Semi-related: once some hardware arrives, I should be able to finish finding a way to rip the 802.1x certs off of the 5286AC so we can use our own routers, or at least put these things into a proper bridged mode.
You can bypass these routers with an 801.1x MitM attack. You basically put it behind your Linux router and bridge only the EAPoL frames, then do DHCP from your own router.
I posted some details about this on DSLReports[1].
I have been using this method with AT&T GigaPower fiber in Austin, TX for two years and it's been totally stable and free of problems.
That said, I'd love to be able to extract the cert and not have to do this.
Please fully disclose your work! I was looking into this earlier and found the other post you mentioned. Unfortunately, they stopped following up with RE details on the 5286AC after they got a bunch of CVEs assigned. Was really disappointing.
Either way, thank you! Would you be willing to send me the URL for the firmware? I don't have time to desolder anything at the moment but would love to look at the image.
I'm sure you're pretty far down the rabbit hole of dealing with the 5268AC but the "DMZ Plus" mode does seem to bridge. I have a Ubiquiti Edgerouter on the other side with OpenVPN setup, public IP, etc. All I needed to do was enable DMZ Plus and turn off wifi.
DMZ Plus doesn't bridge - it just fakes it by essentially 1:1 NAT'ing a public IP to your router.
You are still using it's internal routing and NAT tables, which to be charitable are problematic. You also lose the ability to do ipv6 - not that AT&T's ipv6 implementation is worth even using at this point.
I just moved from Comcast to AT&T gige and the speeds are certainly great - but this CPE (and horrible v6 even if it worked) is seriously making me reconsider.
https://spun.io/2018/03/18/getting-into-the-pace-5268ac-rout...