No SSH for you – how to fix OpenRG routers

I find interesting when faced a taken-for-granted situation, in particular in the tech world. This time’s history is about an Internet ADSL connection that allows all traffic but SSH. Yes, you read it correctly. It was very bizarre confirming such event was a real-life situation.

I don’t claim to be a networking expert but at least I want to think I’m well educated. After few minutes I’ve focused my efforts on dealing with the ADSL router/modem’s networking configuration. The device is provided by Movistar (formerly Telefonica) and it runs OpenRG. I’ve discovered that have the same issue and what Movistar did was basically replacing the device. Of course the problem is gone after that.

So, this post is dedicated to those who don’t give up. Following the steps below will allow SSH outbound traffic for a OpenRG-based device.

OpenRG device specs

Software Version: 6.0.18.1.110.1.52 Upgrade
Release Date: Oct 7 2014

Diagnostic

When you do the command below, it shows nothing but timeout. Even when you SSH the router it doesn’t establish connection to it.

ssh -vv host.somewhere.com

Solution

Change router’s SSH service port.

This step will allow you to access the console-based configuration for the router (since I haven’t found any way to do the steps described below from the web management interface).

To do so, go to System > Management > SSH. Update the service port to something else than 22, for instance 2222.

OpenRG SSH service configuration
OpenRG SSH service configuration

Connect to the SSH interface

Once you have changed the SSH service port, you can access it from a SSH client.

ssh -p 2222 [email protected]
[email protected]'s password: 
OpenRG>

Once you have the console prompt, issue the following commands to allow SSH outbound traffic coming from the LAN and Wifi networks. After the last command, which saves and updates the device’s configuration, you should be able to do SSH from any computer in your network to the Internet (thanks to ).

OpenRG> conf set fw/policy/0/chain/fw_br0_in/rule/0/enabled 0

Returned 0
OpenRG> conf set fw/policy/0/chain/fw_br1_in/rule/0/enabled 0

Returned 0
OpenRG> conf reconf 1

Returned 0