$${\color{cyan}TTL-Bypass}$$

Simple nftables config that can bypass any wifi anti-tethering & anti-hotspot sharing using openwrt router.

Wifi AP 10.0.0.1/20 ttl=1

👇

Openwrt extender with nft ttl generator

👇

10.0.0.1/20 ttl=64

$${\color{orange}Requirements}$$

• Openwrt Router => configured as (extender/repeater/wireless bridge mode) must be connected to a wifi with TTL value of 1

$${\color{orange}SSH/TELNET}$$

• ssh: ssh [email protected]
• telnet: telnet 192.168.1.1

$${\color{orange}Install}$$

wget -O /etc/nftables.d/ttl64.nft https://raw.githubusercontent.com/xiv3r/ttl-bypass/refs/heads/main/ttl64.nft && fw4 check && /etc/init.d/firewall restart

$${\color{orangeh1}Results}$$

• Path: vim /etc/nftables.d/ttl64.nft

chain mangle_prerouting_ttl64 {
                type filter hook prerouting priority 300; policy accept;
                ip ttl set 64
                ip6 hoplimit set 64
        }

chain mangle_postrouting_ttl64 {
                type filter hook postrouting priority 300; policy accept;
                ip ttl set 64
                ip6 hoplimit set 64
        }

Run in ssh CLI

wget -qO- https://raw.githubusercontent.com/xiv3r/ttl-bypass/refs/heads/main/ttl64.sh | sh

Openwrt ssh CLI

nft 'add table inet mangle'

nft 'add chain inet mangle mangle_prerouting_ttl64 { type filter hook prerouting priority 300; policy accept; }'

nft 'add rule inet mangle mangle_prerouting_ttl64 ip ttl set 64'

nft 'add rule inet mangle mangle_prerouting_ttl64 ip6 hoplimit set 64'

nft 'add chain inet mangle mangle_postrouting_ttl64 { type filter hook postrouting priority 300; policy accept; }'

nft 'add rule inet mangle mangle_postrouting_ttl64 ip ttl set 64'

nft 'add rule inet mangle mangle_postrouting_ttl64 ip6 hoplimit set 64'