Good day, I've crunched through the user guide and forums (though my search fu is sort of weak) for a while and not found a positive answer to my question so I'll try to exhaust it here. Does OpenWRT have the capability to manage the router via remote web access like many stock firmwares do? It seems console via SSH or telnet is the only way. Any hints would be appreciated, thank you.
Not sure if sarcasm but maybe I should be more specific to make sure I'm articulating my question correctly. I'm talking a means to administer the router from a remote location using a web browser. Like if I'm at work and want to tweak something back home.
No need to be more specific, your question is clear, and the answer is in @anon50098793's post: OpenWrt has a web interface called LuCI, than can configure and manage pretty much any aspect of OpenWrt.
2 Likes
Thank you. I've been managing the router via LuCI on my LAN, so is there anything special I need to do to do that from a remote location over WAN? I tried http'ing using my public IP but no luck - granted, I'm not the most network savvy guy but I seem to recall doing this in the past with stock router firmwares after enabling remote web admin.
even for a network savvy guy, opening ports on a router is not something to take lightly. do some reading of the results from the links I posted above...
anyone who tells you verbatim how to easily expose your http/s server and associated code to the web is making you vulnerable. so, you need to study up...
In short;
- Use a vpn ( or )
- Open ssh on a high port and use an ssh tunnel / port forward, keys only and rate limits advised ( and/or )
- If your work has a static ip, just allow that
5 Likes
Access to Luci from the WAN is closed by default on the firewall.
This is for security reasons, as the lightweight http server is not resistant to attacks.
Should you want to access Luci from the WAN, ssh proxy or vpn is preferred.
3 Likes
For the sake of giving OP an answer:
"Network --> Firewall --> Traffic Rules --> Add" and there you can configure everything you want.
As others said, this is NOT the right way to protect your home connection (and it was dangerous even with stock firmware). A VPN or SSH reverse is a much better choice. If you really need to access your router from your work computer, you could whitelist your work ip in the section I described above (and maybe using a high port on Luci, above 10000). It's not an optimal solution but better than opening the port to the whole internet.
3 Likes
Thank you all for the input. I'll read up on getting one of the more secure solutions implemented, this is good stuff.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.