Hello, I have 1000 Openwrt routers in different regions. I want to connect with ssh without going to them.
There may be a special static IP in locations or i can use vpn i can do what i need.
Can you help me with remote administration?
Thanks
Topic: Openwrt Remote Control
The content of this topic has been archived on 7 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Page 1 of 1
Use VPN.
I would use DDNS to have all devices located, and SSH to reach each one.
eduperez wrote:
I would use DDNS to have all devices located, and SSH to reach each one.
Thank you for answer.
Can you share what I need to use document of the DDNS. Thanks
Google is your friend: https://wiki.openwrt.org/doc/howto/ddns.client
You could also get your ISP to provide a static IP and then have each router connect back to a box on your network using sshtunnel package - each router being bound to a different port on the local system. Either way I would be setting a different password for EACH router and storing in a good password manager.
You need static ip only for openvpn server so clients can always connect to it. I had similar situation and i asked my ISP to give me static ip address and they gave it to me 
If you have one just install openvpn server and configure it on your local system or router (router is better it's always on and always on same place). You can configure one client on your phone and one on your laptop so you can always connect to each client and server too
matemana2608 wrote:
You need static ip only for openvpn server so clients can always connect to it. I had similar situation and i asked my ISP to give me static ip address and they gave it to me
If you have one just install openvpn server and configure it on your local system or router (router is better it's always on and always on same place). You can configure one client on your phone and one on your laptop so you can always connect to each client and server too
Thanks! I will try
As far as I know, OpenVPN can be configured to redo domain name resolution each time it tries to reconnect. So you don't need a static IP on your server side but only a public host name constantly updated with your current IP address.
Just in case you already have a domain (which I happen to have), you can e.g. put Hurricane Electric for a sub zone of that. If you e.g. own the domain "example.com", you can just add the HE name servers for "management.example.com", create that zone at HE, create host names "router1.management.example.com" as "dynamic DNS" and get an URL from HE which that particular router should simply fetch by "wget" every five minutes.
My favorite VPN tool at the moment is "tincVPN", by the way. There you don't need a distinct server but you can create "any to any" links. Whatever tinc client reconnects and gets a new IP, usually that's the one that re-initializes its uplink to the swarm long time before the DNS pointing back is renewed and propagated.
Regards,
Stephan.
golialive wrote:
As far as I know, OpenVPN can be configured to redo domain name resolution each time it tries to reconnect. So you don't need a static IP on your server side but only a public host name constantly updated with your current IP address.
Just in case you already have a domain (which I happen to have), you can e.g. put Hurricane Electric for a sub zone of that. If you e.g. own the domain "example.com", you can just add the HE name servers for "management.example.com", create that zone at HE, create host names "router1.management.example.com" as "dynamic DNS" and get an URL from HE which that particular router should simply fetch by "wget" every five minutes.
My favorite VPN tool at the moment is "tincVPN", by the way. There you don't need a distinct server but you can create "any to any" links. Whatever tinc client reconnects and gets a new IP, usually that's the one that re-initializes its uplink to the swarm long time before the DNS pointing back is renewed and propagated.
Regards,
Stephan.
Thank you so much Stephan. I'm still working on.
The discussion might have continued from here.
Page 1 of 1