Restriction bypassing

Good evening, been tinkering with OpenWRT for a bit now. Recently the ISP in my area (deployed environment) has switched from regular service enabling the use of a router (connect as many devices as the router can handle) to forcing bridge mode and only allowing two devices per account. Trying to configure the router to utilize one of the authorized devices to pull data and retransmit wifi as an access point. The ISP guys said it was possible with OpenWRT and left the mystery at that for me to learn. Any forum link you could direct me to? Not looking for someone to give me the answer I’m looking for a direction to learn on my own and understand how that configuration works. I was Able to piggy back off other AP and redistribute my own network but all that came to a halt. Crazy side note I scanned the network after bridging my one router with NMAP and this looks extremely unsecured as I was Able to literally see all the other devices connected to this “bridged network” idk why bridging was a bright idea as it looks like we are all connected to a massive switch. But any ideas or thoughts I’m up to learn and understand. Thank you for your time!

You will use the router is the default state which will setup a NAT masqueraded lan behind the router and use just one ip address from your isp. It is about as simple as it can get.

Can this all be done with the one OpenWRT router or does my existing router I was Using still need to be in play for the bridged access. Thank you again for replying. Really appreciate it.

Your existing router is only needed if the isp requires it or if the physical connection to the isp is not Ethernet.

You might need to find out what the existing router uses for its connection protocol (dhcp, pppoe, or static).

So here’s the typology of my deployed shitshow. The ISP gives us access through Ethernet port in our room. We pay a set amount for access to the web. The router is purchased to allow other devices that don’t have Ethernet just like in your home (obviously, I’m sorry) They give us no equipment. Just paid access through the Ethernet port in the wall. We used to be able to run the router like normal with DHCP. Now we were forced to put our router in bridge mode and disable DHCP. I think This is how they are restricting the devices cuz it gives them more control over the IP addresses accessing the internet. There’s a login page that you are redirected to and you enter your login info allowing you to the web (2 device max) 2 months in they decided they could make more money off soldiers so they implemented this shit show lol

Do you own the router that is directly connected to their network? They cannot force you to use it in bridge mode if it belongs exclusively to you. If it was issued by and/or belongs to them, you may need to put your router behind theirs since they can theoretically force the operating mode of their device.

I own Both routers. One D-Link DIR-X5460 I was Primarily using and one TP-Link AC1350 C59 Version 2.0 running OpenWRT. They did something on their end that disabled the connection and the only way to connect to the web was to enable bridge mode :roll_eyes: so I’m just trying to pull internet using “one device” and redistribute my own wireless network for my devices. All using my own hardware.

You're running OpenWrt now on that device?

Let's see your config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

They restricted mac address changes. Bridge mode just grants access to that other mac.

1 Like

I just Reset the OpenWRT router. Been trying different configuration testing out different approaches. Here in a min I’ll be at the default configuration. Basically run down rabbit holes and testing out stuff iv done in network classes. Reset and start over. Been a hobby project for the last couple days lol sense im back at factory/default configuration do you still want a snip of it sir

Yes, it is still worth seeing what you are working with and verifying your config.

If your router is setup with NAT Masquerading (i.e. normal home router type config), the ISP cannot see your downstream network and will be unaware of anything behind your router. They see it as just a single device, and there are very few things that can be done for them to prevent that from working.

You need to recover mac that is stuck in providers end or ask them to clear it. You will not be able to swap 2 routers depending on weather anymore.

I’ll look into that and have them clear it!

I’m in my router via SSH and ran the command at the top of the output (ubus call system board) and it didn’t output the same data you displayed.

copy and paste the output that you saw from the ubus call system board command...

The memo they gave us said two devices max, once a 3rd attempts to log in, one of your other devices is kicked. So I’m assuming auto cache clear?

I don't know what they are dong, but not a cache clear... unless you need to enter credentials into some login screen via the web for a cookie-based session or similar, your router will appear as one device no matter how many things are behind it.

1 Like
root@OpenWrt: ~# ubus call system board
"kernel": "5.15.137"
"hostname": "OpenWrt"
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "TP-Link Archer C59 v2",
"board_name": "tplink, archer-c59-v2%,
"release": {
"distribution": "Openwrt",
"version": "23.05.2'
"revision": "123630-842932a63d*,
"target": "ath79/generic*
"description": OpenWrt 23.05.2 r23630-842932a63d*

Ok.... now let's see the output from the other commands.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix 'fd23:5e07:954a::/48'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option ip6assign '60'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'