SSH tunnel (Proxy) to VPN Provider


OpenWrt has now the package sshpass for automatic login. I want to use a http-proxy on OpenWrt with the following command:

sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L 5080: USERNAME@SERVER

Usually I set in the browser. After that the connection is established as well.

But what should I set to use the browser on my desktop PC when I start http-proxy on OpenWrt?

Best regards


You want to run the sshpass command on OpenWrt and let the browser on your desktop to use the local endpoint of the ssh tunnel?

-L should do. Or use a specific ip address in place of


I want to let the browser on my desktop to use these settings:

I have tried:

both did not work.

Run command, replacing by LAN-IP of router, and after that use this IP. Or you can leave command the same, and add redirect rule to firewall, see examples in /etc/config/firewall

1 Like

Replace "HTTP Proxy" field "" with IP address of your OpenWrt box, e.g.

1 Like

Thanks for the solution @ulmwind and @yousong.

Should I put the command in "/etc/rc.local" if the http-proxy on OpenWrt should start from startup?

Yes, it is the simplest approach. You can also write your custom script:

The command:

sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L USERNAME@SERVER

does not work in /etc/rc.local.

When I activate the custom script:
/etc/init.d/ssh-pp enable


#!/bin/sh /etc/rc.common
start() {
	sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L USERNAME@SERVER

and when I restart ssh-pp in LuCI, I get the message:

Failed to execute "/etc/init.d/ssh-pp start" action: Command failed

Try to specify full path to sshpass, and known_hosts.

1 Like

That was right again @ulmwind. I have now:

/usr/bin/sshpass -p 'Password' ssh -N -o UserKnownHostsFile=/root/known_hosts -L USERNAME@SERVER

But now I cannot connect to LuCI with a second browser via

Should I activate something in the OpenWRT Firewall?

Sorry, what does it mean 'second' browser?

I am connected with Firefox ( to VPN Provider

I cannot connect to LuCI ( with Chrome.

OK, it is interesting. Try to type:

Not possible.

And after stopping ssh connection works fine?

I connect to OpenWrt via PuTTY.

The following commands, for example, have no effect:

/etc/init.d/ssh-pp stop
/etc/init.d/ssh-pp disable

When I remove ssh-pp via SCP and reboot OpenWrt, then I have access again via chrome

OK, stopping we'll discuss later. You should kill process, or write kill command to stop section of file.

It is interesting, could you perform one experiment:
change port in /etc/config/uhttpd on something exotics, like 3000, reboot router, and try to connect to

I think it was a problem of start priority.

After I changed from START=30 to START=99 it worked.

#!/bin/sh /etc/rc.common

I'm trying your idea too.

I think pservice is worth a try here. It can be convenient for running single command or scripts under procd, without writing init scripts.

It comes with a sample uci config pservice.config

After changing to START=99, every start priority number works now. I can now connect to LuCI, but I can't reboot the router in LuCI, for example.

How can I write this kill command?

After changing to START=99, I can't go back to START=30, because now every start priority number works. I can no longer reproduce the issue.

I do not know how to install the package on OpenWrt.

Where should I enter the ssh command in the sample?