Article directory
A few simple steps to realize OpenWRT combined with cpolar intranet penetration tool to realize remote connection outside.
1. Install cpolar intranet penetration
cpolar is a great tool 跨平台, 内网穿透工具which can expose the local server behind NAT or firewall to the public Internet through a secure tunnel, so that the public network can access the intranet.
Operate OpenWRT through ssh connection and download the public key:
wget -O cpolar-public.key http://openwrt.cpolar.com/releases/public.key
Add the public key after the download is complete
opkg-key add cpolar-public.key
Add cpolar's opkg repository source
echo "src/gz cpolar_packages http://openwrt.cpolar.com/releases/packages/$(. /etc/openwrt_release ; echo $DISTRIB_ARCH)" >> /etc/opkg/customfeeds.conf
update warehouse
opkg update
Start installing cpolar intranet penetration, execute the following three installation commands to install three packages:
opkg install cpolar
opkg install luci-app-cpolar
opkg install luci-i18n-cpolar-zh-cn
After the installation is complete, open the OpenWRT web management interface, we can see that there is one service, and you can see cpolar intranet penetration below
Click to see the cpolar interface
Log in to the official website of cpolar, if you have not registered an account, you can register an account first, and then click on the left 验证to view your authentication token,
Then copy the token viewed on the official website to the Auth Token on the OpenWRT cpolar service interface, and click Save after setting
After saving successfully, click in the interface 打开Web-UI界面to see the cpolar web ui interface
Log in with the email account we registered on the cpolar official website. After logging in, you can manage the tunnel and the installation is complete.
2. Configure SSH remote access tunnel
The browser opens the cpolar web UI management interface, we click on the dashboard on the left 隧道管理- 创建隧道, since the default ssh connection is 22端口, so we need to create a tcp tunnel pointing to port 22:
- Tunnel name: customizable, be careful not to repeat
- protocol: tcp
- Local address: 22 (ssh default port)
- Domain Type: Choose a random domain name (free)
- Region: Select China VIP
click创建
After creation, open the online tunnel list, view the generated random public network tcp address, copy the public network address, and pay attention that there is no need to copytcp://
3. Public network remote connection
Open the connection tool, enter the generated public network address, tcp://no need to input, the port number is the public network port number behind the cpolar public network address, click连接
Then enter the user name and password, you can log in successfully
The connection is also successful using the command line
ssh -p 公网端口号 username@公网地址
It should be noted here that since our local port 22 is mapped to port 12807 when it reaches the public network (your public network port may be different), the ssh command needs to add the -p parameter, followed by the public network port number
4. Fixed remote connection address
The temporary TCP data tunnel established above using cpolar successfully connects to the OpenWRT system through ssh. However, the TCP data tunnel at this time is still a random temporary TCP tunnel, and the port number will change every 24 hours.
If we want the data tunnel between different devices to exist stably for a long time, we need further settings (because the fixed TCP tunnel will occupy cpolar server resources for a long time, so this service has to be included in the VIP project).
To establish a stable TCP data tunnel, we must first log in to the cpolar official website预留 and enter the interface of the dashboard
In the reserved interface, find 保留的TCP地址the project. Under this item, we fill in some necessary information, such as the tunnel name to identify the data tunnel, the area where the tunnel is used, and so on.
After filling in the information, click 保留the button on the right to fix the tunnel in the background of cpolar official website, and cpolar will generate a tunnel tcp port at this time
Then we go back to the cpolar interface of the browser, open it 隧道列表, find the random temporary TCP tunnel created before, enter 编辑the page,
Paste the tunnel port we obtained on the cpolar official website into 预留的TCP地址the column, and click the button below 更新.
Then check the online tunnel list again and find that the public network address corresponding to the ssh tunnel has become a fixed address reserved by our official website
Open the connection tool, create a connection, enter a fixed public network address, tcp://no input is required, the port number is the port number after the public network address, and then click Connect
Then enter the username and password, we can see that the connection is successful
Similarly, our connection using the command line mode is also successful. Now the public network address is fixed and will not change randomly. As long as the tunnel can be kept online normally, we can use this public network address to ssh in the public network environment OpenWRT on the remote intranet.
