Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Nov 10, 2020 6:29 Post subject:
hmmm...just to start with 27506 although was a good build, its very very old...
many critical security updates since than...regarding ssh, DNSmasq, VPN and other vital router services, I strongly recommend you to update asap, than try again...
do not use save files from a different builds, to restore settings, do reset after update and rebuild settings manually... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Posted: Sun Jan 09, 2022 15:02 Post subject: Re: Tip for connection without public IP+Question about ssh
Libros wrote:
Hi all,
I found nice and free service for remote tunneling which allows you to ssh connect to your dd-wrt router from internet even if you don't have public IP
I have this error when try to connect:
"ssh: Warning: failed creating //.ssh: Read-only file system
Host 'tunnel.eu.ngrok.com' key accepted unconditionally.
(ssh-rsa fingerprint md5 a6:48:2a:9c:3d:0d:f6:03:2b:73:7c:ca:1a:fb:6c:b1)
ssh: Connection to root@tunnel.eu.ngrok.com:22 exited: No auth methods could be used."
Keys are available at given path... so what can go wrong cos earlier i can connect sucessfully...
Im even cant readd public key to ngrok - says "ERR_NGROK_612
Invalid public key 'ssh-rsa AAAAB3NzaC1yc2EA...': 'ssh: no key found'"
==================================
SOLVED failed creating //.ssh: Read-only file system
Something changed in ngrok so they send u theirs key to add to your trusted hosts but u cant save it - so u need refuse it.
You need add second "-y" to connect line so it will look like:
ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.eu.ngrok.com tcp 22
ssh: Connection to root@tunnel.eu.ngrok.com:22 exited: No auth methods could be used."
And second - that i cant add key to ngrok - that u must get key from commandline of your router. Key showed in command interface of HTTP interface is not full somehow(
And one more - your public key changing every factory reset!
i got this to work so i can ssh into my machine behind the cgnat starlink.. but how do i get it to work with ngrok to access the web interface .. thanks
Just setup the ngrok account as above and instead of the SSH command above use the following and then you will have access to the ddwrt web interface via the ngrok URL
IOW you basically wind up using the ssh tunnel to access the webUI, as you can also do for normal remote administration instead of using a VPN. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
well....ngrok is a good option to go trough CGNat and remote access your unit...
a bit different than normal ssh/VPN remote WAN access via static IP... isn't it ? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sun Jul 17, 2022 12:14; edited 1 time in total
In this instance, ngrok is using the same principle as I described in the other thread, only using a 3rd party solution on the internet to work around the CGNAT issue. Same ssh tunneling principle, though. <wink> _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun Jul 17, 2022 19:16 Post subject:
Libros wrote:
Alozaros wrote:
hmmm...just to start with 27506 although was a good build, its very very old...
many critical security updates since than...
Ah, I did not realized that there are also critical security fixes in new releases...
Good point, I'll focus on update first.
Thanks
This goes without saying DD-WRT is not like stock firmware based on EOL kernels/libraries and components), CVE's are patched regularly kernel side, 3rd party libraries like OpenSSL and others as well as many 3rd party components DD-WRT uses, like Dropbear, dnsmasq etc etc ad nauseam.
You should after a DD-WRT upgrade (from builds older than 6 months more or less) do a nvram reset and reconfigure from scratch.
I'm using a Netgear AC 1450 on build Firmware: DD-WRT v3.0-r43420 (06/15/20) connected to my ISP's modem LAN to LAN via ethernet cable and on the same 192.168.0.xxx network.
You have to do this via ssh (PuTTY, terminal, etc.) And also you missed the second y.
MadHeart wrote:
==================================
SOLVED failed creating //.ssh: Read-only file system
Something changed in ngrok so they send u theirs key to add to your trusted hosts but u cant save it - so u need refuse it.
You need add second "-y" to connect line so it will look like:
ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.eu.ngrok.com tcp 22
ssh: Connection to root@tunnel.eu.ngrok.com:22 exited: No auth methods could be used."
And second - that i cant add key to ngrok - that u must get key from commandline of your router. Key showed in command interface of HTTP interface is not full somehow(
And one more - your public key changing every factory reset!
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
You have to do this via ssh (PuTTY, terminal, etc.) And also you missed the second y.
MadHeart wrote:
==================================
SOLVED failed creating //.ssh: Read-only file system
Something changed in ngrok so they send u theirs key to add to your trusted hosts but u cant save it - so u need refuse it.
You need add second "-y" to connect line so it will look like:
ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.eu.ngrok.com tcp 22
ssh: Connection to root@tunnel.eu.ngrok.com:22 exited: No auth methods could be used."
And second - that i cant add key to ngrok - that u must get key from commandline of your router. Key showed in command interface of HTTP interface is not full somehow(
And one more - your public key changing every factory reset!
That solved the ngrok error 612 for me and DDWRT is now able to connect to ngrok and create the tunnel.
