netbird icon indicating copy to clipboard operation
netbird copied to clipboard
verified publisher icon netbirdio

Remote access to OpenWrt router not working

Open cmonty14 opened this issue 1 year ago • 3 comments

Describe the problem I have setup Netbird successfully on my OpenWrt router based on the information shared here #2268.

Peer is up and connected:

root@openwrt:~# netbird status
Daemon version: 0.24.3
CLI version: 0.24.3
Management: Connected
Signal: Connected
FQDN: openwrt.netbird.cloud
NetBird IP: 100.xxx.xxx.216/16
Interface type: Kernel
Peers count: 1/2 Connected

To verify if connection to peer is working, I deployed another peer on my laptop. However I cannot ping this OpenWrt router peer from my laptop. And nmap shows that all relevant ports are filtered:

❯ nmap -Pn -p 22,80,443 openwrt.netbird.cloud
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-11 11:57 CEST
Nmap scan report for rb760igs.netbird.cloud (100.xxx.xxx.216)
Host is up.

PORT    STATE    SERVICE
22/tcp  filtered ssh
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 16.05 seconds

I configured the router to listen on 0.0.0.0:80 and 0.0.0.0:443, and this should give remote access to OpenWrt webUI. But it's not working.

Can you please advise what is missing?

Are you using NetBird Cloud? Yes

NetBird version 0.24.3

cmonty14 avatar Aug 11 '24 10:08 cmonty14

  • What do your access policies look like in Access Control -> Policies?
  • Can you run netstat -tulpen, do both ports appear there?
  • Are you able to access this from the openwrt cli? curl http://127.0.0.1:80

lixmal avatar Aug 12 '24 11:08 lixmal

I added access policy and now ports are open:

❯ nmap -Pn -p 22,53,80,443 openwrt.netbird.cloud
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-15 20:39 CEST
Nmap scan report for openwrt.netbird.cloud (100.xxx.xxx.216)
Host is up (0.0079s latency).

PORT    STATE  SERVICE
22/tcp  closed ssh
53/tcp  open   domain
80/tcp  open   http
443/tcp open   https

Nmap done: 1 IP address (1 host up) scanned in 13.07 seconds

cmonty14 avatar Aug 15 '24 18:08 cmonty14

As you can see SSH port is closed. And I cannot open it because dropbear returns error interface netbird has no physdev or physdev has no suitable ip with this configuration:

root@openwrt:~# cat /etc/config/dropbear 

config dropbear
	option PasswordAuth 'on'
	option Port '22'
	option Interface 'mgmt'

config dropbear
	option PasswordAuth 'on'
	option Port '22'
	option Interface 'netbird'

Only after setting interface to unspecified, which results in this config, SSH access is open:

root@openwrt:~# cat /etc/config/dropbear 

config dropbear
	option PasswordAuth 'on'
	option Port '22'

However, then SSH port 22 is listening on any interface.

cmonty14 avatar Aug 15 '24 18:08 cmonty14

Hello @cmonty14,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

nazarewk avatar Apr 28 '25 15:04 nazarewk

closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

mlsmaycon avatar Jun 01 '25 20:06 mlsmaycon