Some questions + luci problem (AR150)

Hi, thanks for making the device, and also the customer service on Taobao, they were very helpful!

I just received my AR150 and I have a few questions.
I have the AR150 connected to my other wifi router, I want to access it over my normal wifi with the AR150’s local ip.

  1. The deafult port for the webui is 83. Is this is for security reasons or a different reason? Do you not recommend changing it to :80?

  2. How can I ssh into this? I try ssh root@localip and get ‘connection refused’. I try ssh root@192.168.1.107:83 and I try typing in the password I set for the glwebui, but that password doesn’t work. I try the original password on the bottom of the device and that does not work.

  3. How can I make it so ssh works over port 22?

  4. I click ‘advanced settings’ to go to luci, but the page keep refreshing in a loop, I cannot access luci. The page says ‘Please Wait. Preparing flash…’ How can I fix this?

  5. I see this page 404 Page not found - GL.iNet - is there not any plan to add this feature to the AR150? I think that is a great feature! (Or is it achievable with the underlying openwrt system?)

  6. Is there a reason the default wifi mode is 72M(11ng) and not 150M (ng150)? Just curious, I would imagine the bigger number is better but I understand it might not be that simple!

I just saw the 2.13 ‘test’ update for CC for this, so I will update and see if my luci problem disappears :slight_smile:
(I updated, the refresh problem is still there.)

Thanks for the support, this device is so small, incredible!

Connect the Wan Port to your Router and a LAN Cable to the lan port of the router, then configure the gl-ar150 first (set a password and the timezone for your router) after that u can enable wifi for the gl-ar150 and should be able to connect to it using the internet connection from your router ssh should be also working if u configure the router first

Thanks for the reply Rene, but maybe you misunderstand my problem.
I have set up the router fine (2 or 3 times), but the problem is that when I try to access the ‘advanced settings’/luci, that the page keeps refreshing as I say and I cannot do anything, and I can’t seem to be able to ssh into it.

Actually, I just tried once more, I connected to the device itself (192.168.8.1) (not via my normal wifi and it’s local ip) - and now I can get into LuCI.
I hope I can still access LuCI when I am not using the AR150’s wifi though.
SSH also works too :slight_smile:

So this is just a problem with accessing the AR150 from a network and not directly?

– I got the problem to happen again, still directly connected to the AR150’s wifi. I see in the main GL gui page that the access port is 83. But for some reason, I accessed the page before with 80/no port specified. When I add :83 to the end, I get the refresh problem.
What is happening? I’m confused! :slight_smile:

Well, it depends first of all there is no port 83 open on the router (webinterface works with port 80)

second, if you would like to access ssh and the webinterface from your local network you have to change the firewall settings by default incoming traffic to the wan port will be blocked… if you want use ssh you will also have to select the port of the dropbear instance (Advanced ->System -> Administration)

 

I would recommend to make all changes and settings with wifi from the gl.ar150 or with a lan cable attached to it, sometimes there a strange problems using another router to configure as you can see

 

edit: Port 83 seems to be the port you can access from the internet if u want to access the router from ur workspace or similar. havent tried it before,

Hi Rene.
Ok I understand the ‘problem’ now, yes I will have to specify :83 if I want to access it over my local network that the AR150 is connected to. When connected to the AR150 directly, I don’t need to give a port, good :slight_smile:

But the problem still remains that I cannot access LuCI or ssh when I am accessing the AR150 over a network.
I don’t understand why I will have to select the port for dropbear, wouldn’t it default to 22?
And if incoming traffic via WAN would be killed, then why can I still enter the GL’s web ui, but not LuCI?

Thanks for the help and information, sorry I am not very knowledgeable about networking…!

– I think I just found what I want for SSH. - “Allow remote hosts to connect to local SSH forwarded port” :slight_smile:
– no, it wasn’t that simple, ha (it didn’t seem to work)

 

You could try to modify the firewall settings go under advanced settings to firewall and then modify the wan interface to allow incoming traffic

i havent tried it before to use the little router in my existing network :slight_smile:

 

And yes, ssh is port 22 but you try it to access with the wan port and i think this could be the problem under Advanced -> System -> Administration you could select the wan interface for dropbear… Maybe it´s working… maybe not i dont know but i would like to help anyways! :smiley:

Thanks again :slight_smile:
Ok, well under ‘Administration’, dropbear/ssh’s interface is the default ‘unspecified’. Below I see = "Listen only on the given interface or, if unspecified, on all. So that part is not the problem, it will work over wan. But when I attempt to connect and enter the correct password, it tells me it is incorrect… yet a direct connection is fine.