EDIT
SIGH
I still couldn't get this to work. I have my ISP's cable modem with DHCP enabled (192.168.0.1), my DDWRT router connected LAN to LAN using an ethernet cable and is in the DMZ from the cable modem ALSO with the firewall disabled (192.168.0.254) SSHd is turned on, ngrok has the SSH key, ssh connects to ngrok successfully using "ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.us.ngrok.com tcp 22" or "ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:80 tunnel.us.ngrok.com tcp 80", but no matter what port I use a tunnel for, I cannot access those services from the web using the IP address given to me from the ngrok website in the "Agent" section.
If I make a tunnel on port 80 and bind it to localhost:80, for example, shouldn't I just have to put the ngrok "Agent" ip address into a browser and the DDWRT WebGUI should pop right up for me as long as my device is on an outside internet connection like a cellphone for example, shouldn't it?
Or for port 22, SSH, I should be able to use putty from another device with an outside internet connection to SSH into my router using the ngrok agent IP and port 22, should I not?
This must be a firewall/routing issue but I feel tried from using trial and error here. I want this dang thing to work and am tired of shooting in the dark. I'm also trying to expose more than one port here so I can do more than just web administration and SSH, is that that not possible here since I'm not using the ngrok agent program, or is it?
The "localhost:22" part would also need to change to 80 if I want to use this for web administration of the DDWRT router, right?
I get a link from ngrok that looks something like tcp://0.tcp.ngrok.io:##### but I have no idea what to do with this and of course nothing happens when I put it in a web browser or SSH client.
Thank you.
Also, wouldn't it make sense to update the first post to let newbies know they can't get the key through the web interface?
Just a thought.
Cheers!
Last edited by Markcous on Tue Jun 06, 2023 17:43; edited 3 times in total
You have to do this via ssh (PuTTY, terminal, etc.) And also you missed the second y.
MadHeart wrote:
==================================
SOLVED failed creating //.ssh: Read-only file system
Something changed in ngrok so they send u theirs key to add to your trusted hosts but u cant save it - so u need refuse it.
You need add second "-y" to connect line so it will look like:
ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.eu.ngrok.com tcp 22
ssh: Connection to root@tunnel.eu.ngrok.com:22 exited: No auth methods could be used."
And second - that i cant add key to ngrok - that u must get key from commandline of your router. Key showed in command interface of HTTP interface is not full somehow(
And one more - your public key changing every factory reset!
That solved the ngrok error 612 for me and DDWRT is now able to connect to ngrok and create the tunnel.
EDIT
SIGH
I still couldn't get this to work. I have my ISP's cable modem with DHCP enabled (192.168.0.1), my DDWRT router connected LAN to LAN using an ethernet cable and is in the DMZ from the cable modem ALSO with the firewall disabled (192.168.0.254) SSHd is turned on, ngrok has the SSH key, ssh connects to ngrok successfully using "ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:22 tunnel.us.ngrok.com tcp 22" or "ssh -i /tmp/root/.ssh/ssh_host_rsa_key -f -y -y -K 30 -R 0:localhost:80 tunnel.us.ngrok.com tcp 80", but no matter what port I use a tunnel for, I cannot access those services from the web using the IP address given to me from the ngrok website in the "Agent" section.
If I make a tunnel on port 80 and bind it to localhost:80, for example, shouldn't I just have to put the ngrok "Agent" ip address into a browser and the DDWRT WebGUI should pop right up for me as long as my device is on an outside internet connection like a cellphone for example, shouldn't it?
Or for port 22, SSH, I should be able to use putty from another device with an outside internet connection to SSH into my router using the ngrok agent IP and port 22, should I not?
This must be a firewall/routing issue but I feel tried from using trial and error here. I want this dang thing to work and am tired of shooting in the dark. I'm also trying to expose more than one port here so I can do more than just web administration and SSH, is that that not possible here since I'm not using the ngrok agent program, or is it?
The "localhost:22" part would also need to change to 80 if I want to use this for web administration of the DDWRT router, right?
I get a link from ngrok that looks something like tcp://0.tcp.ngrok.io:##### but I have no idea what to do with this and of course nothing happens when I put it in a web browser or SSH client.
Thank you.
Also, wouldn't it make sense to update the first post to let newbies know they can't get the key through the web interface?
Depending on what service you share, you'll connect to whatever you've exposed using ngrok by accessing the url ngrok gives you under the "Tunnel" part inside the "Agent" section of the ngrok dashboard.
Where the x's are your assigned port number and I'm guessing should be unique to you.
I was finally able to SSH into my router by removing the "tcp://" part of the url and specifying the port number after 0.tcp.ngrok.io:
Good luck to anyone else attempting to do this.
EDIT 3
If I'm trying to get the tunnel to point to another device on the network on a specific port, what would I change? It seems to ignore my port forwards and changing "localhost:22" to my device's IP with the specific port that is listening doesn't work for me.
(ISP CABLE MODEM)192.168.0.1[DCHP SERVER] --> LAN : LAN --> (DDWRT ROUTER)192.168.0.2[DHCP FORWARDER] --> LAN PORT --> 192.168.0.59:81 DESIRED DEVICE TO BE REACHED