Bypassing the AT&T Pace 5268AC Residential Gateway, Part I

Turn this into a high-tech doorstop

I’d been dreaming of getting fiber to my home for over a decade. It was that long ago that I spent my days hooking up ten-gigabit fiber connections to massive file servers at NetApp. I led a successful grassroots effort to lure Google Fiber to Raleigh, because competition can be a great way to spur innovation and investment. You can imagine in 2018 how excited I was to learn that fiber was coming to my neighborhood. While it wasn’t Google, it was AT&T. I swallowed my pride, quietly rescinded my ban of ever doing business with AT&T again, and signed up for their fastest package: symmetrical gigabit fiber. Cost was $80/month initially and thereafter $90/month. I’m sure I’m one of the few in my area who max it out. Hey, geeks gotta geek.

Why bother?

While I’m happy to use up as many AT&T bits as possible, I still don’t entirely trust the company (though I do trust them more than Time Warner Cable (TWC), a.k.a. Spectrum, and this as you know is not saying much). While providing direct access to my home network to a major telco may be a bit on the paranoid side, a number of security vulnerabilities have been discovered with other AT&T devices. Though AT&T might not be snooping around my network, I could not be entirely comfortable that hackers wouldn’t. AT&T’s RGs were discovered to have the built-in ability to do deep packet inspections (DPI) themselves, being able to snoop on the network traffic of its customers. For this and many other reasons, I just don’t trust any devices on my home network that I do not control.

I kept a firewall between TWC and my network for this reason. AT&T wants you to use their device, which they call a “Residential Gateway” or RG, as the firewall. It also acts as a WiFi point, DHCP server, and the like. This may be fine for most people, but I am an uber power user. As an engineer, I want to squeeze the maximum performance out of my networking. I will happily void the warranties on my networking gear. I didn’t spend time tuning my home firewalls for maximum throughput just to discard them when some corporate box comes along. This just won’t do, you see.

The Power User’s approach

My first approach was to switch things over to my TP-Link AC1750 access ponits, running OpenWRT. While my AC1750s could keep up with the slow (300 Mbps) speeds of cable Internet, they were balking at gigabit speeds. The hardware acceleration the AC1750s utilize require proprietary drivers which OpenWRT does not provide. It was time to list them on Craigslist and try something new.
Continue reading