How to access OpenWrt from external static ip

just as the title says

1 Like

Did you search the forum? Pretty sure this has been answered exhaustively before.

1 Like

Are you referring to just remote admin access to an openwrt router to only view/edit the router settings?


yes i did @_FailSafe

So what is unique about your question that isn't answered by posts like these?

Or the 50+ other posts from this search:

Help us help you, please. :slight_smile:


Do not expose the web interface (http or https, LuCI) to the internet. It is also not advisable to open ssh to the internet, either. OpenWrt is secure in general, but these services are not hardened sufficiently to withstand the attacks from the internet at large.

@vgaetera suggested using a VPN -- I agree with this. There are a whole bunch of protocols available on OpenWrt -- the most popular being Wireguard and OpenVPN. Wireguard is high performance and easy to setup.


i really can't understand a word of that mess.

no vpn and no ssh. just plain web access. how ?

I think you're missing the point. Enabling HTTP access directly to your Openwrt box from your WAN is a terrible idea. You're asking for trouble. I do not think you will find anyone here willing to help you carry out a bad plan like that.

However, as @vgaetera and @psherman have pointed out, setting up a VPN server on your Openwrt box that you can connect to with a VPN client is very acceptable and would be the only sane way to allow external access into your Openwrt box from the internet.

You can surely set up access to your Openwrt admin ports to allow what you are seeking for VPN clients.

Also, FWIW, treating us a little more like humans who are giving up our time to help you with your problem will get you further than treating us like a search engine. Thanks. :slight_smile:


should i edit the traffic rules ?
if so, what shoud be the following :
Source zone
source address
soruce port
destination address
destination port

You should follow one of the tutorials for setting up a VPN. Here is one:


not paying a vpn for an expriment of few minutes, again plain web access from external ip. anyone ?

Did you read the link I posted? It doesn't cost you anything. You'd be setting up a VPN endpoint on your own network that acts as a server. You'd then use WG (or OpenVPN) on a remote computer or mobile device to act as a client and connect to your own server.


ok, i'll do the vpn later, for the moment just web access from external ip.
if anyone knows how instead suggesting "everything" that wasn't asked, am all ears !! thanks

@batsam - OpenWrt is optimized to be lightweight, and the ssh and web services are only intended to be exposed on trusted interfaces (i.e. the trusted LAN, not the internet).

To give you an analogy... you know those toy lockboxes/safes for kids -- the ones that you get at a toy store or for <$20US on Amazon? Those have a "code" that is literally just turn the dial to a specific number and it unlocks... no "combination" to actually secure it. That's fine for a kid to have fun, but you'd never find something like that in a real bank, for example. The webserver on OpenWrt is similar to the kid's toy I'm talking about... not hardened against real security threats on the internet. A full featured webserver will have additional protections to secure it on the internet, but that doesn't generally fit into the footprint of a consumer router (storage space, RAM, and CPU resources).

1 Like

How do you plan on accessing the router login? From a Static IP say from a works IP that has a Static IP?

i don't believe it, this is even worse tham amzon answes :smiley:

guys never mind, take care

We are giving you sensible advice to keep your router and network safe. We've provided specific information about how to allow remote access to your router safely. If you don't like our answers and don't appreciate our attempts to prevent your router and network from being harmed, there is not much we can do. I'm sorry you are so disappointed.


At least we can rest well knowing we didn't tell someone how to intentionally expose their internal network to all the bad actors on the internet.

Seriously though, for all the time you have spent avoiding our sound advice and setting up a quick VPN server, you could have been done AND had a long-term, safe solution for accessing your Openwrt box even beyond your immediate use-case.

You may never care to read or respond further to this thread, but there is excellent advice (kudos to @vgaetera and @psherman) in this thread for the next person.

  • Port forward WAN to (DST 443 or 80 tcp depending on OpenWrt version.
  • Allow input on WAN to 443 or 80 tcp depending on OpenWrt version.

(If you don't know how to do this already, you may want to reconsider - because there are serious security implications.)

You don't have to pay, guess you didn't read.

:warning: People are refusing to tell you this because it is very dangerous.