Guest ssid
Moderator: Moderators
Guest ssid
This came up in the general discussion forum. Would t be possible to implement into gargoyle the ability to have guest users on your network but without being part of your network so wouldn't be able to see your devices
Mix kindly provided this link
http://wiki.openwrt.org/doc/recipes/guest-wlan
Which shows how it is done but would need the GUI side in gargoyle
Tals
Mix kindly provided this link
http://wiki.openwrt.org/doc/recipes/guest-wlan
Which shows how it is done but would need the GUI side in gargoyle
Tals
Netgear wndr3700 v2 Gargoyle 1.8.0
TP-Link Archer C7 v2 1.10.X (Built 20180122-0707)
TP-Link Archer C7 v2 1.10.X (Built 20180122-0707)
Re: Guest ssid
Guest SSID, or multiple SSIDs in general. Basically, something similar to the way dd-wrt does it would be great.
WRT54GL v1.1
Gargoyle 1.4.7
Gargoyle 1.4.7
Re: Guest ssid
Yeah, this would be a great feature to have.
Re: Guest ssid
For the time being many people can achieve this using the following steps.
From the command line of your router
In the file /usr/lib/gargoyle_firewall_util/gargoyle_firewall_util.sh locate the initialize_firewall() routine and add one line.
After saving your modified file reboot your router and enjoy.
Sorry but this will not work with the b43 Wifi driver which most if not all Broadcom based routers are using. DD-WRT is still using the old proprietary driver so that is why they can do in on your old WRT54G. Just another reason to ditch your 54G IMHO.
Adventurous people are encouraged to try the above. Based on the experience reported it may find its way in the GUI at some point.
I will be watching.
From the command line of your router
Code: Select all
uci set wireless.ap_g2=wifi-iface
uci set wireless.ap_g2.device=radio0
uci set wireless.ap_g2.mode=ap
uci set wireless.ap_g2.network=lan
uci set wireless.ap_g2.ssid=<Your Desired SSID>
uci set wireless.ap_g2.isolate=1
uci set wireless.ap_g2.encryption=psk2 (or 'none')
uci set wireless.ap_g2.key=<password if any>
uci commit
Code: Select all
initialize_firewall()
{
iptables -I zone_lan_forward -i br-lan -o br-lan -j ACCEPT
insert_remote_accept_rules
insert_dmz_rule
create_l7marker_chain
block_static_ip_mismatches
force_router_dns
add_adsl_modem_routes
#Add the below lines to isolate the guest wifi from your LAN.
ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
ebtables -I FORWARD -i wlan0-1 -o eth0 -j DROP
}
Sorry but this will not work with the b43 Wifi driver which most if not all Broadcom based routers are using. DD-WRT is still using the old proprietary driver so that is why they can do in on your old WRT54G. Just another reason to ditch your 54G IMHO.
Adventurous people are encouraged to try the above. Based on the experience reported it may find its way in the GUI at some point.
I will be watching.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Re: Guest ssid
I would love to see the ability to manage a guest network added to the Gargoyle gui as well. I was feeling adventurous so I followed the steps provided by pbix above with my DIR-825 B1.
While it successfully created a guest wireless network, the ebtables line failed to achieve any isolation of the networks. From the guest network I still had full access to shared folders and printers on the primary network.
So I started over and followed the guide at http://wiki.openwrt.org/doc/recipes/guest-wlan and the networks seem to function as expected.
Because I wanted the guest network to be filtered by opendns without affecting my primary network I added the following lines to /etc/firewall.user :
The only major problem that I have found is that bandwidth usage and distribution data is not recorded for clients on the guest network (but the realtime graphs properly show activity). If anybody knows what I need to edit to enable this that would be greatly appreciated.
EDIT: I am no expert but I can generally follow a simple script. I found /etc/init.d/bwmon_gargoyle and made some changes that have successfully enabled bandwidth monitoring of the guest network. Basically I just found any lines that made reference to the lan interface, copied them, and changed "lan" to "guest". I have attached my modified file if anybody more knowledgeable would like to review it for errors or use it in their own setup.
While it successfully created a guest wireless network, the ebtables line failed to achieve any isolation of the networks. From the guest network I still had full access to shared folders and printers on the primary network.
So I started over and followed the guide at http://wiki.openwrt.org/doc/recipes/guest-wlan and the networks seem to function as expected.
Because I wanted the guest network to be filtered by opendns without affecting my primary network I added the following lines to /etc/firewall.user :
Code: Select all
iptables -t nat -I zone_guest_prerouting -p tcp --dport 53 -j DNAT --to 208.67.222.222
iptables -t nat -I zone_guest_prerouting -p udp --dport 53 -j DNAT --to 208.67.222.222
EDIT: I am no expert but I can generally follow a simple script. I found /etc/init.d/bwmon_gargoyle and made some changes that have successfully enabled bandwidth monitoring of the guest network. Basically I just found any lines that made reference to the lan interface, copied them, and changed "lan" to "guest". I have attached my modified file if anybody more knowledgeable would like to review it for errors or use it in their own setup.
