How can I configure to have remote administration on my router with openwrt

How can I configure to have remote administration on my router with openwrt

Do you mean outside your local network?

I guess forward port 443.
Network/Firewall/Port Forwards in luci.

1 Like

Hello, yes exactly I want to enter outside my local network, via WAN.
I have a few clients connected through antennas in bridge mode and I installed openwrt on the router and I can't figure out how to configure it to enable remote administration and through my VPN to be able to enter each router if I have a problem oh I want to change the password.

do you receive a public IP address or are you behind a CGNAT?

I would highly recommended not doing this. This is very bad security practice since the lightweight webserver in OpenWrt is not hardned for direct exposure to the internet.

Instead, I'd recommend setting up a VPN. This allows a cryptographically secure method of connecting to your router, and from there, you can administer the router or even (if desired) access the hosts on your home network and/or use your home as your 'apparent' location when you are away in the"road warrior" context.

Wireguard is easy to configure, fast, and secure.


If I have a public IP, I have some clients with a ddwrt router and I can normally manage remotely, which I couldn't do in openwrt. If someone has done it, please share with me.

The methods were already shared:

  1. not recommended, but functional: open ports to allow access to the management interface (443for https, 22 for ssh)
  2. recommended: setup a VPN for secure and encrypted access to your router from anywhere.
1 Like

Thank you for your response, I can tell you that if I have an openvpn vpn in my mikrotik administrator I can access some routers through the vpn but not the openwrt ones.

How does the Mikrotik administrator have anything to do with your OpenWrt devices? I'm not seeing it... maybe you can provide a system diagram?


Best thing to do is setup an openvpn instance(use dynamic dns to create a URL that points to your local IP that will update if the IP changes..port forward only 1 port (the openvpn port [and setup fail2ban for openvpn])...VPN into that thru encryption to where you can gain access "Securely" to your internal LAN subnet and everything in the network like you were sitting there locally...NEVER just arbitrarily open a port to the internet.