I want to buy a cheap wireless router for OpenWRT. The purpose is for AP+client mode, and I want to easily change my MAC.
(yes as simple as that. -out of topic-
My local wifi ISP uses MAC as identification and the wifi security is open, but there's a snooper who listened to data wifi traffic and stole everybody's MAC, including mine and then I can't reconnect. I have control over what what MAC I register to ISP and I can change that easily because I'm the legit account owner. So if that ever happen again, I can change the MAC and easily register it to my account on ISP site/apps over mobile phone.)
Back to the question. I've studied some spec and properties of the router TL-WR840N but there were differences between version. OpenWRT discourages user from using router with 4flash/32RAM and I wonder which one should I buy since the v4 is 8/64 but old and rare and the v6 is the newest on local market and practically everywhere here but it's 4/32. I'm wondering about future (security) support of those devices. (This is basically Old device vs. Not-Recommended devices for future OpenWRT update/support.)
edit: I checked the firmware list but there's no binary image for v6, but the hardware v6 is the newest so it will get support eventually(?). I wonder which one shoud I buy.
If the v4 is 8mb flash / 64 mb ram, and already has support from openwrt then get that. There is no guarentees any new device will get support. Its done by volunteers and i imagine takes quite a bit of time. So if you wait for support for the v6 device you might end up waiting forever (literally).
Regarding your mac question - not sure how your isp could ever see the mac addresses of the wifi clients. Macs are on layer 2, so when traffic is sent through to your isp , your isp will see the mac of your openwrt router - assuming you are running pppoe on it , or if not then whatever device you configured to get the public ip on it. Anyways - skip the mac security and just configure wpa2 security on your openwrt router with a long preshared key (eg >30 chars) and they will be completely locked out - and can no longer snoop on you at the same time .
Yes. I can confirm if the v4 listed on official OpenWRT 18.06.1 but I can't find the v6 firmware anywhere. Thank you for the suggestion. I will try to look for the v4 device.
.
.
Regarding the MAC, that was a background story just in case somebody was wondering why I was looking for such cheap router. =D But about MAC, it looks like the ISP uses a kind of RADIUS server with LDAP web authentication. I don't really understand about the authentication mechanism, but from what I've experienced, the wifi is open/unencrypted. When I connected first time, the web page redirected to a kind of login page with user ID and password. I input my credential, then I was connected. After that, the MAC of device that was used for login then was listed on ISP's database under my account, so in the future if the device with that particular MAC access the ISP's network again, they won't ask for credential again. I can change my device (identified by the MAC) by repeating the process again so the old MAC will be replaced.
.
.
I can't control the mechanism of identification between client to ISP's AP side, I feel that mechanism is weird. But yes I will surely use normal WPA2 AES with strong passphrase on the device on my side.
Interesting! TIL. Maybe its part of /related to 802.1x.
Not sure if you have ability to replace the original open wifi device - but id strongly recommend you do, since the encrypted wifi link ends at the openwrt device. (So even using a crossover cable into the other appliance will leak data - such as from broadcasts )
I found a local seller of v4 device, but the online system payment confirmation was slow so I don't know how long the stock will last. As an alternative there is v5. Although v5 is 4/64, at least it's supported by OpenWRT and not as low as 4/32 v6.
Interesting! TIL. Maybe its part of /related to 802.1x.
Probably yes, I guess. The database for user authentication is a centralized server apart from the Access Point. The only widely used protocol for that purpose is 802.1x, with some modification maybe.
This mechanism seems unusual but I guess the ISP wanted to mimic mobile cellular from the user perspective by using this (weird) mechanism so users can move between ISPs wireless "cell" seamlessly. It's even weirder than WPA2-Enterprise. I just don't understand such thing. xD
Not sure if you have ability to replace the original open wifi device - but id strongly recommend you do, since the encrypted wifi link ends at the openwrt device. (So even using a crossover cable into the other appliance will leak data - such as from broadcasts )
To be honest, I can't. xD
The ISP's AP hotspot side is beyond my control.
I'm at the mercy of HTTPS-SSL/TLS and those VPN providers. xD
a bit before acquiring the tplink 840 v4, it is a good router, but I tell you that the wifi performance is not as stable and good with the current firmware OpenWrt, there is a thread that talks about that in the forum. Currently the Julian user is compiling test firmware with the current drivers. But it is up to you to see if it fulfills your performance expectations with OpenWrt. I had to go back to the original firmware 15 days ago, but yesterday again the user made a new compilation.