Create bridge to apartment complex community wifi

[Donut417]

4 hours ago, thejackalope said:

I didn't buy that Netgear because the price went back up, and I'm not sure it even supports bridging.  I tried bridging connections with Windows 10 on my desktop and plugging into the WAN port on my router, didn't work. I can't find Internet Connection Sharing in Win 10

Truthfully the easiest way to do this, is buy a router with DDWRT support. Then it should support bridging. 

[thejackalope]

I decided to try an extender and see if it would work without any hacking.

 

I got a Netgear EX7000.  My apartment complex wifi will assign IP addresses to everything connected through the extender. Each of those devices has to be logged in using the username/password just like if it was directly on the wifi. I used it to connect a desktop through ethernet. 

 

But I got annoyed with not being able to access the settings page for the Netgear so I exchanged it for a Linksys RE9000. BUT the Linksys doesn't act as a passthrough. It can connect to the community wifi and can check for firmware through the web, but the community wifi won't assign IP addresses to any connected computers. I have no idea why this is or if there's a solution.

So that's something interesting... Netgear works with community wifi, Linksys doesn't

[Alex Atkin UK]

Surely bridging is the wrong term here, what you actually want is for the router to connect as a WiFi client then to have its own WiFi Access Point broadcasting your "private" network.  Its still acting as a router not a bridge, its just the broadband is coming in over WiFi not ethernet or DSL.

 

Bridging would expand the original network, you don't want to be doing that (in fact you most likely CAN'T, as a normal Access Point doesn't support bridging) as its not your network to mess with.

 

Anyway, the trick to using a router as a WiFi client is generally you will need an extra WiFi adapter to actually be the client, as if you are connected over 5Ghz you may still want to broadcast your own network on 5Ghz.  AFAIK triple-channel routers limit one of their radios only to higher 5Ghz channels, so are not useful for that, unless all your clients are compatible with the higher channel.

 

As mentioned before, you most likely need DD-WRT or OpenWRT on the router in order to add a USB adapter to act as the client.  Its certainly the way I have done it in the past.  The tricky part is finding the right compatible USB adapter to use, I haven't tried it with 802.11ac adapters.

[thejackalope]

1 hour ago, Alex Atkin UK said:

Surely bridging is the wrong term here, what you actually want is for the router to connect as a WiFi client then to have its own WiFi Access Point broadcasting your "private" network.  Its still acting as a router not a bridge, its just the broadband is coming in over WiFi not ethernet or DSL.

 

Bridging would expand the original network, you don't want to be doing that (in fact you most likely CAN'T, as a normal Access Point doesn't support bridging) as its not your network to mess with.

 

Anyway, the trick to using a router as a WiFi client is generally you will need an extra WiFi adapter to actually be the client, as if you are connected over 5Ghz you may still want to broadcast your own network on 5Ghz.  AFAIK triple-channel routers limit one of their radios only to higher 5Ghz channels, so are not useful for that, unless all your clients are compatible with the higher channel.

 

As mentioned before, you most likely need DD-WRT or OpenWRT on the router in order to add a USB adapter to act as the client.  Its certainly the way I have done it in the past.  The tricky part is finding the right compatible USB adapter to use, I haven't tried it with 802.11ac adapters.

There's no term for it though. In any case, it seems that bridging does work as long as I use a Netgear extender -- See my post above and updated OP

[Alex Atkin UK]

It sounds like you ARE bridging which I'm quite surprised works to be honest, I'd think they would have that ability disabled for performance and security reasons.  With a large network like that is likely to be I certainly wouldn't want a single property eating up my IP addresses.

It may work but as I said it could cause serious issues for other users if its using the same channel, so I wouldn't recommend it unless you want the wrath of an angry network engineer.

If they didn't bother to block this, what security issues might they have left open?  Isn't it better to use client mode and have the router firewall all your devices, than risk leaving all their security to the main network?  If they don't have client isolation turned on (I'd think they would, but then I'd think bridging would be disabled too) then you are exposing all your devices to everyone in the building.

[thejackalope]

14 hours ago, Alex Atkin UK said:

It sounds like you ARE bridging which I'm quite surprised works to be honest, I'd think they would have that ability disabled for performance and security reasons.  With a large network like that is likely to be I certainly wouldn't want a single property eating up my IP addresses.

