Problem with ssh access

buenos dias a todos los miembros del foro, tengo un problema con el acceso ssh de un router que tiene OpenWrt. tengo una red que esta dada por un equipo Mikrotik, este es el que asigna las IP a todos los dispositivos que se conecten a él.
El problema es que quiero tener acceso SSH, hacer ping, conectarme desde el explorador poniendo su IP, a un router con OpenWrt conectado a este router Mikrotik, quiero acceder desde mi computadora que tambien esta conectado al router Mikrotik y no hacerlo sin que necesariamente esté conectado al equipo con OpenWrt, ya que es la única forma en que puedo hacer por el momento


Good morning to all forum members, I have a problem with ssh access from a router that has OpenWrt. I have a network that is given by a Mikrotik team, this is the one that assigns the IP to all the devices that connect to it.
The problem is that I want to have SSH access, ping, connect from the browser by putting its IP, to a router with OpenWrt connected to this Mikrotik router, I want to access from my computer that is also connected to the Mikrotik router and not do it without necessarily being connected to the team with OpenWrt, since that is the only way I can do it for the moment

I'm not sure I understanding. Is the network Computer <--> Mikrotik <--> OpenWrt and you want to access OpenWrt form your computer?

How are you connecting both router together? OpenWrt LAN to Mikrotik WAN? Do you want to have separate network or do you want to make it one network?

mikrotik router does not have wifi connection, openrwt yes, both are connected by Mikrotik lan to OpenWrt wan, connection that would give internet access to the router with OpenWrt. I want to have access to ssh to the router with openwrt without being connected to that router, being connected to the Mikrotik device

I see. Then you will have to do one of two things:
Assuming that:
2- Mikrotik is the internet source.
1- Both your PC and OpenWrt are connected to the LAN ports of Mikrotik

You have few options (depending on your needs)
1- On OpenWrt, forward port 22 from WAN to LAN IP
2- Connect Mikrotik cable to OpenWrt LAN port

1 Like

I am doing a project with coovachilli, I can do the configurations in the OpenWrt router and in the server respectively, but I can not make connection between the router and the server because both are connected to lan ports of the mikrotik router, if I connect the server directly to the router , I lose ssh access with the server

I'm a little confused.

I understand that Mikrotik is the Internet source, so getting internet from somewhere, then distributing that to both the server and OpenWrt router via its LAN ports.

It's not clear to me what OpenWrt is doing on the network. does it have an other devices connected to? Do you need these devices on a separate network other than the main Mikrotik network?

Anyway, presuming that you have reasons to keep the network as it's, then you will need to forward port 22 on OpenWrt from WAN to LAN.

Other possible alternative modifications to the network (subject to your needs) would be:

  • Connect Miktotik LAN to OpenWrt LAN. This way you would be accessing OpenWrt from the LAN side, which is already allowed. But this way, OpenWrt will not create its own subnet. Deices connected to it will be on the same subnet as Mikrotik
  • Keep Mikrotik connected to OpenWrt WAN, but move the server to OpenWrt LAN. This way the server will move from Mikrotik subnet to OpenWrt subnet.
1 Like

@ryan19, please draw a scheme, otherwise we may waste a lot of time and effort guessing wrong.


this is the diagram of my network, where the cloud is the internet access, the central router is the one that distributes the internet to all the devices and they are connected in their lan ports, the desktop PC is the server, it has Linux / ubuntu , laptops are personal computers and from it we have access via SSH, and the router with Wifi is the one that distributes internet via wifi, this router is connected to a LAN port of the main router, with no devices we have SSH access, we can not ping with the wifi router, all this if you can do us if we connect directly to the router with wifi

From which devices do you not have SSH access to which devices?
How is "the router with wifi" configured? As a router with NAT? As a dumb access point?


as it is in the diagram, with the devices I can not access ssh to the wifi router with OpenWrt, otherwise if I connect my device to the wifi network of the wifi router with OpenWrt if I can access by ssh

OK, as mentioned before,

From your new diagram, I presume that you need the WiFi router to provide WiFi access, and you don't need it to do any routing. If this is the case, then you could just plug the cable to its LAN port if it has LAN port. That should solve it.

If it doesn't have dedicated LAN port (i.e. it's an AP with combined WAN/LAN port, then you would need to configure the port as LAN (o otherwise forward port 22 as explained). That also applies if you need the WiFi router to have separate network.

You will need to allow incoming connections to port 22 from the WAN side of your router. You don't need to change anything on the main router.

Use the Firewall-->Traffic Rules-->Open ports on router or edit /etc/config/firewall directly to add a section like this:

config rule
	option name 'Allow-SSH'
	option src 'wan'
	option dest_port '22'
	option proto 'tcp'
	option family 'ipv4'
	option target 'ACCEPT'

This can be repeated with port 80 to open access to the web interface to your WAN (the main router's LAN). Don't open the web interface to the public Internet though. The main router should block incoming connections from the Internet.

I have already made the suggested changes, but there is no Ping to the router with OpenWrt from the computers, and the router does provide access to the internet, that is, it is not a problem with the network cable

Could you post the output of the following for OpenWrt router (from SSH)

cat etc/config/network
cat etc/config/wireless
cat etc/config/firewall

Use Pre-formatted text tool to include the code. After pasting the code, highlight it all and click Pre-formatted text tool.

Mask out (or delete) your MAC and public IP addresses, and your WiFi password.

these are the answers that I have

Sorry, I forgot a / at the beginning

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/firewall
1 Like

Your router's WAN IP will be different from its LAN IP. If it's being assigned by DHCP, you need to log into the main router and check what IP you were assigned on its LAN. If the main router is configured properly you can set an option hostname on your WAN network then the main router's DNS will let you look up your router by name.

By default, OpenWrt will answer pings on the WAN.

1 Like