Bypass Anti Tethering

Installing and Using OpenWrt
1

vim /etc/nftables.d/ttl64.nft

chain mangle_prerouting_ttl64 {
  type filter hook prerouting priority 300; policy accept;
  counter ip ttl set 64
  counter ip6 hoplimit set 64
}
2

Just FYI:

  • There's quite a few threads on this already
  • OpenWrt switched from iptables to nftables in a former release - this won't work by default on newer firmware
  • Other threads provide native nft syntax to perform the same function without installing additional software
4 Likes
3

Kinda converted particular ruleset yesterday.

Interestingly which provider started to battle tethering to rise interest in this....

1 Like
4

this is only applicable on wireless hotspot with anti tethering enabled. It's like receiving 1 ttl and broadcast it into 64 ttl

AP ttl=1 radio0 -> Openwrt router radio1 ttl=64

5

There is other check for ttl=64 in upload direction sometimes.
something like ping -t 62 8.8.8.8 should be dropped then from the phone or lan.

1 Like
6

Im connected to the AP with ttl=1 from a gateway 10.0.0.1 (Anti Tethering Enable) using this Keenetic router on WISP mode it will set ttl Outbound into 64 instead of 0

those iptables rules are for wireless isp mode only that will accept ttl=1 and broadcast ttl=64 for wireless clients

Screenshot_2024_0924_155507
Screenshot_2024_0924_1555071038×941 152 KB

Screenshot_2024_0924_153931
Screenshot_2024_0924_153931900×601 53.7 KB

Screenshot_2024_0924_153847
Screenshot_2024_0924_1538471006×141 21.5 KB

7

Test outside site not gw...

1 Like