Default Settings - Remote Access

Discussion in 'Tomato Firmware' started by jbktomato, Oct 3, 2018.

  1. jbktomato

    jbktomato Serious Server Member

    Hello, were currently using Advanced Tomato (Shibby) on multiple remote locations with ASUS RT-N16 routers and occasionally the router will for unknown reasons, default back to "virgin" settings (ie SSID, Password, etc). When this happens, we can no longer remotely log into router due to the fact the "allow wireless access" setting in Admin Access Settings has be unchecked because the router when back to factory/virgin settings. We then have to drive to the location and manually reconfigure the router's settings or if someone saved the config settings, simply restore settings using the backup .cfg file.

    My question, is there a way to make the "allow wireless access" option in the Admin Access Setting default to "allow/check" upon power up of the router. Didn't know if there was a script that could be put in the "INIT" event scripts. And if there is a way, could someone please share the script and let me know how its done. This way we can continue to remotely log into router even if it defaults back to virgin status and apply the backup copy of the config file.

    Thank you...
     
  2. Sean B.

    Sean B. LI Guru Member

    Did you mean to say "Remote access" instead of "allow wireless access" ? If all settings are being reverted like a "factory reset", have you tested to see if anything saved in the scripts section survives? Also, when the router "factory resets" itself, do you know if it's also rebooting?
     
    Techie007 likes this.
  3. jbktomato

    jbktomato Serious Server Member

    Sean, thank you for your response. Due to the fact that we have NO scripts on these routers, it's hard to say that when the router goes back to a factory reset, if the script survives. When it does reset itself, all settings, including any access restrictions that we have created, banned MAC addresses and bandwidth limiter settings are completely gone!!! I had one yesterday reset it self back to factory settings. Client said internet is working fine but we were not able to log in remotely. Tech went to the site and simply made the router visible in the Administration settings, and I was able to remotely log in and make changes, including SSID, password and access restrictions. If you know of a script that allows a default setting of remote access so, I'd appreciate it. I can at least try it and see if it survives what these routers are doing.
     
  4. AndreDVJ

    AndreDVJ LI Guru Member

    A script will not solve this for you. An init script wouldn't survive a NVRAM reset. I believe the only way to really resolve this is if you could compile and run your own build.

    You have a very specific purpose, and the values in NVRAM that current TomatoUSB maintainers leave as defaults isn't suitable to your needs.

    TomatoUSB defaults get you up and running with internet access with no further configuration required if external IP address is obtained via DHCP.

    However it seems you need different defaults.

    I have no idea how many and how you manage your locations, but if you could compile an image for a specific deployment, you could have per example, SSH server enabled at startup with remote access, and a public key already baked-in (and get rid of that authorized keys box in GUI).

    So as long as you hold the private key, people can mess up, change password, do NVRAM resets, etc and the only way you'll really lose access for good is if someone is knowledgeable with TomatoUSB gets rid of the public key in NVRAM and commit it.

    Sometimes there are issues that the only way to have them resolved is by getting into the source code.

    Just for Remote Access via HTTP or HTTPS, the changes are simple. Tt's simply by updating "remote_management" and/or "remote_mgt_https" value from 0 to 1 in ~/router/shared/defaults.c (IIRC).

    The question now is that if it's worth the trouble for you of building your own image.
     
  5. jbktomato

    jbktomato Serious Server Member

    AndreDVJ, thank you for your reply... I have NO idea on how to "build my own image" to resolve this issue.
     
  6. Sean B.

    Sean B. LI Guru Member

    There is an option... IIRC, the firmware default is to have USB automount enabled. So, providing when this mystery setting loss occurs the router either reboots, or services restart that cause the USB port to down/up therefor triggering a remount, you can use autorun files. An autorun file is a file placed at the root dir of an attached USB storage device that has the extension of ".autorun" .. IE: fixsettings.autorun . Whatever is inside the file will be executed automatically by the firmware when the drive is mounted. So you just need an appropriate script and a thumbdrive.
     
    Justio, koitsu and Techie007 like this.
  7. jbktomato

    jbktomato Serious Server Member

    Sean, thank you for your reply... All of our routers have a thumbdrive attached mainly to run remote speedtests using "speedtest-cli" in commands.

    If anyone could help a NOOB with a script using Sean B's above suggestions, it would be GREATLY appreciated.

    In a perfect world, I'd like to have the ability to save the router's config files daily to the attached USB using a script inside the scheduler script section (ie 12:01am). Then in the event a loss occurs when the router either reboots, or services restart, the USB would have an autorun script that would restore the saved config files which in turn returns all the customization we have done for that router. (SSID, BW Limits, Access Restrications etc...).
     
