Asuswrt - Control your Router with custom switches

Here is my take how to remotely activate commands on your router. I am using an R7000 running an Asuswrt firmware. There are probably other ways to achieve this. Maybe if some can take the below have it integrated in the current Asuswrt component.

I’m running HA on my RPI3, You need to generate and copy the ssh key to the router. This to execute the command without using yr router password.

**ssh in your server to generate private keys: **

- generate ssh key
  command: ssh-keygen and typ 3 times for default answers

- send keys to your router and use yr router password:
  ssh-copy-id -p xxx [email protected] [use your own user ID, default is admin if you did not change it]

Create scripts and make them executable chmod u+x scriptname.sh

vpn_server1_on.sh

#!/bin/sh
ssh -p 'xxx' '[email protected]'  service start_vpnserver1

vpn_server1_off.sh

#!/bin/sh
ssh -p 'xxx' '[email protected]'  service stop_vpnserver1

vpn_server1_state.sh

#!/bin/sh
ssh -p 'xxx' '[email protected]' pidof vpnserver1 >/dev/null && echo "enabled" || echo "disabled"

Hass configuration in the SWITCH section

- platform: command_line
  scan_interval: 60
  switches:
   router_vpn_server1:
        command_on: "/opt/scripts/vpn_server1_on.sh"
        command_off: "/opt/scripts/ vpn_server1_off.sh"
        command_state: "/opt/scripts/vpn_server1_state.sh"
        value_template: '{{ value == "enabled" }}'
        friendly_name: VPN Server 1

You can also add VPN Server nr 2 (vpnserver 2) or add up to 5 VPN Client as well
for client you can adapt the script above as follows: service start_vpnclient1

I hope this can be useful for others and further enhanced.

7 Likes

Hey, superb, thank you very much! :slight_smile:

Something like this for turning guest networks on/off might be handy. Combine that with a Bluetooth sensor and have guest network turn on/off automatically when friends/family come around to visit.

1 Like

I have not tested the code below but you could try this on the router itself in terminal and if it works you can then adapt the code in the first post above.

enable_guest_network.sh should contain something like:
ssh -p 'xxx' '[email protected]'  wl -i wl0.1 enable

Update with firewall and adblock (diversion) switches.

ssh -p 'xxx' '[email protected]' diversion enable / disable

ssh -p 'xxx' '[email protected]' firewall start / disable

image

Didn’t work. Oh well.

Hi, can I ask, I am using Hassio, and where do I host the vpn_server1_on.sh etc?
Also, when I try manually ssh -p ‘xxx’ ‘user@domain’ service start_vpnserver1 , it returns

sh: service: not found

any clue?

I dont use hassio, I guess should create a folder in your hass config ie. scripts and whitelist it.

First try to ssh to your router directly and execute the command and check in the Aswrt VPN tab that the VPN 1 stopped and started, as per screenshot below.

service stop_vpnserver1
service start_vpnserver1

image

Secondly, did you follow the steps in the guide regarding copying the keys from hassio to your router with ssh-copy-id ?

Hi,

I tried this and finally succeded in Hassio. Try this if you can’t get it to work.
My vpn_client1_on.sh:

#!/bin/sh 
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/sshkey/my.key [email protected] service start_vpnclient1

I always got an error before. No idea why it works but it does.

I created the key with this shellcommand:

create_keys: ssh-keygen -t rsa -N "" -f my.key

I then copied the public key to the router (In the GUI).

1 Like

Hi,

I’m using this straight in the configuration.yaml file, for a PPTP VPN:

switch:
  - platform: command_line
    scan_interval: 600
    switches:
      asuswrt_vpn_pptp:
        command_on: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/custom_components/asuswrt_ssh/asuswrt_ssh_key 'admin_user_defined_by_you@asus_ip_address_lan'  service start_pptpd"
        command_off: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/custom_components/asuswrt_ssh/asuswrt_ssh_key  'admin_user_defined_by_you@asus_ip_address_lan' service stop_pptpd"
        command_state: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/custom_components/asuswrt_ssh/asuswrt_ssh_key 'admin_user_defined_by_you@asus_ip_address_lan' pidof pptpd >/dev/null && echo 'enabled' || echo 'disabled'"
        value_template: '{{ value == "enabled" }}'
        friendly_name: 'Asus VPN PPTP'

Also I did a change for permissions on the key file, such as:

chmod 600 /config/custom_components/asuswrt_ssh/asuswrt_ssh_key

Thanks.

2 Likes

On my RT-AC1900P i found it to be:

- platform: command_line
    scan_interval: 600
    switches:
      asuswrt_wlan0_1:
        command_on: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key 'user@IP' nvram set wl0.1_bss_enabled=1;restart_wireless service" #nvram set wl0.1_bss_enabled=1;nvram commit;restart_wireless service
        command_off: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key  'user@IP' nvram set wl0.1_bss_enabled=0;restart_wireless service" #nvram set wl0.1_bss_enabled=0;nvram commit;restart_wireless service
        command_state: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key 'user@IP' nvram get wl0.1_bss_enabled"
        value_template: '{{ value == "1" }}'
        friendly_name: 'Asus 2.4Ghz Guest Network 1'
  - platform: command_line
    scan_interval: 600
    switches:
      asuswrt_wlan1_1:
        command_on: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key 'user@IP' nvram set wl1.1_bss_enabled=1;restart_wireless service" #nvram set wl1.1_bss_enabled=1;nvram commit;restart_wireless service
        command_off: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key  'user@IP' nvram set wl1.1_bss_enabled=0;restart_wireless service" #nvram set wl1.1_bss_enabled=0;nvram commit;restart_wireless service
        command_state: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/homeassistant/.homeassistant/custom_components/asuswrt_ssh/my.key 'user@IP' nvram get wl1.1_bss_enabled"
        value_template: '{{ value == "1" }}'
        friendly_name: 'Asus 5Ghz Guest Network 1'

Using the text commented out at end of each command would write the NVRAM and allow the setting to survive reboots.

1 Like

Sorry to be such a noob, do you have any tutorials how to add these controls (i.e. the VPN client) to home assistant UI? I am very new to home assistant, I have it up and running in docker but do no know where to put your script. If you could point me to a tutorial that would be so helpful.

Thanks so much for developing this script it will be so very helpful if I can get it working!