[SOLVED] Remote access

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
L J
DD-WRT Novice


Joined: 11 Nov 2017
Posts: 19
Location: Canada, Vancouver Island.

PostPosted: Thu Feb 08, 2024 19:32    Post subject: [SOLVED] Remote access Reply with quote
I need some direction in setting up remote access to my router and home network.

My ultimate goal is to remotely access all aspects of my networks; router set up and settings, all devices, as if I was connected to my main router using an iOS device, iPhone or iPad.

My immediate goal is to be able to remote into my router and reboot it if my IoT network stops working. Initially with a Windows laptop (if necessary) and then with the iOS device.

My network topology is; Router 1’s (see signature) WAN port is connected to my ISP’s modem/router LAN port 4 by ethernet cable and Router 2’s port 4 is connected to Router 1’s port 4 by Ethernet cable. The ISP modem/router assigns a static IP to Router 1 using a DMZ connection. It has no other LAN port connections and operates a separate 5 GHz wireless channel.

I have read multiple Wiki Tutorials on tunneling, DDNS, OpenVPN and Wireguard and have downloaded and started reading egc’s DDWRT OpenVPN Server Setup, Last edited on 2-11-2023 12:19. I know my current ISP assigned IP address.

To achieve my immediate goal, how do I get through the ISP modem and “Knock on the door” of Router 1? I prefer to keep the ISP’s router setup with DMZ as is and not have to put it in bridge mode.

Thank you in advance for any guidance you can provide.

_________________
___________________________________________
Router 1: D-Link, DIR-885L, Firmware v3.0-r56941std.; Gateway behind ISP router, DMZ, WireGuard Server, SmartDNS
wl0, 2.4 GHz, N only, Ch. 6, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, AC/N, Ch. 36, wl1.1 Guest Network on VLAN 4.

Router 2: Linksys, E4200, Firmware v3.0-r56941 mega; WAP wired LAN<>LAN to Router 1 on tagged trunk, VLANs 1,3 and 4.
wl0, 2.4 GHz, N only, Ch. 1, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, N only, Ch. 60, wl1.1 Guest Network on VLAN 4.


Last edited by L J on Sun Feb 11, 2024 20:20; edited 2 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13093
Location: Netherlands

PostPosted: Thu Feb 08, 2024 20:10    Post subject: Reply with quote
WireGuard is faster and easier to setup.

WireGuard guides are also a sticky in this forum.

You need the WG server setup guide.

Set this up on Router 1 and as it is in the DMZ of the ISP router you should be able to connect to it just by the ISP's WAN address, no need to port forward (as DMZ is like a port forward of all ports)

Set up DDNS on router 1 with Check External IP so that it will return the ISP routers address.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6519
Location: UK, London, just across the river..

PostPosted: Thu Feb 08, 2024 20:18    Post subject: Reply with quote
Yep concentrate on the WG option as egc advised..read the WG guides...all the light is there...

Compare to OpenVPN server, WG server is very easy to make/manage and use...
You can use SSh over the WAN too..but WG offers a better handling...and security..
Or you can use them both WG and than SSh...if paranoia is too much... Laughing

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 57200 WAP
TP-Link WR1043NDv2 -DD-WRT 56941 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 57200 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 57200 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 57200 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Thu Feb 08, 2024 20:23; edited 1 time in total
L J
DD-WRT Novice


Joined: 11 Nov 2017
Posts: 19
Location: Canada, Vancouver Island.

PostPosted: Thu Feb 08, 2024 20:22    Post subject: Reply with quote
Thank you for the quick reply egc.

I had started reading about Wireguard in the Wikis and could see it looked easier but was becoming a bit overwhelmed. Embarassed

I will give it a try and let you know.

_________________
___________________________________________
Router 1: D-Link, DIR-885L, Firmware v3.0-r56941std.; Gateway behind ISP router, DMZ, WireGuard Server, SmartDNS
wl0, 2.4 GHz, N only, Ch. 6, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, AC/N, Ch. 36, wl1.1 Guest Network on VLAN 4.

Router 2: Linksys, E4200, Firmware v3.0-r56941 mega; WAP wired LAN<>LAN to Router 1 on tagged trunk, VLANs 1,3 and 4.
wl0, 2.4 GHz, N only, Ch. 1, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, N only, Ch. 60, wl1.1 Guest Network on VLAN 4.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14485
Location: Texas, USA

PostPosted: Fri Feb 09, 2024 1:47    Post subject: Reply with quote
Please ensure that you refer to this thread as the Wikis are not up-to-date:

Sticky: WireGuard guides and documentation

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
L J
DD-WRT Novice


Joined: 11 Nov 2017
Posts: 19
Location: Canada, Vancouver Island.

