MAC of your home router MUST be randomised

Source? I ask because I searched for “Microsoft nomap” and only found a bunch of posts/articles circa 2020 that stated the opposite: Google recognizes “nomap” but Microsoft recognizes “optout”. The common recommendation was to include both (*_optout_nomap).

It depends on the model. It can then depend on if there is an exploit in the web based config, serial ports, or headers which can be flashed via serial. It is not a quick and easy process like installing GrapheneOS on a Pixel for example.

Often DSL and radio chipsets (cellular network) aren’t supported and require “binary” blob drivers.

What we would generally recommend is to get some generic device (with 2 network interfaces) and run openwrt or opnsense on that and put the modem into “bridge mode”. In that configuration it bridges the WAN connection straight through to the router behind it.

Generally barebones ones are not supported, they don’t have enough flash. That model isn’t listed.


Thanks for clarifying, from random forums I have heard that putting this particular modem into bridge mode is pretty difficult for some reason, though I have no idea why.

Because the feature isn’t implemented. Apparently it is in newer firmwares for the device. The optus ones are probably locked down though.

According to some forums they can be unlocked (with some wizardry), but the risk is the router craps itself :sweat_smile:, so I dunno if it’s worth the risk. So crappy of Optus to lock down routers like that, then again Optus leaked all of their customers info to the dark web and had a national outage for days.

This makes me wonder how we can maximise our privacy form our own internet providers, aside from a VPN.

No one probably cares but here is an interesting blog by someone on how to change the firmware of this severely (is this fair to say?) restricted router: Huawei E5186 Firmware Upgrade with Multicast Upgrade Tool - Hacker's ramblings.

Don’t buy a super barebones device first and make sure to do a bit of checking around it can support bridge mode before buying that device.

Some ISPs provide a “basic” model, and a more advanced one, which can do things like that.

Seems they don’t sell that anymore and offer the Huawei B628 now so that might have some relevant information. Though I’m not even sure the ZTE MF289D does either. These devices are cheap garbage made to be as cheap as possible with as few firmware updates as they can get away with.

Like everything they are basically full linux systems running underneath (just super locked down) so they do need updates from time to time.

Hmmm interesting. You are certainly very knowledgeable on this subject. FYI this router was prescribed to us by Optus as apart of our plan, so my assumption is that I can either flash this garbage with some firmware, or take out the SIM card and put it into a better router? Does the router effect internet speed, I presume it does, but I also know that Optus can modulate your internet speed regardless of the router, I have seen them do it before myself.

I would never pay for their “advanced” models if I didn’t have to, especially if I can go for third party router brands that are made in good faith, and do not exist solely to maximise their profits, while throwing their customers under the bus (cough* Optus).

Here someone mentions uncapped speeds by unlocking their router with firmware, so it may be worth the risk of flashing the router I suppose.

Thanks though for your response it was very informative and gives me hope.

They’re generally very locked down, so flashing firmware isn’t something necessarily easily done with any old router.

You can likely take the SIM and put it in a better one. Optus also has a tendency to network lock the modem that comes with your plan so if it’s an option to not buy the modem from them I’d probably do that.

Something worth keeping in mind if you get a 5G modem at some point.

No, it won’t they won’t care as long as it supports the necessary network features. Can’t find anything about their 5G modem which appears to be the ZTE NH8091. I think it’s some locked modem just for them.

If it was me personally on my connection i’d probably look toward more business grade devices like the Digi TX40 5G. I’m not a fan of Huawei/ZTE consumer garbage. Though they’re super expensive like Cisco expensive :wink:

Probably more economical option would be something like GL-XE3000. What you need to do is compare the bands to make sure the device supports it.

For example Optus requires:

  • 5G 900
  • 5G 1800
  • 5G 2100
  • TD-5G 2300
  • 5G 3500
  • 5G 28000

Which corresponds to:

  • n8
  • n80
  • n48
  • n95

But I don’t think it supports the 28ghz band for example.

1 Like

Thanks a lot!

This may not be the time nor place, but I feel like making the knowledge base focus on fundamental networking and other computer science topics pertinent to computer science, could answer a lot of people’s (noobs like me) questions, I definitely feel like having a hardware recommendations list could also be A LOT of fun too!

The Portable Wi-Fi 6 5G NR Router looks like a beast. So I assume I can chuck an Optus SIM card into it and it should work fine. No idea about how to identify a good router compared to a bad one, because I have no idea what specs to look out for but I will 100% take your word for it and keep my eye on the MEET Puli AX Router which looks like a weapon!

