1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Enable SSH to "LAN+WAN" reverts to LAN only

Discussion in 'Asuswrt-Merlin' started by pjama, Oct 11, 2018.

  1. pjama

    pjama New Around Here

    Oct 11, 2018
    Having been using merlin on a RT-AC68U for a while now but I needed some IPSec capabilities so I bought a new (Origin China?) RT-AC86U and installed 384.6 on it c/w reset.

    I need to be able to ssh to the router from the internet which I could do on the 68U and I set up the 86U the same to permit LAN+WAN but it keeps reverting back to LAN Only. There is a brief window where it sticks and I can ssh in but it still reverts and I can no longer open new ssh connections.

    Is this a known issue? Is there a work around/fix?

    Yes, I'm aware of the security issues and have a authorized key set up and skynet and SSHBFP on to minimize the risk.

    Thanks for any assistance.
  2. If you have Skynet installed and securemode is enabled (it is by default), you can't enable WAN access. If you wish to disable it, at your own risk, execute:

    sh /jffs/scripts/firewall settings securemode disable
    If you really need access to your router, consider setting up your router as a VPN server for more secure access (and don't forget to re-enable Skynet's securemode afterwards, by executing 'sh /jffs/scripts/firewall settings securemode enable' without quotes).
  3. pjama

    pjama New Around Here

    Oct 11, 2018
    Bingo. That was it. I would never have worked that out for my self.
    [email protected] likes this.
  4. Zonkd

    Zonkd Senior Member

    Oct 19, 2014
    You’re very strongly advised against exposing the router services to WAN. The only good option for remote access is the OpenVPN server feature.