Board logo

標題: DD-WRT用SSH连接不上 [打印本頁]
作者: Skypeus    時間: 2013-12-14 21:07     標題: DD-WRT用SSH连接不上

本帖最後由 Skypeus 於 2013-12-14 21:24 編輯

近日折腾个路由器,把wr740n, wr1043nd都刷成DD-WRT系统,固件是从官网www.dd-wrt.com下载的,进入路由器DD-WRT界面把SSHD启用后,重启之后再用putty.exe来SSH登录,但一直登录不到,显示 Server unexpectedly closed network connection 。用WinSCP也同样连接不进去路由。

[attach]3051[/attach]

而用telnet 23端口是可以连接进去。但很想用回SSH的方式连接进去。

[attach]3050[/attach]
试重刷了多个版本的DD-WRT固件,google老师那里爬了好多文均没有解决这个问题。 百思不得其解,是官网DD-WRT固件的问题吗?还是那里设置不对。

另一个问题是DD-WRT里设置好了VPN Server,内网是可以连接上VPN Server的,但想让外面网连接进来,却一直连接不进来,防火墙已经打开相应端口了,这也是固件的问题吗?

[attach]3053[/attach]

[attach]3052[/attach]
请教各位师兄,您的wr1043nd用DD-WRT时有无遇到类似上面的问题,你是如何解决的?
作者: 角色    時間: 2013-12-14 21:40

我以前用过DD-WRT,在SSH连接从来没有发生过你所说的问题。
作者: Skypeus    時間: 2013-12-14 22:10

我以前用过DD-WRT,在SSH连接从来没有发生过你所说的问题。
角色 發表於 2013-12-14 21:40


两个路由器wr740n, wr1043nd之前都刷过openwrt, ssh连接无问题,正常连接。
刷回TP原厂固件后,再转至DD-WRT的。
而刷上DD-WRT就是ssh连接不上,重刷了几个DD-WRT的版本也还是不行。

PPTP、OpenVPN Server在这个Router上已经建好了,现在内网可以连接上,  外网却连接不进来,  DDNS已经启用了。
作者: 角色    時間: 2013-12-14 22:31

你是怎样从外网接入来呢?
作者: Skypeus    時間: 2013-12-14 22:41

你是怎样从外网接入来呢?
角色 發表於 2013-12-14 22:31



我用telnet测试openvpn 1194端口,分别从内网IP,外网IP来连接,内网OK,外网连接不进来。 
在另一个装有Gargoyle的Router设置OpenVPN Server,从内、外网都可以连接进来的。 

现在装有DD-WRT的VPN Router出现SSH连接不上,外网访问不了的问题,我折腾了好久,没有解决,现在感觉是这个固件的问题。但固件是从官网下载的,不知其他member有wr1043nd装有DD-WRT在用的吗?有无类似的现象呢?
作者: 角色    時間: 2013-12-14 23:49

不知道是否与loopback有关?
作者: tomleehk    時間: 2013-12-15 10:47

本帖最後由 tomleehk 於 2013-12-15 10:58 編輯

I used version DD-WRT v24-sp2 (05/17/11) vpn-small - build 17084M NEWD Eko..

[SecureShell]
SSHd = Enable
SSH TCP Forwarding = Disabled
Password Login = Enabled

[Remote Acccess]
SSH Management = Enabled
SSH Remote Login = Enabled

So far so good for all SSH, OpenVPN, PPTP, Wireless, Router etc. features and functions..

From my experience, DD-WRT different versions do have different bugs / problems, for me
1) dd-wrt.v24-18946_NEWD_openvpn__jffs_small.bin (07-Apr-2012) tested to be fail in OpenVPN. Even after successful connection with OpenVPN server, the client's request could not be routed to WAN/internet.
2) dd-wrt.v24-17990_NEWD_openvpn_jffs_small.bin (08-Dec-2011) tested to be fail in OpenVPN. Even after successful connection with OpenVPN server, the client's request could not be routed to WAN/internet.
3) Therefore, dd-wrt.v24-17084_NEWD_openvpn_jffs_small.bin (17-May-2011) is the most-updated firmware that tested to be fully working in OpenVPN and general AP/Router functions for me .

It impressed me that a more updated version does not necessaily mean less bugs/problems.

Suggest you use a broadcom based router to flash with version DD-WRT v24-sp2 (05/17/11) vpn-small - build 17084M NEWD Eko
作者: Skypeus    時間: 2013-12-15 14:09

果然是DD-WRT官方固件有bug, 又重新刷了N个历史版本的firmware,终于试到有几个是SSH能正常连接访问的。 SSH连接问题解决了。多谢角色、tomleehk师兄的指点!

而透过DDNS让外网访问到DD的OpenVPN服务的问题还没有解决,依然是连接不上,内网是可以正常连接到OpenVPN服务器的。 正在尝试解决这个问题………… 到成功搭建访问OpenVPN服务器,只剩下这个外网访问这一步了。
作者: tomleehk    時間: 2013-12-15 15:03

本帖最後由 tomleehk 於 2013-12-15 20:11 編輯
果然是DD-WRT官方固件有bug, 又重新刷了N个历史版本的firmware,终于试到有几个是SSH能正常连接访问的。  ...
Skypeus 發表於 2013-12-15 14:09


This DDNS function of DD-WRT is actually uploading/updating/posting the renewed/latest WAN IP address to your selected DDNS service provider for your router's URL. Your OpenVPN client can then pick-up the renewed (or the latest) IP address from the DNS server  and use the renewed (or the latest) IP address to access your router.

Therefore, you can first test accessing your DD-WRT router using your router's WAN IP address first (ie. use WAN IP address, instead of URL for your router in your client OpenVPN configuration file) and see if you can access properly. If you even cannot access using the router's WAN IP address, you should first begin troubleshooing why it cannot.

I worry this part even cannot works.

After you can access your router from client using your router's WAN IP address in your client OpenVPN configuration file, you can then check your DDNS  service provider's webpage for your router's URL to see if any changed WAN IP address for your DD-WRT router can properly be updated at your DDNS service provider.

To trigger this, you need to change the WAN MAC address of the DD-WRT and restart the router.
作者: Skypeus    時間: 2013-12-16 15:17

This DDNS function of DD-WRT is actually uploading/updating/posting the renewed/latest WAN IP addr ...
tomleehk 發表於 2013-12-15 15:03


終於找到OpenVPN服務不能從DDNS或外網IP訪問的原因, 當時測試的環境是DD-WRT Router上層還有一個ADSL Router,本地用DD的Wan IP來連接VPN Server是OK的,用上層Router外網Wan IP就一直連接不上,反復檢查設置應該是對的,就是連接不上。
現在到另一個外網線路一連接就連接上VPN。
不過DD-WRT的DDNS更新IP速度感覺還是太慢了。
多謝,各位師兄指點。
作者: tomleehk    時間: 2013-12-16 16:55

本帖最後由 tomleehk 於 2013-12-16 17:48 編輯
不過DD-WRT的DDNS更新IP速度感覺還是太慢了。..
Skypeus 發表於 2013-12-16 15:17


DD-WRT sends the request to the specified DDNS service provider immediately when it notices a change of WAN IP address during boot-up. The consequent steps as well as time-to-wait are not controlled by DD-WRT.

I use DynDNS for my DDNS and I found it just takes a few minutes (e.g. less than 5 minutes) to make everything effective.

Therefore, if you need to wait a much longer time, I believe it is because the updating of your URL to the China DNS servers is rather slow.



歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2