- Attachments
-
- bwmon_gargoyle.zip
- (2.46 KiB) Downloaded 1412 times
Linksys WRT1900ACSv1 - Gargoyle 1.12.0
Re: Guest ssid
I tested the ebtables line I recommended and found it to work well. But that was on my Buffalo router.
Perhaps your wlan driver interface is different than "wlan0-1". Please post the output of ifconfig from your router.
Anyway following my script would prevent you from having to do any other modifications to Gargoyle and everything will work.
Perhaps your wlan driver interface is different than "wlan0-1". Please post the output of ifconfig from your router.
Anyway following my script would prevent you from having to do any other modifications to Gargoyle and everything will work.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM
Re: Guest ssid
Hello everybody.mix wrote:Guest SSID, or multiple SSIDs in general. Basically, something similar to the way dd-wrt does it would be great.
Thanks, Eric, for so good work!
Is this feature planning to be included in Gargoyle? I think a lot of people dream about it

Re: Guest ssid
Using the instructions by pbix, save for the last line being
uci commit
All green on my screen. 1.4.7 on a WR1043ND 1.7
I also added:
ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
to isolate the guest wifi from my devices. Tested via ping, but feel free to correct me if there's a better way.
uci commit
All green on my screen. 1.4.7 on a WR1043ND 1.7
I also added:
ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
to isolate the guest wifi from my devices. Tested via ping, but feel free to correct me if there's a better way.
Re: Guest ssid
Sorry for the delayed response pbix, I was at the beach!
Here is my output from ifconfig:
Perhaps changing br-lan to wlan0 in the ebtables line like Slacker did would have done the trick for me?
Unfortunately with work and classes both starting back up today I don't have the time to start over and test right now since it is working the way I have it. Also I think I prefer the way I did it anyhow, mostly just because by assigning a separate dhcp pool to the guest network it allows me to tell at a glance what ssid clients are connected to.
Anyhow, I really would love to see this functionality built into the UI. It may take a week or two to get settled back into classes, but I'll gladly try to find the time to test further if I can help.

Here is my output from ifconfig:
Code: Select all
br-lan Link encap:Ethernet HWaddr 84:D8:C1:5D:23:30
inet addr:192.168.192.168 Bcast:192.168.192.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26575167 errors:0 dropped:0 overruns:0 frame:0
TX packets:49512532 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1436207960 (1.3 GiB) TX bytes:251204807 (239.5 MiB)
eth0 Link encap:Ethernet HWaddr 84:D8:C1:5D:23:30
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26587376 errors:0 dropped:0 overruns:125182 frame:0
TX packets:49521574 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1826224943 (1.7 GiB) TX bytes:251934447 (240.2 MiB)
Interrupt:4
eth1 Link encap:Ethernet HWaddr 84:D8:C1:5D:23:31
inet addr:137.41.188.235 Bcast:137.41.191.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:65511550 errors:0 dropped:0 overruns:0 frame:0
TX packets:29376220 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2798314355 (2.6 GiB) TX bytes:1955454394 (1.8 GiB)
Interrupt:5
imq0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:1500 Metric:1
RX packets:54186727 errors:0 dropped:0 overruns:0 frame:0
TX packets:54142140 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:11000
RX bytes:1357154049 (1.2 GiB) TX bytes:1292894146 (1.2 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2237 errors:0 dropped:0 overruns:0 frame:0
TX packets:2237 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:163974 (160.1 KiB) TX bytes:163974 (160.1 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 84-D8-C1-5D-23-2E-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6154086 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1621864581 (1.5 GiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 84:D8:C1:5D:23:2E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13341 errors:0 dropped:0 overruns:0 frame:0
TX packets:381089 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1933326 (1.8 MiB) TX bytes:153128533 (146.0 MiB)
wlan0-1 Link encap:Ethernet HWaddr 86:D8:C1:5D:23:2F
inet addr:10.10.10.10 Bcast:10.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3092441 errors:0 dropped:0 overruns:0 frame:0
TX packets:4955866 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:355638060 (339.1 MiB) TX bytes:2019833581 (1.8 GiB)
Unfortunately with work and classes both starting back up today I don't have the time to start over and test right now since it is working the way I have it. Also I think I prefer the way I did it anyhow, mostly just because by assigning a separate dhcp pool to the guest network it allows me to tell at a glance what ssid clients are connected to.
Anyhow, I really would love to see this functionality built into the UI. It may take a week or two to get settled back into classes, but I'll gladly try to find the time to test further if I can help.
Linksys WRT1900ACSv1 - Gargoyle 1.12.0
Re: Guest ssid
TheKurze wrote:Sorry for the delayed response pbix, I was at the beach!![]()
Perhaps changing br-lan to wlan0 in the ebtables line like Slacker did would have done the trick for me?
Code: Select all
ebtables -I FORWARD -i wlan0-1 -o wlan0 -j DROP
Code: Select all
ebtables -I FORWARD -i wlan0-1 -o br-lan -j DROP
I have no LAN-attached devices, but I presume the ebtables entry with br-lan worked to isolate them from guest network, while the entry I added with wlan0 isolated the guest clients from my own wireless clients.
Enjoy the beach!
Note to anyone playing with this: It kinda confuses the gui, so if you want to make changes to your SSID settings(encryption/etc), you need to edit /etc/config/wireless