Setting up a third-party router, yet the ISP blocks modifications to their network configuration (Double NAT issue)
Setting up a third-party router, yet the ISP blocks modifications to their network configuration (Double NAT issue)
You've just moved to a new ISP and are facing some connectivity hurdles. They restrict your ability to bridge their router with yours, only allowing Wi-Fi credentials changes. You managed to access their admin panel by accident and see advanced settings. Your goal is to switch to an aftermarket router for smoother gaming and consistent VPN performance. When connecting to the aftermarket model, you encounter unstable connections, low speeds, and game disconnects, but your ISP router works fine. This suggests a Double NAT situation. You're wondering if you can manually configure your ISP's router to act as a bridge, disabling DHCP and NAT. If that's not an option, what should you do with your aftermarket router besides enabling bridge mode? You also plan to use a VPN like Private Internet Access or CyberGhost on it, which has DD-WRT installed.
They restrict you from bridging their hardware. Avoid doing so. If you find the admin option without permission, depending on your location, it might be seen as hacking—leading to service termination or possible legal action (though unlikely). Regarding your second question, using bridge mode and running a VPN on your router can cause compatibility issues, disrupt network performance, or violate their policies, potentially leading to account suspension.
When you specify your ISP, others might assist you more effectively, and unless it's a tiny local business, you won't be sacrificing much privacy.
I favor utilizing all advanced capabilities of my aftermarket router (routing, Wi-Fi, QoS, and NAT), because the router provided by my ISP is quite inadequate. It often disconnects or causes high latency during gaming. I also need to enable 5GHz Wi-Fi on my aftermarket device since my ISP only supports 2.4Ghz. To connect them without double NAT, you’ll likely need to adjust settings manually—such as configuring the correct bridge mode, adjusting firewall rules, and ensuring proper port forwarding. Since your ISP is Converge ICT in the Philippines, these steps should help you establish a stable connection.
Additional details are required—what provider and equipment were provided? I’m dealing with a similar problem with AT&T fiber and my Unifi security gateway. AT&T doesn’t support bridge mode, but I can activate DMZ+ mode which bypasses the firewall limits. However, this didn’t resolve everything right away. Initially, I had to reset the AT&T device completely to remove all known devices and settings. Then I connected a computer to configure the Unifi gateway. After enabling DMZ+ mode on the AT&T box, it took about 20 years for their outdated hardware to load before I powered it off and back on. This fixed the issues I faced. Even with DMZ+ mode active, the AT&T box continued to attempt IP assignments and firewall rules for all devices behind my router. Once I completed the reset and reconfiguration, everything functioned properly—this shouldn’t have been necessary, but the hardware appears to be quite unreliable. Now my throughput remains stable at 1000/1000, and with Unifi managing DNS and IP, my connections are significantly faster than before. Thank you!
It all hinges on the interface design of their router and any adjustments you implement might be undone by your ISP during the next reboot. If bridge mode isn't available, they may not provide the necessary controls for manual setup. Generally, you'd assign the WAN link to a VLAN and connect one LAN port to that VLAN. However, this could vary based on how they configure their broadband connection—DHCP might interfere if they detect your router's MAC address, or PPP would require login credentials. Ultimately, the configurations are likely to revert when the ISP sends a configuration update.