SSH tunnel (Proxy) to VPN Provider

Hello.

OpenWrt has now the package sshpass for automatic login. I want to use a http-proxy on OpenWrt with the following command:

Example:
sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L 5080:127.0.0.1:3128 USERNAME@SERVER

Usually I set 127.0.0.1:5080 in the browser. After that the connection is established as well.

But what should I set to use the browser on my desktop PC when I start http-proxy on OpenWrt?

Best regards

Bernd

You want to run the sshpass command on OpenWrt and let the browser on your desktop to use the local endpoint of the ssh tunnel?

-L 0.0.0.0:5080:127.0.0.1:3128 should do. Or use a specific ip address in place of 0.0.0.0.

Yes.

I want to let the browser on my desktop to use these settings:

I have tried:
-L 0.0.0.0:5080:127.0.0.1:3128
and
-L 127.0.0.1:5080:127.0.0.1:3128

both did not work.

Run command, replacing 127.0.0.1 by LAN-IP of router, and after that use this IP. Or you can leave command the same, and add redirect rule to firewall, see examples in /etc/config/firewall

1 Like

Replace "HTTP Proxy" field "127.0.0.1" with IP address of your OpenWrt box, e.g. 192.168.1.1.

1 Like

Thanks for the solution @ulmwind and @yousong.

Should I put the command in "/etc/rc.local" if the http-proxy on OpenWrt should start from startup?

Yes, it is the simplest approach. You can also write your custom script: https://openwrt.org/docs/techref/initscripts

The command:

sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L 192.168.1.1:5080:127.0.0.1:3128 USERNAME@SERVER

does not work in /etc/rc.local.

When I activate the custom script:
/etc/init.d/ssh-pp enable

ssh-pp:

#!/bin/sh /etc/rc.common
 
START=30
 
start() {
	sshpass -p 'Password' ssh -N -o UserKnownHostsFile=known_hosts -L 192.168.1.1:5080:127.0.0.1:3128 USERNAME@SERVER
}

and when I restart ssh-pp in LuCI, I get the message:

Failed to execute "/etc/init.d/ssh-pp start" action: Command failed

Try to specify full path to sshpass, and known_hosts.

1 Like

That was right again @ulmwind. I have now:

/usr/bin/sshpass -p 'Password' ssh -N -o UserKnownHostsFile=/root/known_hosts -L 192.168.1.1:5080:127.0.0.1:3128 USERNAME@SERVER

But now I cannot connect to LuCI with a second browser via 192.168.1.1.

Should I activate something in the OpenWRT Firewall?

Sorry, what does it mean 'second' browser?

I am connected with Firefox (192.168.1.1:5080) to VPN Provider

I cannot connect to LuCI (192.168.1.1) with Chrome.

OK, it is interesting. Try to type:
http://192.168.1.1:80

Not possible.

And after stopping ssh connection works fine?

I connect to OpenWrt via PuTTY.

The following commands, for example, have no effect:

/etc/init.d/ssh-pp stop
/etc/init.d/ssh-pp disable
reboot

When I remove ssh-pp via SCP and reboot OpenWrt, then I have access again via chrome

OK, stopping we'll discuss later. You should kill process, or write kill command to stop section of file.

It is interesting, could you perform one experiment:
change port in /etc/config/uhttpd on something exotics, like 3000, reboot router, and try to connect to http://192.168.1.1:3000

I think it was a problem of start priority.

After I changed from START=30 to START=99 it worked.

#!/bin/sh /etc/rc.common
 
START=99

I'm trying your idea too.

I think pservice is worth a try here. It can be convenient for running single command or scripts under procd, without writing init scripts.

It comes with a sample uci config pservice.config

After changing to START=99, every start priority number works now. I can now connect to LuCI, but I can't reboot the router in LuCI, for example.

How can I write this kill command?

After changing to START=99, I can't go back to START=30, because now every start priority number works. I can no longer reproduce the issue.

I do not know how to install the package on OpenWrt.

Where should I enter the ssh command in the sample?