Gargoyle 1.11.0 Release Candidate 4
Moderator: Moderators
Re: Gargoyle 1.11.0 Release Candidate 4
I had the QOS coming on problem flashing from an old version on a WRT1900ACS - reflashing fixed it.
			
			
									
									
						Re: Gargoyle 1.11.0 Release Candidate 4
to flash my lynksys wrt1200ac this is the correct file ?   
 
any advice who well is working gargoyle whit this firmware?
http://lantisproject.com/gargoyle_1.11. ... actory.img
			
			
									
									 
 any advice who well is working gargoyle whit this firmware?
http://lantisproject.com/gargoyle_1.11. ... actory.img
TL-WR-741ND V4.20 -Version 1.9.X
TL-WA-701ND V1.2 - Version 1.9.X
TL-WA-701ND V2.1 - Version 1.9.X
TL-WR-741ND V4.22 X 3 -Version 1.9.X
TL-WR-841ND V8 -Version 1.9.X
TL-WA-901ND V3 - Version 1.9.X
						TL-WA-701ND V1.2 - Version 1.9.X
TL-WA-701ND V2.1 - Version 1.9.X
TL-WR-741ND V4.22 X 3 -Version 1.9.X
TL-WR-841ND V8 -Version 1.9.X
TL-WA-901ND V3 - Version 1.9.X
Re: Gargoyle 1.11.0 Release Candidate 4
As a follow up to myself, i just spun up Gargoyle on a virtual machine (works quite well! never tried that before), and port forwarding was fine. Would check your network configuration.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
 https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
						Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
- 
				Waterspuwer
- Posts: 36
- Joined: Mon Nov 12, 2018 6:04 am
Re: Gargoyle 1.11.0 Release Candidate 4
Yes, I can force the problem (just put on higher channel and reboot). Where are logread and dmesg located? It already took some effort for me to figure out how to retrieve the other file, but I don't know where this is.Lantis wrote:Sure, it might be a bit of a strange assumption to make, and maybe even “lazy coding” but it works. There’s no reason for you to add any repository pointing to the Gargoyle site that isn’t there by default. Openwrt the argument could be made, sure.
Nothing out of the ordinary in your settings.
Could you force the problem with a reboot, and provide a logread and dmesg immediately after the problem occurs please?
Re: Gargoyle 1.11.0 Release Candidate 4
viewtopic.php?f=8&t=8505Waterspuwer wrote: Yes, I can force the problem (just put on higher channel and reboot). Where are logread and dmesg located? It already took some effort for me to figure out how to retrieve the other file, but I don't know where this is.
There you go.
TP-Link Archer C7 v2 - Gargoyle 1.12.X
TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1
						TP-Link WR842ND v2 - Gargoyle 1.10.X
TP-Link RE450 AC v2 - Stock FW 1.0.4
TP-Link WA850RE v1.2 - LEDE 17.01.1
- 
				bluegravy
- Posts: 31
- Joined: Mon Jul 10, 2017 12:50 pm
- Location: Eastern Panhandle West Virginia, USA
Re: Gargoyle 1.11.0 Release Candidate 4
I made a typo. I meant to say channel 36. Either way, I reloaded the RC4 release on the WRT1900AC and it works fine now.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
You shouldn’t be able to select channel 39, it isn’t a channel we make available. Can you confirm exactly what you are setting there? A screenshot should be fine.Next, on my Linksys WRT1900AC device. The gargoyle_1.11.x-mvebu-cortexa9-linksys-wrt1900ac-squashfs-sysupgrade. Since RC1, it seems that if I try to change my 5Ghz channel to anything except channel 39, it shuts off. LED turns off and nothing on 5Ghz is being seen by the devices, even though the config page shows it is on and working.
Please advise if you need further documentation, screen shots, etc.
Thanks,
Andy
- 
				bluegravy
- Posts: 31
- Joined: Mon Jul 10, 2017 12:50 pm
- Location: Eastern Panhandle West Virginia, USA
Re: Gargoyle 1.11.0 Release Candidate 4
Happy to check. I've been pulling my hair out on this. Last night (as I mentioned in my other post) I blew everything out and started from scratch on the x86 machine. I realized that I had been restoring the config and that surely was hosing things up. So, I started from scratch, reloaded the RC4 image and set it all back up. Voila! Port forwarding worked--the WAN was receiving my incoming RDP request on port 80 and Gargoyle was sending it out on 3389 and I could establish my remote desktop from the internet. Great. I went to bed, woke up 8 hours later and it stopped working.Lantis wrote:As a follow up to myself, i just spun up Gargoyle on a virtual machine (works quite well! never tried that before), and port forwarding was fine. Would check your network configuration.Lantis wrote:I made a change to try auto configuration of the WAN and LAN devices. It is possible that the roles of the ports has reversed between RC2 and RC3. Have you checked this? The change shouldn’t break port forwarding itself though.bluegravy wrote:Eric...
Some observations...since x86 1.11_RC3 was released it appears that port forwarding on x86 platform is possibly broken. I cannot reach my LAN devices from remote port 80 to local port 3389--Remote Desktop.
If you have a /etc/config/network file from RC2 and RC3/4 that you could provide for me to compare that would be beneficial. Please be mindful to remove any passwords or identifiable information.
I then SSH'ed into the machine and looked at the /etc/config/firewall statements. I found this:
Code: Select all
config redirect 'redirect_enabled_number_0'
	option name 'RDP'
	option src 'wan'
	option dest 'lan'
	option proto 'tcp'
	option src_dport '80'
	option dest_ip '192.168.10.1'
	option dest_port '3389'
config redirect 'redirect_enabled_number_1'
	option name 'RDP'
	option src 'wan'
	option dest 'lan'
	option proto 'udp'
	option src_dport '80'
	option dest_ip '192.168.10.1'
	option dest_port '3389'Code: Select all
root@Gargoyle:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].force_router_dns is unknown
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Redirect 'RDP'
   * Redirect 'RDP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Redirect 'RDP'
   * Redirect 'RDP'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
 * Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
iptables: No chain/target/match by that name.
 * Running script '/usr/share/miniupnpd/firewall.include'
 * Running script '/etc/openvpn.firewall'
 * Running script '/etc/tor.firewall'I changed forwarding to the following:
Code: Select all
config forwarding
	option src 'wan'
	option dest 'lan'Something else is broken here. NOTE: If I change the firewall rule from incoming WAN RDP on port 80 to 3389 and forward to LAN 192.168.10.1:3389, it works fine. I would think that rules out the network and point back to this firewall config.
I've hit a wall...any ideas?
Thx,
Andy
- 
				bluegravy
- Posts: 31
- Joined: Mon Jul 10, 2017 12:50 pm
- Location: Eastern Panhandle West Virginia, USA
Re: Gargoyle 1.11.0 Release Candidate 4
This is the full firewall config as it is now (port forwarding is NOT working).  Note the errors when the firewall is restarted.
			