Yes I will look at the firewall… but, I wouldn’t think the problem is with the firewall if I get an ‘incorrect password’ error.
Would allowing incoming wan traffic be ‘insecure’?
Maybe the solution was ‘Gateway hosts’ like I thought earlier and I did something wrong…
Thanks

Hello nasna

well i tried it… and you´re right with port 83 and another network the site keeps refreshing under advanced settings

 

i will test ssh and the firewall settings and let you know if its working in a few minutes

Yes the solution for the problem is changing the firewall settings, modify the wan interface to accept incoming traffic after that you could access ssh AND the webinterface (on port 80) within your local network

Alfie, could you check if you can access the routers webinterface on port 83 (connect the wan port to different router)and you could access the advanced settings page?

i think nasna found a bug here

Rene, very kind for testing, thanks for your time!
Ok so editing the firewall is the answer, excellent.
I will read more, I have never played with firewalls before!
I see this: OpenWrt Forum Archive
Maybe it is cleaner/safer to restrict wan incoming connections to ssh only, as opposed to letting everything in. I’m not sure if it is safe/unsafe, as I say I am new to networking :slight_smile:

you should be safe i think your local router before the gl-ar does also incoming traffic blocking additional there is your password for ssh / webinterface

 

Luci is blocked from WAN, because in Luci you can do anything easily. However, keep reflashing is a bug. It should just give a deny message. This is done in lighttpd. We will check and get back to this issue.

SSH (port 22) is blocked from WAN too. You can open it on firewall.

Why we use 83 not 80 on WAN. First reason is to differentiate LAN and WAN access. Second, a lot of ISP just blocks 80 port, but not other port by default.

Thanks alzhao/Alfie(?) :slight_smile:

I understand the problems now.
And any information on this?
5. I see this page http://www.gl-inet.com/using-ssh-proxy-in-gl-inet-6416/ – is there not any plan to add this feature to the AR150? I think that is a great feature! (Or is it achievable with the underlying openwrt system?)
6. Is there a reason the default wifi mode is 72M(11ng) and not 150M (ng150)? Just curious, I would imagine the bigger number is better but I understand it might not be that simple!

This is a great device, it is already doing exactly what I wanted to do :slight_smile: Thanks

Like @alzhao said, performing configuration of the router from the WAN side creates security vulnerabilities. There are ways to do it, but if you aren’t going to spend the time to learn how to harden your router, you probably should just avoid doing this. This is one of those times that the OpenWRT gurus are trying to protect us from ourselves!

[As I understand it, your issue is with OpenWRT, not GLI.]

If you really want to do this, start by taking a look here:

https://wiki.openwrt.org/doc/howto/access.modem.through.nat

But, really, since you have your AR150 in your home network, when you want to configure your AR150, just connect to the AR150’s SSID as a WLAN client and then point your browser to the AR150’s LAN address. Or just connect a wire to the LAN port of the AR150 to your computer, if that suits you better.

Let us know how it goes!

 

Sure, Now I understand the LuCI from WAN situation now, I’m not going to make it so I can access it over WAN.
Having SSH access over WAN is fine for me, the change was simple to enable.
And yes that is what I do the few times so far when I want to use LuCI, connect to the AR150’s wifi. :slight_smile:

I don’t know how you want to use the GL-AR150 exactly, but if you use it as an extra hotspot in your house isn’t it more practical to configure the GL-AR150 as a accesspoint instead of a router?
*Jeroen still needs to figure that out himself. :-PThere is enough OpenWRT documentation how to configure OpenWRT for being an accesspoint instead of a router. eth0 then will become just LAN eth0 instead of WAN and eth1 will stay LAN eth1.

Hi Jeroen, no I don’t want to use it as a hotspot at all really.
(Although if I can set it up so when I am connected it all goes through an ssh tunnel, so I don’t have to run the tunnel on my computer, that would be great!)

All I want the little box to do is run rsync, lftp, download stuff for me whenever I want so I don’t have to leave my computer on over night :slight_smile:
And for that it is working great! Anything else is a bonus. Much cheaper/compact/all in one/simple/better wifi than a raspberry pi!

nasna, I find your use case very interesting. Please consider writing a “how to” for using these tools on the AR-150, etc including how to install, configure and run (with detail for dummies like me who do not know these apps). What types of source and destinations are you able to manage (local to local, local to FTP, etc)?

It would be nice to have the different usecases / configs explained side by side, this is more something for the OpenWrt Wiki.

For the AR-150 it would make a lot of sense to have 3 config directories onder the GPIO 7 and 8 switch. And several configs to choose from in the Luci menu

Router, AccessPoint, Hotspot, NAS, Sambaserver, Printserver, etc. /config a default failsafe config that can’t be changed from the GUI, and 2 ‘user configs’ under GPIO 7 and 8.

This way we could contribute our use case configs and share them here, and make the AR-150 ever more interesting.