Ar150 ssh proxy

Does somebody know what is the last version that still had SSH PROXY pre-installed?
There is an howto install this service on newer versions?
I found a picture with version 2.11 that has this feature but I don’t know if it is from a ar150 router.
If reverting to an older version there is the risk to brick the device?

1 Like

I think only the old 6416 router has this.

This function is seldom used and was removed, mainly because there is a problem preventing from using password. Only ssh key could be used so application is so limited.

Ok,but even then a package should be available for the ones that want this feature. And regarding working with password on SSH protocol there is a Linux function called sshpass that can be compiled to work automatic.

I think the package is there. It should be called ssh proxy or something.

sshpass is definitely needed to make it work. There was a bug. sshpass works good with ssh keys but not with key. I reported the problem to the author but not sure if they fixed that.

Regarding ssh proxy there is a document, or an how to? I will apreciate your help.!
I’m trying to make this thing works because I can’t make a vpn server, I do not have an real ip.
Regarding real ip there is a way to connect the router to some kind of cloud to be accessible even without an real ip?

Here is a simple guide if you want to try.

Packages needed:
redsocks2 - sock proxy sending data to the ssh tunnel
ssh - use the full version, busybox should also works, not sure
sshpass - input password to ssh
autossh - connect the ssh automatically if broken

Here are the configurations. You need to try to make it work.
As I remember, autossh can only make ssh_rsa work, not using password.
Only use password or rsa, not both.


config autossh
option gatetime '0'
option monitorport      '20000'
option poll '600'
option port '7777'
option server 'your-server-ip'
option usename 'your username'
option password 'your password'
option rsa 'your ssh rsa file name'
option enable '1'


config base
    option log_debug 'on'
    option log 'stderr'
    option daemon 'on'
    option redirector 'iptables'

config redsocks
    option local_ip ''
    option local_port '1081'
    option ip ''
    option port '7777'
    option type 'socks5'
    option enable '0'


#!/bin/sh /etc/rc.common
# Copyright (C) 2007-2011


start_instance() {
    local section="$1"

    config_get username "$section" 'username'
    config_get server "$section" 'server'
    config_get port "$section" 'port'
    config_get password "$section" 'password'
    config_get rsa "$section" 'rsa'

    if [ -n "$port" ];then

    if [ -n "$rsa" ]; then
        ssh="-oStrictHostKeyChecking=no -i $rsa -f -q -N -D$port $username@$server"

        #config_get ssh "$section" 'ssh'
        config_get gatetime "$section" 'gatetime'
        config_get monitorport "$section" 'monitorport'
        config_get poll "$section" 'poll'

        export AUTOSSH_GATETIME="${gatetime:-30}"
        export AUTOSSH_POLL="${poll:-600}"

        service_start /usr/sbin/autossh -M ${monitorport:-20000} -f ${ssh}
    elif [ -n "$password" ]; then
        sshpass -p "$password" ssh -oStrictHostKeyChecking=no -D$port $username@$server -qTfNn

boot() {

start() {
    config_load 'autossh'
    config_foreach start_instance 'autossh'

stop() {
    service_stop /usr/sbin/autossh
    killall -9 ssh


#!/bin/sh /etc/rc.common


config_base() {
    config_get log_debug $1 'log_debug'
    config_get log $1 'log'
    config_get daemon $1 'daemon'
    config_get redirector $1 'redirector'
    cat <<EOF > /var/etc/redsocks2.conf
base {
    log_debug = $log_debug;
    log = $log;
    daemon = $daemon;
    redirector = $redirector;
config_redsocks() {
    config_get enable $1 'enable'
    if [ "$enable" != "1" ]; then
        exit 0
    config_get local_ip $1 'local_ip'
    config_get local_port $1 'local_port'
    config_get ip $1 'ip'
    config_get port $1 'port'
    config_get type $1 'type'
    cat <<EOF >> /var/etc/redsocks2.conf
    local_ip = $local_ip;
    local_port = $local_port;
    ip =  $ip;
    port = $port;  
    type = $type;
start() {
    while [ -z "$(ifconfig br-lan)" ]
        sleep 3
    config_load 'redsocks2'
    config_foreach config_base 'base'
    config_foreach config_redsocks 'redsocks'
    service_start /usr/bin/redsocks2 -c /var/etc/redsocks2.conf

    iptables -t nat -N REDSOCKS
    iptables -t nat -A REDSOCKS -d -j RETURN
    iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDSOCKS
    iptables -t nat -A REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 1081
    iptables -t nat -A REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 1081

        iptables -t nat -D REDSOCKS -d -j RETURN
        iptables -t nat -D PREROUTING -i br-lan -p tcp -j REDSOCKS
        iptables -t nat -D REDSOCKS -p tcp --dport 80 -j REDIRECT --to-ports 1081
        iptables -t nat -D REDSOCKS -p tcp --dport 443 -j REDIRECT --to-ports 1081
        service_stop /usr/bin/redsocks2

Thank you very much for the support, unfortunately the package sshpass is not available
Can you give me a link from where to download?

I see.

Seems there is too much work to do. Are you able to compile source code for openwrt? GitHub - hewenhao2008/sshpass: sshpass for openwrt

I hoped an already compiled package, I think that existing of such package in gl package data base could help others too.
I will apreciate if you can help the enthusiasts with an already compiled package.:grin:.

hi CAS
What is your overall goal?
Do you know about dynamic dns? would that work for you?

Are you trying to have the ar150 ssh out to your server in cloud so you can access network behind ar150 from your cloud server?

I don’t know if you have knowledge about Neorouter, that it is my goal.
Even with dyndns you have to have a real ip, if the router it is connecting behind a server or another router that you don’t have administration access you can’t access the GL-INET router.
My target is to configure a gl router that is connected to any network in one country with a SSH proxy and that router to be accessed from any ware ,any country.
My ISP is providing me some services like voip that are checked to have my IPS from my country.
I know for shore that there are network devices manufacturers that offer this type of service. The router is connecting to the manufacturer site and the end user based on a username and password is accessing the device that has any type of IPS real or local IP.

Maybe softethervpn will meet your needs.
I haven’t tried it yet.


The package is available for my ar300m, not sure about ar150
root@GL-AR300M:/etc# opkg list | grep softether
softethervpn - 4.22-9634-1 - SoftEther VPN (“SoftEther” means “Software Ethernet”) is one of the world’s most powerful and easy-to-use multi-protocol VPN software developed as an academic project from University of Tsukuba, Japan. SoftEther VPN has strong compatibility to today’s most popular VPN products among the world. It has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients. SoftEther VPN is the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec as a single VPN software. SoftEther VPN is not only an alternative VPN server to existing VPN products (OpenVPN, IPsec and MS-SSTP), but has also original strong SSL-VPN protocol to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance.

1 Like