How to setup Proxy for bypassing isp limit?

Daru · September 22, 2024, 9:50am

good evening all
already 3 hour straight and yeet not found the answer.
first things first my spec was

OpenWrt 23.05.4 (r24012-d8dd03c46f) - Xiaomi Mi Router 4C

I had internet ISP from dorm which i need to connect to his wifi/ssid and then login the user-pass that they give me if i want to use the internet (idk it's mikrotik or not, if i not wrong last time it said mikhmon or similar to it when i login then error)

Short story the internet was already expensive, for 1 people, and lately they change the rule so the payment earlier isnt for 1 people, but for 1 devices, and now it seems only first devices who connect to the ssid and login is the only ones who get network. if we thetering it or make hotspot from it, they will not give any internet access

My earlier setup before they limit the wifi was
their AP > My Openwrt (client mode) > Connect it to my laptop and phone, booth from wifi and lan.

Now i can't do it again since no network will be appear on second devices
example their AP > My laptop (works) > my phone (not work)
Or their AP > openwrt (this seems works since i ping it on diagnose page they still give correct ip) > my laptop / phone (not works booth)

so do you know how i suppose to make it works on second devices/thetering/openwrt??
i searching in internet, some of them said changing TTL will works i already change openwrt to 64,65 and 128 all of them seems not works on my case....

other things i search is they suggest me to use proxy, socks5 or other... but i had no idea at all how to implement those things on openwrt

can somehow one of you guys can help me how to do it? or what package that i need to use for this issue,

my brain only think that all i can do is make some sort of proxy on openwrt, then rotate all network from the ISP AP to the proxy, so when i connect it with phone or laptop from openwrt, it can looks like one single connection.

but honestly i had no idea how to do it and what package that i need to install for it
T.T

maurer · September 22, 2024, 12:53pm

try with cloudflare warp (wireguard) - https://github.com/hillz2/openwrt_cloudflare_warp

lleachii · September 22, 2024, 1:35pm

Please post what you used. I've found a few posts marked as solution for changing TTL in version 23 don't work for me.

To be clear, try what with WARP - to "proxy"?

maurer · September 22, 2024, 1:39pm

setup the openwrt router to fully tunnel the outgoing internet via cloudflare warp VPN (aka proxy)

Daru · September 23, 2024, 6:35am

Hello guys, thanks alot for your answer, btw i managed to fix ttl issue on earlier openwrt setup (version 21) while the lastest version doesn't even effect ttl even when we done set it up...
idk what the wrong issue here
but on earlier build it seems work
anyway proxy like VPN warp isn't work since for first connection need to be login on login page of the wifi so they not showing it if we using custom proxy/dns/vpn

brada4 · September 23, 2024, 6:54am

Can you post iptables rules you used?

Daru · September 23, 2024, 8:52am

last time i using

chain mangle_postrouting_ttl65 {
  type filter hook postrouting priority 300; policy accept;
  counter ip ttl set 65
}
chain mangle_prerouting_ttl65 {
  type filter hook prerouting priority 300; policy accept;
  counter ip ttl set 65
}

(try one of them, or booth of them not works) on newest openwrt version

then my friend suggest to install v21
it works with old setting
iptables -t mangle -I PREROUTING -j TTL --ttl-set 65

brada4 · September 23, 2024, 9:12am

REF: Changing TTL on the new OpenWRT versions - #13 by brada4

chain raw_output {
        type filter hook output priority raw; policy accept;
        oif $wan_devices ip ttl { 2-64 , 66-255 } ip ttl set 65
        # oif $wan_devices ip6 hoplimit { 2-64 , 66-254 } ip6 hoplimit set 65
}
chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        iif $wan_devices ip ttl { 1-64 , 66-255 } ip ttl set 65
        # iif $wan_devices ip6 hoplimit { 1-64 , 66-254 } ip6 hoplimit set 65
}

i.e you can prepend "your rules" to existing hooks by duplicating hook header+name

ttl setting recalculates full packet checksum thus we exclude target value
and exclude special values 0,1 and where applies 255. They are about DHCP and stuff.

EDIT2: handle wan input "better"

Daru · September 23, 2024, 10:07am

ok maybe next time when i about to use version 23 or higher i will try those
thanks anyway T.T

brada4 · September 23, 2024, 10:29am

iptables-nft also work, you can copy their result over to ^^ inserts into fw4 tables. But not mandatory.

system · October 3, 2024, 10:29am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.