specific mac address ie.
I want to send reboot command to the router which has mac address aa:aa:aa:aa:aa

thank you for your help , but please can you give me more details about it and how can I send reboot command from cloud (web GUI) to specific openwrt router depending on it's mac address

It doesn't work that way.
MAC address is layer 2, while you need to communicate on layer 3 at least.

I want away to send commands to specific openwrt from cloud because I don't have public ip of my openwrt

Then you should utilize IPv6 or VPN to solve connectivity issues.

Since it is difficult to configure incoming access in many situations, "cloud-controlled" devices almost universally use a "phone home" process to periodically check in with their proprietary server and get instructions. Again because of the possibility of firewalls and blocked ports along the way, the phone home is usually a https POST. The posted data identifies the unit (MAC address can be used because it should be unique) then the server looks up if it has any instructions for that unit (reconfigure, reboot, etc) and sends them back.

As @vgaetera said, the server can't inherently see the unit's MAC through the network, it (or some other unique identifier) needs to be encoded into the request data.

1 Like

thank you for your help, but please could you be more clear and give me more details and if you have reference or any example about your idea

Link layer address is insufficient to communicate on the network layer.
MAC address is not much better than serial number.
You need to use IP address.

but openwrt send local address to freeradius not public ip of it , so how can I get the public ip

A GET to your web server will reveal the source IP. Similarly, MQTT can be used to have the device report its IP address. Both likely should be run over TLS and ideally with a “secret” so it is harder to spoof.

1 Like

so , I have to forget this idea ? actually there is systems which is name cloudTrax with open mesh , I can send all commands from the cloud to my open mesh router , I don't know how did they do that but they did

  • You can configure a public IPv6 via a tunnel broker.
  • You can set up a VPN and connect it to the cloud.

sorry I think we have misunderstanding ,
I can send request from my openwrt to the radius on cloud ,and receive reply from it without problem , but actually I don't know how freeradius send reply to the router , because I did not set the public ip of the router in side the nas table of the freeradius , I just set dynamic client like , and all clients can connect to the freeradius so I have connection to the cloud , my problem is how to know the public IP of openwrt routers , or are there any way else that I can send command to specific router . like freeradius when send reply to the right router

It's an outgoing connection. To the network it is like your device has requested a web page. The server will know enough of the IP to get the response back.

It has been a while since I looked at it but I think that CloudTrax works like I described above.

RADIUS requests carry an internal NAS-ID field which tells the server which NAS is making the request. If you set the server to allow all client IPs it doesn't care what the public IP is. Again like a web server the basic layer 3 sends the reply back to the same IP that the request came from without considering the content of the message.

thank you for your helping , but please I don't know why I have misunderstanding . let us talking on senario
I have router 1 mac address : aa:aa:aa:aa:aa
router 2 has mac address : bb:bb:bb:bb:bb
I want to send reboot command via php to router1 .

MAC addresses are only meaningful on the link itself and then only at Layer 2 (Ethernet frames, for example). You need to address the device by its IP address if you want to connect to it over TCP/IP.

ok but how can I get public ipaddress from openwrt

your router needs to report to a centralised "known" "central-endpoint" .... "controller".....

logically you may be "sending a command to"

architecturally.... the facilitation comes from the "spoke-endpoint"..... or "client"....... "checking in" ... to a "known" and "universally accessible" "hub-endpoint".

think about this.... it is fundamental to your understanding.

Is this a joke folks???

The OP clearly is trying to send data to a device from the cloud...yet he keeps pretending that device doesn't have to be connected to the Internet (i.e. Public IP).

They do it by connecting the equipment to the Internet.

Have you installed software on the OpenWrt to do this???