Do you recommend AliExpress for electronics in general, in this case for a router?

I got a keyboard and mouse from them, where big brands like Logitech just get them from anyway.

Sheesh, these routers are expensive but that’s okay, on one Aussie forum you linked me someone mentioned using a phone as a router. :sweat_smile:

For cellular I doubt we ever would becuase it varies depending on geographical location/provider and it would simply become a website on it’s own. Combine this with availability factors it would be impossible to tell people to get this or that device. It requires a lot of research and would be something we could never keep up with as it constantly changes.

Unless you’re using a device as a travel device don’t get a portable one, it won’t have as good coverage as one with aerials.

Yeah but you’d want to make sure it can do 28GHz, those bands are used by Optus and Telstra. Some provider somewhere elsewhere may not use them. This means it might work, but maybe not as fast. Cellular internet gets messy like that.

You can run a router behind your ISP supplied router (which is also another option). Probably what I would do in the case of Optus. This does still mean that routing is done by the border device placed in what we call a “DMZ”:

physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet

as opposed to “bridge mode” where it does nothing but forwards it’s external addresses through.

That way you still have a modern secondary router behind the modem which does receive it’s updates. This should work fine for most cellular providers. It is a bit more complicated however for fixed line communications like FTTH/FTTN, because providers in Australia (which is I assume where you’re from) normally offer that require DHCPv6-PD "prefix delegation to split up a larger network range. That has to be on the device closest to the ISP (meaning your modem needs bridge mode). Fortunately FTTH/FTTC connection boxes provided by NBNCo are configured like that by default.

Typically though cellular providers don’t offer that in Australia. Telstra uses 464XLAT to offer customers single IPv6 addresses (without IPv4).

1 Like

Cellular is definitely messy like that, all of the terms you used are completely foreign to me, but I did grasp the overall message. If I do ever get a router it will be one capable of doing a “28GHz band”. Alternatively, I could run two routers or use bridge mode to connect my router to a generic device with two “network interfaces”. Just because of my environmental consciousness I will probably not do the later options, although I do appreciate the suggestions! Where I quote things, these are specialised terms that I do not know the meaning of.

Anyway, thanks a lot!

That was a worry, I tried to use as least amount of jargon as possible, but yes it gets a bit like that.

Network interface simply refers to the place where the connection happens, a router will typically have an external network interface pointing at the ISP, and an internal one pointing at the LAN. That could be an ethernet network, ie RJ45 socket with 8P8C plug, or it could be a 802.11 WLAN network (portable cellular routers tend to do the latter).

After having another look at it the Puli AX (GL-XE3000) does not support 28GHz, n258 which is used by all the providers. Spectrum Tracker shows that Optus that. Whirlpool also has a list of what is required, and I know from experience they tend to keep things like that updated.

Maybe a newer version from GL.Inet will support it, who knows. The 28GHz “band” is just the modes in which it operates on.

N258 Band – 24.25 to 27.5 GHz

N258: Covers 24.25 to 27.5 GHz for Europe and China. The mmWave 24 to 29 GHz range is a widely tested 5G band. Development of mmWave 26 GHz band is continuing and headed up by the 3GPP TR 38.815. N258 is intended for short range transmission at high data rates.

The US providers probably use:

N261 Band – 27.5 to 28.35

The N261, 28 GHz band is currently the highest-defined frequency 5G band in the FR2 range. Covers narrower 27.5 to 28.35 GHz for operation alongside n260 (39 GHz) in the USA. Like all millimeter wave bands, N261 is intended for short range tx/rx at high data rates.

So yes, without it it might be slower.

1 Like

Thanks you did a good job at making it understandable!

I seem to remember the feature being removed some time ago when they killed Wi-Fi Sense. The feature is no longer available.

I did find this usenet post about it, apparently nomap means something entirely different elsewhere in the world :rofl:.

Yeah, I’d say this qualifies as malicious compliance at this point. I’m not so paranoid that I assume it was intentionally such from the start, but not changing it is ridiculous.

In order to opt out of an invasive data collection, we’re supposed to tag our publicly broadcast wifi SSID with a phrase that happens to be homonym to the name of an extremely controversial group?

Why doesn’t Google ask us to wear scarlet P’s while they’re at it?