Debian, Internet

No SSH for you – how to fix OpenRG routers

April 2, 2015

I find interesting when faced a taken-for-granted situation, in particular in the tech world. This time’s history is about an Internet ADSL connection that allows all traffic but SSH. Yes, you read it correctly. It was very bizarre confirming such event was a real-life situation.

I don’t claim to be a networking expert but at least I want to think I’m well educated. After few minutes I’ve focused my efforts on dealing with the ADSL router/modem’s networking configuration. The device is provided by Movistar (formerly Telefonica) and it runs OpenRG. I’ve discovered that have the same issue and what Movistar did was basically replacing the device. Of course the problem is gone after that.

So, this post is dedicated to those who don’t give up. Following the steps below will allow SSH outbound traffic for a OpenRG-based device.

OpenRG device specs

Software Version: 6.0.18.1.110.1.52 Upgrade
Release Date: Oct 7 2014

Diagnostic

When you do the command below, it shows nothing but timeout. Even when you SSH the router it doesn’t establish connection to it.

ssh -vv host.somewhere.com

Solution

Change router’s SSH service port.

This step will allow you to access the console-based configuration for the router (since I haven’t found any way to do the steps described below from the web management interface).

To do so, go to System > Management > SSH. Update the service port to something else than 22, for instance 2222.

OpenRG SSH service configuration

OpenRG SSH service configuration

Connect to the SSH interface

Once you have changed the SSH service port, you can access it from a SSH client.

ssh -p 2222 [email protected]
[email protected]'s password: 
OpenRG>

Once you have the console prompt, issue the following commands to allow SSH outbound traffic coming from the LAN and Wifi networks. After the last command, which saves and updates the device’s configuration, you should be able to do SSH from any computer in your network to the Internet (thanks to ).

OpenRG> conf set fw/policy/0/chain/fw_br0_in/rule/0/enabled 0

Returned 0
OpenRG> conf set fw/policy/0/chain/fw_br1_in/rule/0/enabled 0

Returned 0
OpenRG> conf reconf 1

Returned 0

Related posts:

  1. Getting Movistar Peru ZTE MF193 work in Debian GNU/Linux How to get Movistar Peru (Internet Móvil) ZTE 3G MF193...
  2. Subversion auth using SSH external key-pair Usually, when using Subversion’s SSH authentication facility, Subversion’s client will...
  3. s3tools – Simple Storage Service for non-Amazon providers Using s3tools to interact with a S3-compatible storage service for...

  • Excellent. I was struggling with this trying to connect all day. I just had telefonica/movistar installed yesterday and couldn’t figure out why SSH wasn’t working! Thanks! If you’re in Lima I’ve got a beer with your name on it.

  • Hi Brandon, good to know. I’m looking forward for that beer!

  • Hey @bbertelsen:disqus good to know. I’m looking forward for that beer!

  • hello there :)
    Great guide…

    I have just a question: is possible give me the name of the “SSH” page, that appears in the image on your post? It should be in the URL, something with the variable “active_page”… What i need is that name (like page_about)…

    I have a different model, but im trying do the same.
    If you could help i appreciate (and send you a “virtual beer” too :) )

    Thanks a lot!

  • Any help here? :)

  • =(

  • Well, 10 months since last reply, 1 year since the comment…
    =P
    Thanks anyway ;)

  • Hey DJ, I admire your persistence. I didn’t get your question/request and I don’t have the router with me anymore. I don’t remember the URL since it was quite long ago. But what you can do is look at OpenRG (which happens to have my initials) website a try to find any manual where you can learn about the actual URL you are looking for.

    Best of luck!

  • Everytime i was checking my disqus profile and see this, leave a little note here..
    eheh, thank you for the answer
    :)