How can I configure to have remote administration on my router with openwrt

jmacias · October 10, 2023, 3:48am

bjlockie · October 10, 2023, 4:01am

Do you mean outside your local network?

I guess forward port 443.
Network/Firewall/Port Forwards in luci.

timur.davletshin · October 10, 2023, 4:32am

jmacias · October 10, 2023, 4:51am

Hello, yes exactly I want to enter outside my local network, via WAN.
I have a few clients connected through antennas in bridge mode and I installed openwrt on the router and I can't figure out how to configure it to enable remote administration and through my VPN to be able to enter each router if I have a problem oh I want to change the password.

ncompact · October 10, 2023, 5:53am

do you receive a public IP address or are you behind a CGNAT?

psherman · October 10, 2023, 6:15am

I would highly recommended not doing this. This is very bad security practice since the lightweight webserver in OpenWrt is not hardned for direct exposure to the internet.

Instead, I'd recommend setting up a VPN. This allows a cryptographically secure method of connecting to your router, and from there, you can administer the router or even (if desired) access the hosts on your home network and/or use your home as your 'apparent' location when you are away in the"road warrior" context.

Wireguard is easy to configure, fast, and secure.

lleachii · October 10, 2023, 11:04am

jmacias · October 10, 2023, 6:59pm

If I have a public IP, I have some clients with a ddwrt router and I can normally manage remotely, which I couldn't do in openwrt. If someone has done it, please share with me.

psherman · October 10, 2023, 7:02pm

The methods were already shared:

not recommended, but functional: open ports to allow access to the management interface (443for https, 22 for ssh)
recommended: setup a VPN for secure and encrypted access to your router from anywhere.

jmacias · October 10, 2023, 7:02pm

Thank you for your response, I can tell you that if I have an openvpn vpn in my mikrotik administrator I can access some routers through the vpn but not the openwrt ones.

psherman · October 10, 2023, 7:30pm

How does the Mikrotik administrator have anything to do with your OpenWrt devices? I'm not seeing it... maybe you can provide a system diagram?

WarHawk8080 · October 11, 2023, 10:13am

Best thing to do is setup an openvpn instance(use dynamic dns to create a URL that points to your local IP that will update if the IP changes..port forward only 1 port (the openvpn port [and setup fail2ban for openvpn])...VPN into that thru encryption to where you can gain access "Securely" to your internal LAN subnet and everything in the network like you were sitting there locally...NEVER just arbitrarily open a port to the internet.