I have considered this with Zuku as well and tried them. Thoughts:
Most ISPs do not allow for the first option due to some weird rules they have and it would be completely difficult to get this done. Not impossible, but not worth the hassle .
I am currently doing this method. Zuku Router (in bridge mode)> Second router (Netgear mesh setup to act as a second router)> Appliances.
You can do the exact same order you mentioned but just switch off the wireless connectivity of Saf’s router, and while in the router settings try and get it to bridge mode and then connect your second router and have it do all the pass the heavy lifting.
How did you manage to get Safaricom to give you the router password ?
Incase you do manage to set it to bridge mode .Get a device that can run OpenWRT firmware and will have a better experience compared to the off the shelf routers .With OpenWRT you have QoS control , adblocking at router level and better DNS management. There are hundreds of useful apps available including adguard home , transmission etc
Most ubiquiti routers support OpenWRT and available at jiji at affordable prices. I use Ubiquiti edgerouter lite running OpenWRT 22.03 .
have you tried using one of the lan ports from the safaricom router as the gateway for the pfsense box or is there a specific reason you want to use bridge mode? if you must use bridge mode, not sure if you have the nokia or huawei router, but on the nokia router(G-140) you can go to the LAN settings and change the individual ports to either bridge mode or route mode. I havent tried it myself so i dont know if it works as intended but you can give it a try and see
But why would they need access to my router… To snoop! To better support customers yada yada… Once I was dealing with customer care and I realized basically they have unfethered access, I was bewildered.
I would prefer it if they simply had access up to the main junction box to confirm and troubleshoot network issues.
I see you want to “get rid” or put the #Safaricom router back in it’s box? …well I’ve never heard of them give a customer PPOE passwds + it’s not like you’re paying a “rental” fee like in some extreme capitalistic countries + do you have an SFP(SFP+) ports + transceiver modules to connect their LC Fiber connector?
If you’re successful report back(also interested) and spot check …
Disable any WLAN(ensure all connections go through your pfsense box), port-forwadings(I’ve detailed better ways to share or get back to your home network on a post on “Overlay” networks) etc you’ve modified on the #Safaricom router. In fact factory reset it!
Wouldn’t Advise on 2…
but on the nokia router(G-140) you can go to the LAN settings and change the individual ports to either bridge mode or route mode
Can confirm on the Huawei you’re SOL on this …
From this point assume and handle the #Safaricom box like an external(and hostile) device on the webs of the internet…
Yeah. Just wishful thinking… Why should someone else have control to my Personal Space considering nowadays everything is online… I would love some form of privacy/ control. However am fully aware this is simply wishful thinking and big brother knows what is good for me…
People are daft out here. It’s necessary to reduce all the headaches that come with requesting customers to fix stuff by guiding them.
I’m not sure but changing the administrator details restricts access to your router. I realized that after the support staff asked for the login credentials for my router to offer assistance. Before that, they were doing it without hassle.