It may work but as I said it could cause serious issues for other users if its using the same channel, so I wouldn't recommend it unless you want the wrath of an angry network engineer.

If they didn't bother to block this, what security issues might they have left open?  Isn't it better to use client mode and have the router firewall all your devices, than risk leaving all their security to the main network?  If they don't have client isolation turned on (I'd think they would, but then I'd think bridging would be disabled too) then you are exposing all your devices to everyone in the building.

Yes they have client isolation turned on. I don't know what the security is like to the outside but I do use Windows Firewall on all my computers except a Macbook

[mtz_federico]

You mentioned in an old Post that you can register a MAC address, so why don't you use something like the ubiquiti nanostation to get the wifi signal (and register the nanostations Mac address) then you connect the Ethernet cable from the nanostation to a router.

[thejackalope]

1 hour ago, mtz_federico said:

You mentioned in an old Post that you can register a MAC address, so why don't you use something like the ubiquiti nanostation to get the wifi signal (and register the nanostations Mac address) then you connect the Ethernet cable from the nanostation to a router.

Do those work different from extenders?

[Alex Atkin UK]

Yes, it would be the same as I am describing only easier as you wouldn't have to use custom firmware, just any router would work fine.

 

Like I said, I don't think extending someone elses network is a great idea.  Better to make yours entirely independent with just a single MAC and IP address from their network being used.

[thejackalope]

Here's something interesting... I returned the Linksys since it didn't act as a passthrough, and tried a cheaper Netgear the EX6100. It didn't work! It was able to connect to my community wifi but no devices connected to it could get IP addresses. Seems strange that so far only the EX7000 has worked

[RCYJ]

I just saw this thread trying to solve sort of the same issue except this is my own wifi but want to bridge to the second floor without having to run cables. I had this setup just like you described it with my Netgear r6400 perfectly with RCN until I changed my ISP to Spectrum.  I didn't have to change anything on my RCN router just enable wireless bridge connection on my Netgear and it worked perfectly.  There has to be something that is preventing this on the Spectrum Router settings.

 

Did you ever find a solution?

[thejackalope]

On 1/16/2019 at 9:48 PM, RCYJ said:

I just saw this thread trying to solve sort of the same issue except this is my own wifi but want to bridge to the second floor without having to run cables. I had this setup just like you described it with my Netgear r6400 perfectly with RCN until I changed my ISP to Spectrum.  I didn't have to change anything on my RCN router just enable wireless bridge connection on my Netgear and it worked perfectly.  There has to be something that is preventing this on the Spectrum Router settings.

 

Did you ever find a solution?

Are you using a Spectrum modem router combination? I don't really know how those work, the last time I had one it just functioned like a regular router but that was a couple years ago.

 

I just bought another EX7000 and it works with my Spectrum apartment complex wifi. It also has zero problems with logging in using mywifiext.com and with managing wifi settings like the one I had last year did. They must have fixed the firmware. 

[GuruOfNothing]

I personally wouldn't EVER want to put anything like a NAS or network printer or anything really on a network that was not isolated from the surrounding users. I am sure that the management group makes money off of having community wifi over having each unit have their own service and that is why they go that route. And they tell you that you are isolated but that is total bullshit. If that were the case, the internet would be the securest damned network around. Not so. You are connected to public wifi and everything on your network is just not that secure. Like going to Starbucks to transfer sensitive data on the free wifi. Stooopid. I realize that it's a pain in the ass to have to change wireless networks to be on either side but come on... its a couple button clicks.

[dalekphalm]

14 hours ago, GuruOfNothing said:

I personally wouldn't EVER want to put anything like a NAS or network printer or anything really on a network that was not isolated from the surrounding users. I am sure that the management group makes money off of having community wifi over having each unit have their own service and that is why they go that route. And they tell you that you are isolated but that is total bullshit. If that were the case, the internet would be the securest damned network around. Not so. You are connected to public wifi and everything on your network is just not that secure. Like going to Starbucks to transfer sensitive data on the free wifi. Stooopid. I realize that it's a pain in the ass to have to change wireless networks to be on either side but come on... its a couple button clicks.

It can be secured - if they use proper ACL's and VLAN's to separate out each user. This is how - for example - a Company or a University would have a public guest WIFI that doesn't allow access to corporate resources like staff servers.

 

However, I doubt they are doing that in this case, so effectively, you're probably correct.