OpenWrt Forum Archive

Topic: Accessing Huawei HiLink router from outside the LAN

The content of this topic has been archived on 29 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello,

I have a E3272s modem connected to a TP Link WR710N and running Chaos Calmer.

Everything works great (even on the 4mb version of the TP-Link also with PPTP client and Watchcat plugins installed) the only thing that I have problems with is accessing the modem from WAN. I forwarded the port 8080 (doesn't really matter which) to 192.168.1.1:80, where you access the modem over LAN.

When trying to access, like this: "http://domain.com:8080"

But I get redirected like this: "http://192.168.1.1/html/index.html?url=domain.com:8080"

Other port forwards (e.g. VNC, HTTP, FTP,...) work nicely.

I have no idea how that happens, but you could configure the router over SSH instead of with LuCi. Be sure the open a higher port (> 1024) on the WAN and redirect it to the port 22 on the router for security reasons.

(Last edited by HerpDerp on 21 Jan 2016, 16:01)

Oh, I can access Luci and OpenWrt without problems.
I'd like to access the Huawei modem, that's where I have the problem.

TP link (Luci and OpenWrt) are 192.168.2.1, while Huawei HiLink modem is set to 192.168.1.1. So they are on different subnet but that shouldn't be a problem, I can ping the modem from Luci.

Webpage redirect you everytime on local address of usb modem to protect against access from non local side.(e.g. internet)

You need direct access to usb modem network.
So you must have correct routes from PC to usb modem and use IP of usb modem.

If you are in small network:
PC -> router -> usb modem
it shouldnt be a problem to access IP of modem 192.168.1.1

If you want remote access you need login to VPN first, and access from VPN network to usb modem network.

(Last edited by kubco2 on 21 Jan 2016, 17:56)

Yea, you are right, from LAN it works without problems, but via VPN it doesn't work, IP's on the VPN are on a completely different IP range e.g. 10.11.82.xx and I can't change those.

Somehow I would need to pretend I'm on LAN get those packets then redirected to me over the internet (VPN).
Is there a way to bind a WAN (VPN) IP to a LAN in OpenWrt?

(Last edited by boolsheat on 22 Jan 2016, 09:03)

VPN server is on same router?
If yes:
you need allow zone forward from VPN to wan.

If no:
Can you ping your modem IP(192.168.1.1) when you are in VPN?
What is traceroute of modem IP?
Probably your VPN server need defined route which directs your packets to your router.

VPN is on a another server, router only acts as a PPTP client.


So I can't ping the modem diretctly, I'm using port forwarding on the router to access the modem.

I can't really change things on the server, its a rented service. I can only add new users. So something needs to be set on the router which hosts the modem and acts as a PPTP client.

As a workaround to preserve transparent of URL for webif, you can translate usb modem IP to router IP in your PC just before it send outgoing
packets with

iptables -t nat -A OUTPUT -p tcp -d 192.168.1.1 -j DNAT --to-destination ROUTER_IP

or with windows equivalent command.

You need port forward on router too.

To preserve URL you need set port forward correctly too.
port forward port 80 on router, or if you port forward 8080 to 192.168.1.1:80, you can append firewall rule in your pc to translate port too

iptables -t nat -A OUTPUT -p tcp -d 192.168.1.1 -j DNAT --to-destination ROUTER_IP:8080

Hmm, this might work, any idea how to do this in Windows?

Hello!  I don't use openWRT, but have exactly the same problem with e3272 hilink mode (ip 192.168.1.1, subnet 192.168.1.0/24) when trying to access modem from WAN. 

Modem has its own NAT and plugged into another router Zyxel keenetic 4g III (ip 192.168.1.100, local subnet 192.168.2.0/24). Keenetic running pptp client.

The server running on another Mikrotik router (192.168.88.0/24) and I have full access to it.  I've implemented routes on Mikrotik, so can access 192.168.1.0/24 and 192.168.2.0/24 from Mikrotik subnet.  Have an access to zyxel (192.168.1.100) and to all the devices behind Zyxel (192.168.2.0/24). 
   
The problem is that there is no access (no ping) to hilink modem 192.168.1.1, even there is a route to 192.168.1.0/24 subnet on it.  Works only from Zyxel LAN.

(Last edited by tripleNAT on 14 Mar 2016, 09:34)

I usually "solve" the issue by flashing those modems to "stick mode", and at that point they are fully controlled from the router they are attached to over cdc/ncm protocol.
No webpages, no IP, no NAT, no forwarding, no bs. They are just plain USB modems.

It is also safer as in that mode the obvious vulnerabilities of hilink firmware aren't there.

This is the tutorial I followed for a e3272h http://blog.asiantuntijakaveri.fi/2015/ … -from.html

OpenWrt has the drivers to run these modems in stick mode, and you can even use the onboard microSD card to expand your router's firmware storage space (for extroot for example, like I did on mine) I don't know if other routers can work with these devices in stick mode (I doubt it).

(Last edited by starshipeleven on 14 Mar 2016, 14:23)

Here's a solution:
You ssh into your openwrt ruter (remote host) like this:

  • ssh -D 8080 username@remote-host -p sshportnumber
    e.g.: "ssh -D 8080 admin@domain.com -p 1022"
    Where the "-p 1022" indicates the ssh server port, if its default 22 this part isn't needed. Port 8080 is also just for example, you can use something else.

  • Go to you browser proxy settings and set SOCKS host to "localhost" and set the port to the number you set earlier, I used 8080.

  • Now you can browse from the browser exactly the same you could if OpenWrt router would be the device you are browsing from. So to access the Huawei router from the browser you just go 192.168.8.1 if that is the Huawei's IP or 192.168.1.1 if that is the IP.

(Last edited by boolsheat on 24 Nov 2016, 19:36)

The discussion might have continued from here.