I recently picked up the Flint 3 router, running OpenWrt, to replace my aging home networking gear. I didn’t find a complete guide to basic configuration I’d deem manditory out of the box.

The GL Inet “basic” interface is on ports 80/443 and the LuCI UI on 8080/8443. They seem to configue the same things just with different interfaces and different levels of details. On to enabling ssh with keys.

Using the LuCI interface you can add keys via the System –> Administraion menu. On the SSH Access tab, I suggest turning OFF

  • Password authentication
  • Allow root logins with password
  • Allow the root user to log in with password

On the SSH Keys tab you can, unsuprisingly add ssh keys.

On the HTTP(S) Access tab I suggest you enable “Redirect to HTTPS”

Save and apply everything, you should now be able to ssh in with root@hostname

Next up Tailscale and SSL Certs.

Follow the instructions in my post GL.iNet Tailscale Config before doing anyhing else with Tailscale.

For the basic GL Inet web interface

/usr/sbin/tailscale cert gl-be9300.EXAMPLE.ts.net
cp gl-be9300.EXAMPLE.ts.net* /etc/nginx/
ls -al /etc/nginx/
vim /etc/nginx/conf.d/gl.conf

Change the following lines in the file to point your cert/key files (around line 21/22)

    ssl_certificate /etc/nginx/gl-be9300.EXAMPLE.ts.net.crt;
    ssl_certificate_key /etc/nginx/gl-be9300.EXAMPLE.ts.net.key;

Now check your nginx config with nginx -t you should see the following

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If test doesn’t show any problems then restart nginx service nginx restart

For the Advanced/LuCI interface

First backup the current key and cert just incase you screw something up.

cp /etc/uhttpd.crt ~/
cp /etc/uhttpd.key ~/

Then copy the certs over and restart LuCI.

  cp gl-be9300.EXAMPLE.ts.net.crt /etc/uhttpd.crt
  cp gl-be9300.EXAMPLE.ts.net.key /etc/uhttpd.key
  service uhttpd restart