PostPosted: Fri Feb 09, 2024 17:34    Post subject: Reply with quote
Yes kernel-panic69 I found this sticky and am now reading. I hope to attempt this weekend.
Thank you Gurus for your support. Smile

_________________
___________________________________________
Router 1: D-Link, DIR-885L, Firmware v3.0-r56941std.; Gateway behind ISP router, DMZ, WireGuard Server, SmartDNS
wl0, 2.4 GHz, N only, Ch. 6, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, AC/N, Ch. 36, wl1.1 Guest Network on VLAN 4.

Router 2: Linksys, E4200, Firmware v3.0-r56941 mega; WAP wired LAN<>LAN to Router 1 on tagged trunk, VLANs 1,3 and 4.
wl0, 2.4 GHz, N only, Ch. 1, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, N only, Ch. 60, wl1.1 Guest Network on VLAN 4.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1469
Location: Appalachian mountains, USA

PostPosted: Fri Feb 09, 2024 20:20    Post subject: Reply with quote
FWIW, once you get wireguard sorted out and are thinking about how to reboot, etc. from iOS, what you want is an iOS shortcut using their action "Run script over SSH." You can specify the use of a key for ssh access, and you can share that key out of the phone to get it into dd-wrt. I assume there are several ways to move the key to dd-wrt safely, but I note that Signal is easy to set up in iOS, and once there, in a computer as well. You can then ship the key as an attachment on a Signal message to Note to Self, which you send from the phone and retrieve on your computer, where you can paste it into the dd-wrt GUI. Lots of little steps to get set up, but once you have it going, rebooting the router from the phone becomes simple.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 55630: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
L J
DD-WRT Novice


Joined: 11 Nov 2017
Posts: 19
Location: Canada, Vancouver Island.

PostPosted: Sat Feb 10, 2024 2:13    Post subject: Reply with quote
Thanks for this SurprisedItWorks. I had some free time this afternoon and was able to get WireGuard Tunnel working. I know it is because I tested it through the iPhone’s LTE connection. Worked like a hot damm. I’ve even got the DDNS working as well so if my ISP changes my IP while I’m away from home I’ll still find my way.

It works so well that I am able to log into the dd-wrt GUI for both routers. As a result I can reboot from there. I will follow up on the ssh access though as I don’t want to get skunked in the future.

One further question, should I set up a separate client for my iPad or just use the same settings as the phone as long as I don’t attempt to log them both on at the same time?

Thanks to all of you. I have achieved my ultimate goal in record time!

_________________
___________________________________________
Router 1: D-Link, DIR-885L, Firmware v3.0-r56941std.; Gateway behind ISP router, DMZ, WireGuard Server, SmartDNS
wl0, 2.4 GHz, N only, Ch. 6, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, AC/N, Ch. 36, wl1.1 Guest Network on VLAN 4.

Router 2: Linksys, E4200, Firmware v3.0-r56941 mega; WAP wired LAN<>LAN to Router 1 on tagged trunk, VLANs 1,3 and 4.
wl0, 2.4 GHz, N only, Ch. 1, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, N only, Ch. 60, wl1.1 Guest Network on VLAN 4.
D.F.Cruizer
DD-WRT User


Joined: 14 May 2023
Posts: 121

PostPosted: Sun Feb 11, 2024 2:00    Post subject: Reply with quote
You should use a separate client for each device. The linked article is quite informative.
See ->: https://www.procustodibus.com/blog/2021/01/same-key-multiple-peers/

While it's great that you managed to configure WireGuard in a short time Cool (compared to, say, OpenVPN), a strong security system is not measured in how quick it's set up in the initial stage, but how robust it's implemented on an on-going basis over aspects of System/User/Practice.
L J
DD-WRT Novice


Joined: 11 Nov 2017
Posts: 19
Location: Canada, Vancouver Island.

PostPosted: Sun Feb 11, 2024 20:03    Post subject: Reply with quote
Thank you D.F.Cruizer for your response to my last question and the link to the article.
The article makes a very convincing argument for using separate, unique keys for each client/peer.

Sooo, I guess I will spend a little more time setting them up. Wink

And while my paranoia has not reached the level of using ssh over Wireguard, yet. I will do some reading on those topics in preparation for the day Quantum arrives. Laughing

_________________
___________________________________________
Router 1: D-Link, DIR-885L, Firmware v3.0-r56941std.; Gateway behind ISP router, DMZ, WireGuard Server, SmartDNS
wl0, 2.4 GHz, N only, Ch. 6, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, AC/N, Ch. 36, wl1.1 Guest Network on VLAN 4.

Router 2: Linksys, E4200, Firmware v3.0-r56941 mega; WAP wired LAN<>LAN to Router 1 on tagged trunk, VLANs 1,3 and 4.
wl0, 2.4 GHz, N only, Ch. 1, two VAPs, wl0.1 IoT on VLAN 3, wl0.2 Guest Network on VLAN 4. wl1, 5 GHz, N only, Ch. 60, wl1.1 Guest Network on VLAN 4.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum