What does HackerNews think of eap_proxy?
Proxy EAP packets between interfaces on Linux devices such as the Ubiquiti Networks EdgeRouter™ and UniFi® Security Gateway.
https://github.com/jaysoffian/eap_proxy
It's been running for years now out-of-sight and out-of-mind.
Which reminds me... I should probably take a look at those pull requests.
In the online world, I've contributed bits and pieces to open-source here and there as far back as the late 90s. I think my first contribution was to the shadow package, but I've contributed to Apache, Radius, git, random packages that I use that I discover bugs in, etc.
A python script I wrote to allow folks to bypass AT&T's residential gateway was used by more people than I ever expected:
AT&T has transitioned to issuing a combined ONT/Router, where this will no longer be possible, but apparently the newer gear doesn't have any of the performance issues of the Pace 5268AC.
BTW, I was annoyed that AT&T installed the ONT on the southern wall of my home where it was baking in full sun everyday, so I relocated it myself into my network closet. You can just unplug the ONT and extend the existing fiber with an optical coupler and an SC-APC to SC-APC single-mode patch cable.
So I wrote some code to scrape his nearly 8000 reviews from rogerebert.com and then import them to letterboxd:
(I only put the first two paragraphs of his review on letterboxd then link to his full review on his site.)
The hard parts of this were:
- Extracting the text of his reviews correctly from his site's HTML. That wasn't too terrible though.
- Matching his reviews to the correct movies on TMDB. This just required a bunch of trial and error and about 20-30 manual corrections. I employed various strategies to match by using movie title, year of review, year of movie release (if on his review, but often off by a year or two), director, producer, cast if on his review.
I also built this for myself:
https://github.com/jaysoffian/eap_proxy
I should put my bin directory full of random scripts up on GitHub. I tend to build them as I need them. They're often very simple things like:
- jqpaste -- which is just "pbaste | jq"
- jsonl [jq|gron --stream] which takes it input and if it isn'v valid JSON, converts it to a JSON string so that I can paste random log output which is sometimes a mix of JSON and not into jq or gron.
Those are just a couple off the top of my head.
Instructions: https://medium.com/@mrtcve/at-t-gigabit-fiber-modem-bypass-u... Github project that makes it possible: https://github.com/jaysoffian/eap_proxy
It's definitely not plug and play but I've been using this setup for a year and a half and I get my full 1gb bandwidth throughout my network with lots of hosts.
Another option is getting the 802.1x certificate out of a hacked router, but it's not possible as far as I know on the 5268ac. You could buy a hackable ATT router but they're not cheap. Some sellers even sell the key by itself.
Mysteriously, doing this fixed an issue I previously had where SSHing into AWS would fail.
My router is also getting a public IP address, I've set my AT&T gateway to bridge mode, but the AT&T gateway is still a monster-in-the-middle, a tumor I can't excise because it has to be between your router and the ONT or else the fiber turns off.
A more practical challenge, Hurricane Electric is a 6in4 tunnel, not layered over TCP nor UDP. Some ISP-provided residential gateway devices (AT&T) don’t support 6in4, not even if you configure your device as a “DMZ” with a public IP address. Also, I frequently find myself in situations with IPv4 NAT and no public IPv4 addresses at all.
The only free IPv6 tunnel service that supported UDP was SixXS, which shut down in 2017.
Nowadays, AT&T supports IPv6 natively, and I went through an annoying amount of effort to bypass their gateway device and control the entire /60 instead of being limited to a /64 and being limited by their NAT. https://github.com/jaysoffian/eap_proxy
https://github.com/jaysoffian/eap_proxy
This was a really simple project but tickled all my fancies: Python, low-level, networking, reverse engineering, system administration.
Just do it! Who cares if people use it?
Alternatively, contribute something to some open source project you use. I’ve done that too. Just small stuff here and there but that’ll guarantee someone uses your code if that’s what’s important to you. It only takes 39 commits to get on this page:
https://github.com/git/git/graphs/contributors
:-)
https://github.com/jaysoffian/eap_proxy/
That said, I haven’t had any trouble with it as a router.
FWIW, it’s possible to bypass AT&T’s router:
https://github.com/jaysoffian/eap_proxy
That said, I tried 1.1.1.1 and found I had to switch back to Google DNS since Cloudflare intentionally doesn’t support EDNS Client Subnet which was causing my AppleTV’s to have trouble loading content.
https://github.com/jaysoffian/eap_proxy
(And thanks for discovering that bypass!)
You don't need to use bridging mode to bypass the AT&T RG. That post probably predates the EAP proxy solution.
You have to enable `set system offload ipv4 vlan enable` else your routing performance will suffer.
I don't have AT&T so I didn't pay much attention to the details. One possible approach: https://github.com/jaysoffian/eap_proxy