How to completely bypass AT&T Router
There are many reasons you might want to bypass an AT&T router.
Some people complain that the router is limited in specific ways that prevent you from configuring your network the way you might want to.
The most rational reason is that you will have one less variable that might effect your internet speed. I just like the idea of having one less thing plugged in all the time. Plus, it just feels right (if you are here reading this, you know what I mean).
INFO This doesn't allow you to increase your AT&T service speed outside of your paid speed tier. That is controlled on the ONT not on the router.
WARNING This guide will interfere with the AT&T router phoneing home to tell AT&T that your internet is working as intended. If you ever need to call AT&T because of service outages or an AT&T technician is at your house, you will either have to plug back in the AT&T router or convince them that it is working even though their system likely says your router is not giving them the "internet working as intended" sign.
WARNING If you have any other AT&T services like TV or phone that go through your router you will not be able to completely remove your router so the best you can do is put it in DMZ mode, or you may be able to do some advanced routing using the second bypass method mentioned (but not explained) in the overview section.
Overview:
There are a few ways to bypass the AT&T Router.
- The simplest is to put it in DMZ mode (which doesn’t really bypass it but it does remove any default firewall rules that might interfere with incoming connections).
- The second and more complicated way is to set up your own router in between the ONT (fiber gateway) and the AT&T router that handles all internet packets and routes only auth packets to the AT&T router (not covered in this write-up).
- The third and most complicated way is to unplug the AT&T router fully and use your own router with some extracted certs from any compatible AT&T router (that is not currently being used by anyone else) and let your own router do the 802.11x auth using wpa_supplicant (this guide)
- Getting AT&T certs (tested hard way)
Downgrade AT&T router to a specific firmware
Disassemble AT&T router
Solder header pins
Connect to the AT&T router root interface using USB to TTL UART
Copy files from AT&T router to a USB stick
Decode those files on your computer
- Getting AT&T certs (untested easy way)
Downgrade AT&T router to a specific firmware
Download an executable and run it while plugged in over ethernet
- Setting up your router to authenticate using AT&T certs
Copy certs to your preferred router
Setup WAN on eth0.0 (VLAN 0 tagged over eth0)
Spoof MAC address on eth0 and eth0.0 to the one from AT&T router
Write a script/service to authenticate eth0 using wpa_supplicant
Requirements:
- Basic Soldering (for the tested, hard way, not required for the solderless easy way)
- Basic Linux skills
- Specific AT&T Router to grab certs off — BGW210 or (BGW210 or NVG599) for the untested solderless solution.
BGW210 range from $20 — $150
Wouldn’t pay more than $40
You could also skip purchasing a gateway and purchase certs, but YMMV I can’t vouch for any of the eBay sellers and they range from $40 — $100 for the necessary files.
Doesn’t have to be this one
This adapter is needed to get root access to the AT&T router.
- Male Header Pin
These pins can be soldered to the AT&T router for a physically stable connection to the board. Otherwise, you can have a friend touch the wires to the points on the board (much more tedious).
- Soldering Iron (if using the header pins)
- USB stick (FAT32 formatted)
- A router that can run OpenWRT or VyOS
This guide will provide instructions for either
pcengines apu2 (OpenWRT)
$120-$150 shipped from their website
This router is overkill for most purposes but performs very well with OpenVPN if you are interested in using it for a VPN enabled router at close to gigabit speeds.
Hint: To purchase click shop and fill in the quantity box, for apu2e2, a case, a power adapter, and an SSD. Click the cart tab and checkout.
If going this route make sure you have a USB to Null Modem cable to setup OpenWRT
OR
Edgerouter (VyOS)
Used for $30-$50
New for ~$60
Affordable, configurable, and reliable
Please checkout this gist for the most up to date instructions.
gist.github.com/wjhrdy/5c46ccef7855dc8b91cc2f23962e5b1c