    Last edited: Oct 4, 2018
  8. Techie007

    Techie007 Serious Server Member

    Create a file named remotemgmt.autorun, containing the code below, and put it on the root of your USB drive:

    Code:
    nvram set remote_mgt_https=1
    nvram set remote_management=1
    nvram commit
    You can change the values to 0 or 1 as needed to enable the correct kind of management (HTTP or HTTPS). The above code enables both. If there are any other specific settings you want hardcoded to never change, let me know and I can find their NVRAM values and give you the script code to set it.
     
  9. jbktomato

    jbktomato Serious Server Member

    Techie007, thank you for your response and the code. I'll give it a try.
     
  10. jbktomato

    jbktomato Serious Server Member

    Techie007, I tried your code by placing a file on the root directory of a USB and no matter what I try, I can't seem to get it to work and doesn't appear to make the changes. I also tried you code by disabling the remote access under administration and executing your above code into the system commands of the router and by using (2) computers, one locally logged into router and one remote, I see the changes take place under the admin settings > remote access but until I hit save with the local computer, and let the router apply changes for 10 seconds, the remote computer is not able to log in.

    So it appears when I apply the code under system commands, its makes the changes but the router isn't applying them until I hit "save" with local computer. But if I manually disable the remote access and power cycle the router with the usb attached, no changes are made to the remote access settings.

    Any additional help is greatly appreciate...
     
  11. Sean B.

    Sean B. LI Guru Member

    You need to restart the appropriate services for the setting changes to take effect ( this is done automatically in the GUI ). Add this line:

    Code:
    service sshd restart
    I believe sshd will restart the firewall as well, which needs to be done so the external ports are opened. However if I'm incorrect add this line as well:

    Code:
    service firewall restart
    Also, make sure you format the file correctly and make it executable. File should read as follows:

    Code:
    #!/bin/sh
    
    nvram set remote_mgt_https=1
    nvram set remote_management=1
    nvram commit
    sleep 1
    service sshd restart
    To make the file executable, run this command after having created the file:

    Code:
    chmod +x filename.autorun
    Where "filename" is whatever you named the autorun file. Use ext2 or ext3 as the file system for the USB drive, and the file must be placed at the root of the drive.. IE: if the drive mounts to /mnt/usbdrive the file would be at /mnt/usbdrive/filename.autorun .
     
    Last edited: Oct 5, 2018
  12. jbktomato

    jbktomato Serious Server Member

    Sean, thanks for the response and additional code. For some reason, I can't get the "autorun" file to work on the USB still. To the best of my knowledge, the file is executable. I logged into router using putty and the file is in the same directory as "speedtest-cli" which is in /opt directory. The autorun file (remotemgmt.autorun) is green.

    Seeing if your additional code work, I disabled "remote access" in the admin settings of the router and using a local computer executed you code in the system commands prompt of the router and the following appeared:

    commit... done

    Done.

    Done.

    I then opened the admin settings and saw that "remote access" was enabled (http), I then tried to login using a remote computer and still nothing. I then hit "save" on the admin access settings page using local computer, waited while the router counted down from "10" and tried remote computer and worked like a charm.

    So whatever the router is doing during that 10 second countdown appears to be what I'm missing.

    As to why the USB isn't working with autorun, is beyond me. USB drive work fines with the speedtest-cli script when I execute it from command line.

    I'd like to 1st get the code to work properly from the command line and then figure out why the USB drive isn't working.

    Any additional help is greatly appreciated...
     
  13. koitsu

    koitsu Network Guru Member

    I'm just going to ask: is this for a company or commercial venue?
     
  14. jbktomato

    jbktomato Serious Server Member

    Yes we use these routers on several of our construction sites and the reason I need this script is, for some reason some of the routers for one reason or another will revert back to "virgin" status, meaning when this happens, all settings on the router are completely erased (SSID, passwords, access restrictions etc...) which means one of our guys will have to drive to location, which can be upwards of 2 hours away, and simply log into router, open admin > access settings and enable the http remote access settings. My hope is that with the help of some tomato firmware "experts", we can get a script that if this happens again, I can have one of the guys locally power cycle router and the "autorun" script will automatically enable and SAVE the remote access settings. So far, using the system command and the scripts given to me in this thread, I've been able to get the script to enable the http remote access setting but any remote access still doesn't work unless the "SAVE" button on the admin access settings is manually pushed by a local computer. Once the "SAVE" button is pushed, remote login is available. Seems to me were missing some script that will duplicate the hitting of the "SAVE" button. I've been testing the script with an ASUS router with AT 3.4 140 in my office using a laptop locally logged into the router and a remote computer with a different public ip as a remote computer...

