Hacker News new | ask | show | jobs
by spearo77 2023 days ago
Oh, there's a workaround for that.. I've unplugged my Residential Gateway and now my UniFi dream machine pro is directly connected to the ONT.

You install a CA from a jailbroken modem into a supplicant container that runs on the UDM pro. It confirms to the network that you are using "authorised" equipment for the connection and the packets flow!
2 comments
cosmie 2023 days ago
I'm curious to see what happens with the new installs, which terminate the fiber directly at the gateway using the SFP port on the new BGW320 gateways, rather than using a separate ONT like they have historically. The UDM Pro has an SFP WAN port that could ostensibly be used, but I haven't seen much yet about the feasibility of adapting the existing bypasses to ONT-less installs.
link
comboy 2023 days ago
Which is then a problem when you try to explain them that yes, you are sure the issue is with their service and not your setup. But what's your reason to be going such lengths instead of just plugging UDM into their router? Unless it was done for the fun of it which is fine and understandable.
link
cosmie 2023 days ago
> But what's your reason to be going such lengths instead of just plugging UDM into their router?

While you can do this and things will generally work, AT&T restricts all of their residential gateways from operating in a true passthrough/bridge mode to another router. So you end with double NAT and all the joys that entails (such as [1]). There are also a number of other issues that have been associated with operating in their faux-passthrough mode, including

- Issues with IPv6 prefix delegation

- Sporadic latency spikes (an issue in general, that you inherit since the gateway is still "doing" everything it normally would, since it won't actually act as a ure passthrough/bridge)

- A firmware update capped throughput at 50Mbps (later fixed in another firmware update)[2]

- Firmware updates tend to silently re-enable the built-in wifi radios

So while it'll generally work, it ends up problematic. You inherit all of the performance issues associated with just using the gateway as your all in one modem/router/firewall/AP/gateway, plus the addition of double NAT, plus the sharp edges of their poorly implemented faux-passthrough modes, plus the ever-present concern that you're one firmware update away from a non-working network despite having used their official passthrough configuration.

Hence why gateway bypasses are so popular[3][4][5][6]. Even if they're a bit involved to set up, once you get it working things just... work. With little if any upkeep (potentially a few minutes after a power outage, depending on the bypass method you implement).

[1] https://www.windowscentral.com/fix-xbox-one-double-nat

[2] https://www.dslreports.com/forum/r32172124-AT-T-Fiber-5268AC...

[3] https://github.com/MonkWho/pfatt

[4] https://github.com/bypassrg/att

[5] https://github.com/mrozentsvayg/vyos.att

[6] https://github.com/Hou-dev/simple-eap-proxy

link
spearo77 2022 days ago
Yes.. what he said.

But my main reason is actually the gigantic size of the residential gateway box. I mounted the ONT, UDM pro and PoE switch on a wall in a closet and the RG just took up too much space.

link
comboy 2023 days ago
Thanks for such a detailed reply.
link