You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
clear search
Home > Setup / Installation > WiFi Routers > Remote Access Setup with No-IP and ZeroTier VPN on a Linksys OpenWRT router
Remote Access Setup with No-IP and ZeroTier VPN on a Linksys OpenWRT router
print icon

This guide provides detailed instructions for securing remote access to your OpenWRT router using Dynamic DNS (DDNS) with No-IP and VPN with ZeroTier. The provided script automates the installation and configuration process, allowing users to remotely access their routers from anywhere.

For additional support, please visit the OpenWRT Forum.

 

Prerequisites

 

  • OpenWRT Router: Ensure your router is running OpenWRT 19.07.
  • No-IP Account: Create an account at No-IP or any other Dynamic DNS service.
  • ZeroTier Account: Create an account at ZeroTier.
  • SSH Access: Ensure you have enabled SSH access to your router.

 

Setup Instructions

 

1. Create No-IP Hostname

 

Create a No-IP Account:

 

Create a Hostname:

  • Log in to your No-IP account.
  • Navigate to the "Dynamic DNS" section.
  • Click on "Add a Hostname."
  • Enter a hostname (e.g., deadtest) and choose a domain (e.g., ddns.net).
  • Click "Add Hostname."

 

2. Prepare the Script

 

Save the following script as setup_remote_access.sh on your local machine and please make changes to the following variables:

 

  • Download Script: setup_remote_access.sh
     

    # Define variables

     

    NETWORK_ID='<networkID string>'  # Replace with actual Network ID

     

    DOMAIN='<No-IP hostname>'  # No-IP hostname

     

    USERNAME='<No-Username NOT EMAIL!>'  # Replace with your No-IP email address

     

    PASSWORD='<Username password>'  # Replace with your No-IP password

 

3. Execute the Script.

 

  • Upload the Script: Upload the setup_remote_access.sh script to your router. Replace <router_ip> with your router's IP address.


    scp setup_remote_access.sh root@<router_ip>:/tmp/

 

  • Run the Script on the Router:


    ssh root@<router_ip>

    sh /tmp/setup_remote_access.sh

 

4. Authorize the Device on ZeroTier Central.

 

  • Log in to ZeroTier Central:

  • Authorize the Device:

    • Find your device under the network you specified and authorize it.

 

5. Verify the Setup.

 

On the Router:

 

  • Check DDNS Status:


    /etc/init.d/ddns status

 

  • Force Update DDNS:


    /usr/lib/ddns/update_noip.sh

 

  • Check ZeroTier Status:


    zerotier-cli status
    zerotier-cli listnetworks

 

On Your Local Machine:
 

  • Verify DDNS Update:


    nslookup deadtest.ddns.net

 

  • Test SSH Access:
     
    • Via DDNS Hostname:


      ssh [email protected]
       

    • Via ZeroTier IP Address:


      ssh root@<zerotier_ip_address>
       

Troubleshooting

 

  • DDNS Issues:

    • Ensure the No-IP credentials are correct.
    • Verify that the DDNS update script is executable.
    • Check for errors in the DDNS update log (/var/log/ddns/).

  • ZeroTier Issues:

    • Ensure the ZeroTier service is running.
    • Verify the device is authorized on ZeroTier Central.
    • Check for network connectivity issues.

  • SSH Access Issues:

    • Ensure the SSH service is running (/etc/init.d/dropbear status).
    • Verify firewall rules are correctly configured to allow SSH access.

 

Conclusion

 

By following this guide, you can set up secure remote access to your OpenWRT router using No-IP DDNS and ZeroTier VPN. This setup allows you to manage your router from anywhere with an internet connection, providing both convenience and security.
 

Additional Security: Using SSH Key Pairs


To enhance security and minimize the risk of brute force attacks, it is recommended to use SSH key pairs instead of passwords for authentication.

 

Generate SSH Key Pair

 

On your local machine, generate an SSH key pair if you don't already have one:

 

This will create a public key (~/.ssh/id_rsa.pub) and a private key (~/.ssh/id_rsa).

 

Copy the Public Key to the Router

 

Copy and paste your public key to the router (https://192.168.1.1/cgi-bin/luci/admin/system/admin/sshkeys).


  • cat ~/.ssh/id_rsa.pub

 

Disable Password Authentication


After copying your public key, disable password authentication on your router to prevent brute force attacks:
 

  1. Edit the Dropbear Configuration:


    vi /etc/config/dropbear

 

  1. Modify the Configuration to Disable Password Authentication: Add the following line or modify if it already exists:
     

    config dropbear option PasswordAuth 'off' option RootPasswordAuth 'off'

 

  1. Restart the Dropbear Service:


    /etc/init.d/dropbear restart

 

Test SSH Key Authentication

 

Try to SSH into your router to ensure that key-based authentication is working and password authentication is disabled:


  • ssh root@<router_ip>
     

If the authentication is successful without asking for a password, then SSH key-based authentication is correctly set up.

Was this support article useful?
0 out of 0 found this helpful

Contact Us:
Call Us Access our list of global support numbers
Reddit Join and subscribe to our Official Reddit Community
Chat Us We are here to help you with all the questions you have
close button
scroll to top icon