johnyerhot
commented
3 years ago I'm not sure if this is the case for all Merlin routers, but at least for mine (as well as a handful of others that people have found), you do not need AiProtection
For mine, a converted tmobile cellspot to ac68u, I've had some inconsistent behavior. The spoofed MAC address I've set for WAN sometimes doesn't apply to the correct interface and ends up on vlan2 instead of eth0 unless I have AiProtection and specifically Malicious Site Blocking enabled.
It doesn't seem consistent, though. I've had a few times where everything was fine without AiProtection enabled. I may try and work out a startup script to make sure eth0 ends up with the right MAC address instead of relaying on this inconsistent behavior.
Thanks for the great write up. I used this as a basis to get an RT-AX58U up and running. A couple things I noted though:
There is no guide on how to pull the certs from a BGW210. This is detailed on a different github project here: https://github.com/Archerious/bgw210-root This may be of use for people to have a quick reference when pulling certs from this gateway.
I'm not sure if this is the case for all Merlin routers, but at least for mine (as well as a handful of others that people have found), you do not need AiProtection
It may be worth mentioning to have people double check their eth port and make sure the right one is flagged based on the spoofed mac address using ifconfig - this was a super simple thing, but it's pretty easily overlooked and can lead to a lot of frusturation.