    Thanks again for all the help...
     
    Last edited: Oct 5, 2018
  15. Sean B.

    Sean B. LI Guru Member

    I believe I see the issue. I quoted you sshd as I had shell commands on the brain from the code. When you're enabling remote web access, not shell. Use:

    Code:
    service httpd restart
    Instead of sshd restart. Also restart the firewall as stated previously if httpd alone doesn't work.
     
    Last edited: Oct 5, 2018
  16. jbktomato

    jbktomato Serious Server Member

    Yes, I tried with and without that line of code and saw no difference from the system command on the router. Like I stated earlier, when I execute code from the command prompt of the router, the code does change the "remote access" setting from disabled to http but won't allow remote access to the router unless a local computer hits the save button in the admin access settings, usally with a couple of seconds of hitting save button, the remote computer can log in.

    Thanks for your help and input...
     
  17. Sean B.

    Sean B. LI Guru Member

    I edited that post after you read it but before I saw your reply. Please re-read.
     
  18. jbktomato

    jbktomato Serious Server Member

    Sean, I got it to work under system commands using the httpd code and the firewall code. When I execute it in system commands it does however show "ERROR: unknown". But the end result when I execute the code that both you had Techie007 gave me, the remote user is now able to log in. Now I just got to figure out why its not working from the "autorun" file I created. Any suggestions???
     
  19. AndreDVJ

    AndreDVJ LI Guru Member

    Is the hashbang in your autorun file?
     
  20. jbktomato

    jbktomato Serious Server Member

    Andre, not sure what you mean by "hashbang in your autorun file"
     
  21. Sean B.

    Sean B. LI Guru Member

    He's referring to the first line of the script:

    Code:
    #!/bin/sh
    Don't know what the error would be, those commands are rather basic. How did you create the autorun file? Did you make it in a Windows editor and then transfer it to the router? Did you use copy/paste at any point? My initial guess is there's a formatting issue, IE: made in a Windows editor and the CR/LF etc are not handled correctly, or spacing has been altered from copy/paste. If you'd upload the file as-is to cloud storage and post a link, I can take a look if you like.
     
  22. jbktomato

    jbktomato Serious Server Member

    Created autorun file using "gedit" on a linux only laptop. USB drive is formatted as EXT3. USB drive works great with "speedtest-cli". Autorun file ("remotemgmt.autorun") is located along with "speedtest_cli" in the following location on the root directory of the USB (/opt). When USB drive is installed on the router, the USB drive shows it is mounted to "/opt".
     
  23. jbktomato

    jbktomato Serious Server Member

    Rookie and/or fat fingers mistake. Sean after your last post, I open file and carefully looked at code and realized in the 1st line of code I had: "#1/bin/sh" instead of "#!/bin/sh". Looks like I forgot to hit the shift key.

    Autorun appears to work now. Thanks to all!!!
     
  24. Sean B.

    Sean B. LI Guru Member

    You're welcome. glad it's working.
     
  25. Sean B.

    Sean B. LI Guru Member

    @jbktomato , a quick suggestion if I may. In the GUI under Administration->Logging there's an option to change the log file path. Sense you have USB storage attached full time, if you were to set that file path to the drives mount point (IE: /mnt/usbdrive/system.log) the system log would survive the settings loss and/or reboot which may provide insight on what's actually causing this to happen.
     
  26. jbktomato

    jbktomato Serious Server Member

    Good idea, I'll give it a try... Question for you Sean, do you think it's possible for a script to be created that could be placed in Admin > Scheduler > Custom 1 that could be set up to back up the config files similar to when you go to Admin > Configuration > Backup Configuration but instead of saving the file to (IE: downloads folder on computer) when user manually presses "backup button", you could setup a time in scheduler of router (IE:12:01 am everday) to run a script to backup config file to mounted USB? Then in the event of factory reset of router, there is an autorun file that upon bootup of router, restored that config settings using the lastest save config file.
     
  27. Sean B.

    Sean B. LI Guru Member

    Yes, it is. However it's not something to be done/taken lightly. There are absolutely NO safeguards when manipulating NVRAM contents via command line ( script ), checks an balances must be coded into the script itself. If a glitch or unplanned for circumstance causes the script to save and restore erroneous data it could easily brick the router. Especially when the NVRAM is being read/wrote in its entirety, as any issue that does arise won't be limited in scope to just a couple variables.
     
    Last edited: Oct 6, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice