1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Enable SSH to "LAN+WAN" reverts to LAN only

Discussion in 'Asuswrt-Merlin' started by pjama, Oct 11, 2018 at 6:04 AM.

Tags:
  1. pjama

    pjama New Around Here

    Joined:
    Thursday
    Messages:
    2
    Having been using merlin on a RT-AC68U for a while now but I needed some IPSec capabilities so I bought a new (Origin China?) RT-AC86U and installed 384.6 on it c/w reset.

    I need to be able to ssh to the router from the internet which I could do on the 68U and I set up the 86U the same to permit LAN+WAN but it keeps reverting back to LAN Only. There is a brief window where it sticks and I can ssh in but it still reverts and I can no longer open new ssh connections.

    Is this a known issue? Is there a work around/fix?

    Yes, I'm aware of the security issues and have a authorized key set up and skynet and SSHBFP on to minimize the risk.

    Thanks for any assistance.
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. M@rco

    [email protected] Very Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    659
    Location:
    /opt
    If you have Skynet installed and securemode is enabled (it is by default), you can't enable WAN access. If you wish to disable it, at your own risk, execute:

    Code:
    sh /jffs/scripts/firewall settings securemode disable
    If you really need access to your router, consider setting up your router as a VPN server for more secure access (and don't forget to re-enable Skynet's securemode afterwards, by executing 'sh /jffs/scripts/firewall settings securemode enable' without quotes).
     
  4. pjama

    pjama New Around Here

    Joined:
    Thursday
    Messages:
    2
    Bingo. That was it. I would never have worked that out for my self.
    Thankyou.
     
    [email protected] likes this.
  5. Zonkd

    Zonkd Regular Contributor

    Joined:
    Oct 19, 2014
    Messages:
    102
    You’re very strongly advised against exposing the router services to WAN. The only good option for remote access is the OpenVPN server feature.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!