OpenWrt remote management access via SSH Tunnel

Looking for a safe way to remote manage OpenWrt v. 22.03 installed on my main router.

Found this tutorial:

These procedures are safe? is safe?

thanks in advance

I would advise against that portmapping service unless there is a specific reason you need to use it.

The best and safest way is to setup a VPN. I recommend wireguard because it is simple to setup, secure, and performant.


I use SSH with a key, turn off password auth., and change the port. Extremely reliable and secure as that's how millions of servers are managed everywhere. It's proven.

Also hardly any maintenance as you don't have to worry about certificates.


if cli and brower access is enough, just use putty + tunnel -

the video appears to be showing openvpn, not ssh ?
and if you've got vpn, why would you need port forwarding ?

(you can obviously tunnel other traffic too)

1 Like

Same question from my side: is sshtunnel service SAFE?
I mean the protocol is certainly safe, but when the tunnel is established from my router to their server everyone from net service can access my private network, isn't?

No idea, but I would never use it for managing my own network because it's Someone Else's Computer. And therefore I do not control it, so I would never trust it.

There are some valid use cases for offloading stuff to Someone Else's Computer, but allowing privileged access into my own network isn't one of them.

1 Like

Set up a free for life cloud server at oracle, and use as jump gate into your home box ?

...and then never be able to cancel your account, because there's no "close my account" option for free tiers and support is only available for paid tiers.

Nice one, Oracle!

So what , free is free.

For this purpose, the portmap tunnel is just another part of the Internet. It doesn't need to be more trustworthy than the rest of the Internet since the overall ssh encryption methods are in use through it. You do have to firewall your end of the tunnel so the only thing someone malicious inside portmap could possibly reach is the dropbear server. This would be the same level of risk as exposing dropbear directly on a public IP.

Of course this also has to assume that OpenVPN is safe against a potentially malicious OpenVPN server.


so closing port 22 to inbound firewall will block the access to my private network from ssh tunnel?