Did you search the forum? Pretty sure this has been answered exhaustively before.
1 Like
Are you referring to just remote admin access to an openwrt router to only view/edit the router settings?
So what is unique about your question that isn't answered by posts like these?
Or the 50+ other posts from this search: https://forum.openwrt.org/search?q=remote%20access
Help us help you, please. 
3 Likes
Do not expose the web interface (http or https, LuCI) to the internet. It is also not advisable to open ssh to the internet, either. OpenWrt is secure in general, but these services are not hardened sufficiently to withstand the attacks from the internet at large.
@vgaetera suggested using a VPN -- I agree with this. There are a whole bunch of protocols available on OpenWrt -- the most popular being Wireguard and OpenVPN. Wireguard is high performance and easy to setup.
3 Likes
i really can't understand a word of that mess.
no vpn and no ssh. just plain web access. how ?
I think you're missing the point. Enabling HTTP access directly to your Openwrt box from your WAN is a terrible idea. You're asking for trouble. I do not think you will find anyone here willing to help you carry out a bad plan like that.
However, as @vgaetera and @psherman have pointed out, setting up a VPN server on your Openwrt box that you can connect to with a VPN client is very acceptable and would be the only sane way to allow external access into your Openwrt box from the internet.
You can surely set up access to your Openwrt admin ports to allow what you are seeking for VPN clients.
Also, FWIW, treating us a little more like humans who are giving up our time to help you with your problem will get you further than treating us like a search engine. Thanks.
3 Likes
should i edit the traffic rules ?
if so, what shoud be the following :
Source zone
source address
soruce port
destination address
destination port
thanks
You should follow one of the tutorials for setting up a VPN. Here is one:
2 Likes
not paying a vpn for an expriment of few minutes, again plain web access from external ip. anyone ?
Did you read the link I posted? It doesn't cost you anything. You'd be setting up a VPN endpoint on your own network that acts as a server. You'd then use WG (or OpenVPN) on a remote computer or mobile device to act as a client and connect to your own server.
2 Likes
ok, i'll do the vpn later, for the moment just web access from external ip.
if anyone knows how instead suggesting "everything" that wasn't asked, am all ears !! thanks
@batsam - OpenWrt is optimized to be lightweight, and the ssh and web services are only intended to be exposed on trusted interfaces (i.e. the trusted LAN, not the internet).
To give you an analogy... you know those toy lockboxes/safes for kids -- the ones that you get at a toy store or for <$20US on Amazon? Those have a "code" that is literally just turn the dial to a specific number and it unlocks... no "combination" to actually secure it. That's fine for a kid to have fun, but you'd never find something like that in a real bank, for example. The webserver on OpenWrt is similar to the kid's toy I'm talking about... not hardened against real security threats on the internet. A full featured webserver will have additional protections to secure it on the internet, but that doesn't generally fit into the footprint of a consumer router (storage space, RAM, and CPU resources).
1 Like
How do you plan on accessing the router login? From a Static IP say from a works IP that has a Static IP?
i don't believe it, this is even worse tham amzon answes 
guys never mind, take care
We are giving you sensible advice to keep your router and network safe. We've provided specific information about how to allow remote access to your router safely. If you don't like our answers and don't appreciate our attempts to prevent your router and network from being harmed, there is not much we can do. I'm sorry you are so disappointed.
4 Likes
At least we can rest well knowing we didn't tell someone how to intentionally expose their internal network to all the bad actors on the internet.
Seriously though, for all the time you have spent avoiding our sound advice and setting up a quick VPN server, you could have been done AND had a long-term, safe solution for accessing your Openwrt box even beyond your immediate use-case.
You may never care to read or respond further to this thread, but there is excellent advice (kudos to @vgaetera and @psherman) in this thread for the next person.
2 Likes
- Port forward WAN to 192.168.1.1 (DST 443 or 80 tcp depending on OpenWrt version.
- Allow input on WAN to 443 or 80 tcp depending on OpenWrt version.
(If you don't know how to do this already, you may want to reconsider - because there are serious security implications.)
You don't have to pay, guess you didn't read.
People are refusing to tell you this because it is very dangerous.
5 Likes
I may attract the wrath of batsam with this, but I had to say something.
Complete disregard for forum unwritten rules, lazy replies and, as someone noted, treated the kindness of forum users as a search engine.
Not cool and I have to give you guys credit for continuing to reply, in spite of the douchey attitude of the o.p.
3 Likes
I fully agree with all that has been said above by the helpful guys in the forum.
I would even go so far to say, that, based on batsam's questions and refusal to take good advice, he probably lacks the necessary technical background to fiddle around with an OpenWrt based router. Better choice for him would be to buy any COTS device and use the firmeware as provided by the vendor. Quite some of those vendors provide a proprietary dial-in service via a Webserver of their own, handling each and everything necessary (DynDNS, Authentication, etc).
Sorry for my harsh words, but that's how I felt when reading through the post and comments.
1 Like