netbird ssh on OpenWrt not working #845

Closed
opened 2025-11-20 05:18:30 -05:00 by saavagebueno · 8 comments
Owner

Originally created by @mrbluecoat on GitHub (May 4, 2024).

Describe the problem

NetBird SSH on NetBird 0.27.3-r1 on OpenWrt isn't working

To Reproduce

Steps to reproduce the behavior:

  1. Login to OpenWrt as root
  2. Run opkg update && opkg install netbird
  3. Run netbird up to join your account as a peer
  4. Add CGNAT CIDR to firewall:
cat >> /etc/config/firewall <<EOF

config  zone
        option  name        'NetBird'
        option  input       'ACCEPT'
        option  output      'ACCEPT'
        option  forward     'REJECT'
        option  subnet      '100.64.0.0/10'

EOF
  1. In https://app.netbird.io/peers click the three-dots button to the right of the OpenWrt peer row and select Enable SSH Access
  2. In another peer terminal, try sudo netbird ssh your-openwrt-device.netbird.cloud (using your actual OpenWrt peer address)

Expected behavior

SSH login is granted. Instead I get:

Error: dial tcp 100.x.x.x:44338: connect: connection refused
Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer
You can verify the connection by running:

 netbird status

On the OpenWrt server:

# netbird status
Daemon version: 0.27.3
CLI version: 0.27.3
Management: Connected
Signal: Connected
Relays: 0/2 Available
Nameservers: 0/0 Available
FQDN: openwrt.netbird.cloud
NetBird IP: 100.x.x.x/16
Interface type: Userspace
Quantum resistance: false
Routes: -
Peers count: 1/1 Connected

Are you using NetBird Cloud?

Yes

NetBird version

0.27.3-r1 on OpenWrt server
0.27.4 on Ubuntu client

** Notes **

ssh root@your-openwrt-device.netbird.cloud (using your actual OpenWrt peer address) works fine, leveraging the default Dropbear SSH server on OpenWrt

Originally created by @mrbluecoat on GitHub (May 4, 2024). **Describe the problem** [NetBird SSH](https://docs.netbird.io/how-to/cli#ssh) on [NetBird 0.27.3-r1 on OpenWrt](https://pkgs.staging.openwrt.org/packages?name=netbird&branch=master&repo=&arch=aarch64_generic&origin=&maintainer=) isn't working **To Reproduce** Steps to reproduce the behavior: 1. Login to OpenWrt as root 2. Run `opkg update && opkg install netbird` 3. Run `netbird up` to join your account as a peer 4. Add CGNAT CIDR to firewall: ``` cat >> /etc/config/firewall <<EOF config zone option name 'NetBird' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' option subnet '100.64.0.0/10' EOF ``` 5. In https://app.netbird.io/peers click the three-dots button to the right of the OpenWrt peer row and select `Enable SSH Access` 6. In another peer terminal, try `sudo netbird ssh your-openwrt-device.netbird.cloud` (using your actual OpenWrt peer address) **Expected behavior** SSH login is granted. Instead I get: ``` Error: dial tcp 100.x.x.x:44338: connect: connection refused Couldn't connect. Please check the connection status or if the ssh server is enabled on the other peer You can verify the connection by running: netbird status ``` On the OpenWrt server: ``` # netbird status Daemon version: 0.27.3 CLI version: 0.27.3 Management: Connected Signal: Connected Relays: 0/2 Available Nameservers: 0/0 Available FQDN: openwrt.netbird.cloud NetBird IP: 100.x.x.x/16 Interface type: Userspace Quantum resistance: false Routes: - Peers count: 1/1 Connected ``` **Are you using NetBird Cloud?** Yes **NetBird version** 0.27.3-r1 on OpenWrt server 0.27.4 on Ubuntu client ** Notes ** `ssh root@your-openwrt-device.netbird.cloud` (using your actual OpenWrt peer address) works fine, leveraging the default Dropbear SSH server on OpenWrt
saavagebueno added the dashboard label 2025-11-20 05:18:30 -05:00
Author
Owner

@lixmal commented on GitHub (May 5, 2024):

Have you enabled ssh on the peer: https://docs.netbird.io/how-to/cli#up

@lixmal commented on GitHub (May 5, 2024): Have you enabled ssh on the peer: https://docs.netbird.io/how-to/cli#up
Author
Owner

@braginini commented on GitHub (May 5, 2024):

@heisbrot I think that we should indicate in the web UI that the user should ensure that the client app should be started with the netbird up --allow-server-ssh flag to explicitly permit SSH.

@braginini commented on GitHub (May 5, 2024): @heisbrot I think that we should indicate in the web UI that the user should ensure that the client app should be started with the `netbird up --allow-server-ssh` flag to explicitly permit SSH.
Author
Owner

@mrbluecoat commented on GitHub (May 5, 2024):

Oh, interesting. You are correct that I assumed the UI step was all that was required on the server side. +1 for braginini recommendation.

Out of curiosity, what does the UI Enable SSH Access action do?

@mrbluecoat commented on GitHub (May 5, 2024): Oh, interesting. You are correct that I assumed the UI step was all that was required on the server side. +1 for braginini recommendation. Out of curiosity, what does the UI `Enable SSH Access` action do?
Author
Owner

@mrbluecoat commented on GitHub (May 6, 2024):

netbird up --allow-server-ssh worked like a charm, thanks. Is there a way to apply this setting via a config file rather than a CLI argument? (OpenWrt custom builds leverage files for configuration rather than runtime arguments.)

@mrbluecoat commented on GitHub (May 6, 2024): `netbird up --allow-server-ssh` worked like a charm, thanks. Is there a way to apply this setting via a config file rather than a CLI argument? (OpenWrt custom builds leverage files for configuration rather than runtime arguments.)
Author
Owner

@mrbluecoat commented on GitHub (May 6, 2024):

P.S. I see where you can use an environment variable export NB_ALLOW_SERVER_SSH=true via https://docs.netbird.io/how-to/cli#environment-variables. I think I can use this and $HOME/.profile for my needs: https://forum.openwrt.org/t/set-environment-variable/36723/2

@mrbluecoat commented on GitHub (May 6, 2024): P.S. I see where you can use an environment variable `export NB_ALLOW_SERVER_SSH=true` via https://docs.netbird.io/how-to/cli#environment-variables. I think I can use this and `$HOME/.profile` for my needs: https://forum.openwrt.org/t/set-environment-variable/36723/2
Author
Owner

@mrbluecoat commented on GitHub (May 6, 2024):

Even better, I found you can set it via "ServerSSHAllowed": true in /etc/netbird/config.json

@mrbluecoat commented on GitHub (May 6, 2024): Even better, I found you can set it via `"ServerSSHAllowed": true` in `/etc/netbird/config.json`
Author
Owner

@XMethues commented on GitHub (Jun 15, 2024):

How did you download the latest version of netbird for openwrt?

@XMethues commented on GitHub (Jun 15, 2024): How did you download the latest version of netbird for openwrt?
Author
Owner

@mrbluecoat commented on GitHub (Jun 15, 2024):

@Tatametheus I didn't: 0.27.3-r1 on OpenWrt server

@mrbluecoat commented on GitHub (Jun 15, 2024): @Tatametheus I didn't: `0.27.3-r1 on OpenWrt server`
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#845