			
									
									
						Code: Select all
root@Gargoyle:~# cat /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option force_router_dns '1'
        option enforce_dhcp_assignments '1'
config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
config forwarding
        option src 'wan'
        option dest 'lan'
config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'
config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'
config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
config include
        option path '/etc/firewall.user'
        option reload '1'
config include
        option type 'script'
        option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
        option family 'IPv4'
        option reload '1'
config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'
config include 'openvpn_include_file'
        option path '/etc/openvpn.firewall'
        option reload '1'
config include 'tor_include_file'
        option path '/etc/tor.firewall'
        option reload '1'
config remote_accept 'ra_443_443'
        option local_port '443'
        option remote_port '443'
        option proto 'tcp'
        option zone 'wan'
config remote_accept 'ra_80_80'
        option local_port '80'
        option remote_port '80'
        option proto 'tcp'
        option zone 'wan'
config remote_accept 'ra_22_22'
        option local_port '22'
        option remote_port '22'
        option proto 'tcp'
        option zone 'wan'
config redirect 'redirect_enabled_number_0'
        option name 'RDP'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.10.1'
        option dest_port '3389'
config redirect 'redirect_enabled_number_1'
        option name 'RDP'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '80'
        option dest_ip '192.168.10.1'
        option dest_port '3389'
root@Gargoyle:~# 
root@Gargoyle:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].force_router_dns is unknown
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Redirect 'RDP'
   * Redirect 'RDP'
   * Forward 'wan' -> 'lan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Redirect 'RDP'
   * Redirect 'RDP'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'wan' -> 'lan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
 * Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
iptables: No chain/target/match by that name.
 * Running script '/usr/share/miniupnpd/firewall.include'
 * Running script '/etc/openvpn.firewall'
 * Running script '/etc/tor.firewall'
root@Gargoyle:~#- 
				bluegravy
- Posts: 31
- Joined: Mon Jul 10, 2017 12:50 pm
- Location: Eastern Panhandle West Virginia, USA
Re: Gargoyle 1.11.0 Release Candidate 4
...and the network config file...
			
			
									
									
						Code: Select all
root@Gargoyle:~# cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
config globals 'globals'
        option ula_prefix 'fde1:61f3:dcab::/48'
config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.10.27'
        option dns '1.1.1.1 1.0.0.1'
config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'
        option ipv6 '0'
        option dns '1.1.1.1 1.0.0.1'
        option peerdns '0'
config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'
root@Gargoyle:~#Re: Gargoyle 1.11.0 Release Candidate 4
Can you use the proper gargoyle network restarter to make sure all dependencies are loaded and report back?
/usrs/lib/gargoyle/restart_firewall.sh
			
			
									
									/usrs/lib/gargoyle/restart_firewall.sh
 https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
						Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
