Good idea, you definitely think like I do lol. Ok, I'ma have this thing booted in 30 mins or so. Had a long night 
...... I live that 6 day,
12 hour, works your second home shit sorry lol.
Okay I input clouddflares dns info into the dns forwarding section you described. Upon loading a webpage nothing has changed. But..... Now I can go to the diagnostics section on Luci and upon entering any website to ping it gives me good looking info.
Here is the 3 screenshots I took when pinging 3 websites.
https://m.imgur.com/gallery/aqu9Zvg
UPDATE : Still playing around but anyways .......
After playing around some more, I was able to ping almost any site after changing the dns forwardings. So I tried to go-to update package lists in software section and got error about connection or couldn't resolve etc.
So knowing my phone does connect I went to interfaces then wwan ( the newly created client interface connected to my brothers hardware on 5ghz band guest we setup). Then I cloned the Mac from phone to correct field. Now I am able to update the package lists on my 3200acm. The router itself is acting like it's associated and connected to the internet.
And
Successfully installing a package (one of my favs) , hope it won't screw with my install it was just a test ....
I feel like I'm somewhat getting somewhere lol... Maybe it's nothing IDK 
UPDATE UPDATE: So I was tinkering with settings further and got to firewall area where I saw I had a LAN & WAN zone set . Upon looking at the settings for both zones I set a new zone called wwan with; reject, accept, accept.......... and suddenly I have internet . But it's only via cable connection (on client router ....in my home.... on my network.... provided by my own 3200acm) . Other bad news is when I set this, I can now connect to client router via cable with any device and it will get a active Internet connection ( didn't get to test local device connectivity between each other i.e. ; plex server to tv, or file sharing etc.), but now I no longer have a web interface where I can see settings like before to change or edit my configuration on my wrt3200acm. Almost as soon as the firewall zone was added I got internet and now as a tradeoff no Luci web interface. As a matter of fact I can't connect to the default gateway at all. I also tried ssh I setup as a failsafe and it doesn't connect either . Upon looking at connection info it just shows blanks or question marks in any field related to connection made currently.
I think I can reproduce this setup though, I pretty much just used a pre determined dns ,authenticated Mac and cloned it to the the client interface, no different than someone scanning for connected clients on a network and snagging certain info from someone already assigned a ip based off allowed connection rules . Then turned around and setup firewall rules in order to allow what was needed .
This is not solved so please don't lable it as such. I still would like further input or brain picking as to what's going on etc. Since I believe this process could work in multiple cases where someone would need to bypass or workaround a captive portal login based network with no encryption but their devices never get , or, fail to receive the actual captive portal login for whatever reason etc.
Side note... : I tried bridging this connection after I was able to connect just the router (3200acm) to internet to either the LAN or 2nd WiFi interface ( 2.4ghz radio) but as soon as I created a bridge I was no longer associated to the guest network on my brother's network device and would have to revert settings when they timed out . I want to say the same thing happened when I tried to edit the last setting in firewall are except I clicked on the red button on pop-up that said somethe like "allow unchecked" or some in that nature ugh.....
Can you simply:
- Use a laptop to connect
- Copy/note the captive portal's URL
- Make note and alter any MAC/IP it may contain
- Connect the OpenWrt using
- scan
- join WWAN
- do not replace settings
- Connect laptop to OpenWrt
- Refresh/Paste the URL
Who said we planned to "label anything"?
You have the control of checking/un-checking a solution in the thread.
And are you honestly saying you don't understand?
None of this (as far as I can tell) has to do with firewalls, config, etc. (the seemed OK defining what you desired - OpenWrt connected was WWAN, clients on LAN). You simply have to authenticate with the captive portal. I have to overcome this at e.g. hotels all the time.
the fact that you got internet when you cloned the MAC suggests that it's really the captive portal.
The router itself doesn't use the DNS settings we set up I think... it tries to use the settings from DHCP on its WAN. you can however go to the WAN setup and put the cloudflare DNS in manually there also.
I think @lleachii is right about copying and pasting the URL for the captive portal. I suggest to start with a fresh config, set up the WAN by joining the guest wifi, put in cloudflare DNS on both the WAN and the DNS/DHCP settings, and try logging in to the captive portal by manually copying the portal address. see what happens
I'm having trouble getting the dang captive portal page to show up atm so I can copy the URL to it . Gonna see if I can get it to come up by using a different network adapter or changing one of my adapters Mac addresses. It's a hitron branded router that he uses, if anyone knows the default url let me know . Unless of course it's unique in some way .
I got an idea I don't know if anybody has done it before but, I have a odroid-xu4 sbc with Kali Linux installed on it . I have to boot it up when I get home but, I'm pretty sure it will connect to the guest network off my brother's hardware. I do you believe it also has a decent gigabit ethernet port. If I were to connect wirelessly with it I may be able to set it up so it shares the connection with the ethernet port going out to the WAN port on the back of my 3200ACM.
In my mind I'm thinking this may be easier to set up this way, since I could install the VPN software on the ODroid xu4, then it's connection would be secured as well as wired to the 3200ACM.
I'm going to try it when I get home, I'm pretty sure anything hardwired to the WAN port should simply supply an active internet connection to both the wireless networks as well as the wired LAN . Correct me if I'm incredibly incorrect lol . Just got out of work it's late and I'm kind of tired.
I missed this message originally. It's a good idea to reply to someone in particular, or @Nickelz34 tag them so they know you're saying stuff...
Did you get your thing working?
No couldn't get the configuration right on the ODroid. I may take another wack at it tonight.
So I might be oversimplifying this, but it sounds like you need a routed bridge with no NAT at all.
NAT would be handled by your brother's router, and you could control access to his/your toys using IPTables on the router itself. It's no safer as all he (or anyone) has to do is connect to the guest wifi to browse a bridged connection (like you're describing)
It would look something like this
Your Router: LAN -192.168.103.0/24 <-IPTables Rules to allow traffic->WLAN(172.124.whatever the guest network is on assigned by DHCP on your brothers router) )))))Air Wires(((((( His Router -> NAT To Public IP.
Turn DHCP server on for your LAN, and OFF for your WLAN
Set the default gateway to your router's LAN IP address.
It's a bit more complicated if you yourself also have an internet connection in your house, but still doable.
With a setup like this, you could in theory connect to his internal WLAN (not the guest) skip the captive portal, and control access to and from via firewall rules. (which is what I would recommend)
The most obvious question after this is why you don't just run a cat5 cable across and use wired interfaces? If 5Ghz works, my guess is a cable will work better, and remove much of the complexity that you are currently fighting.
This is the best I could do at draw.io to give a visualization of the proposed solution.
