Version 1.9.1

The latest news about Gargoyle

Moderator: Moderators

sonic2000
Posts: 9
Joined: Sun Jan 11, 2015 2:14 am

Re: Version 1.9.1

Post by sonic2000 »

WDR3600v1. Erratic behavior when trying to perform recovery. Took two hours to recovery. There seems to be a long delay before going into recovery approximately 4 min from press to recovery mode. No issues with initial upgrade and generally stable if not making any changes.

vwalien
Posts: 6
Joined: Wed Aug 01, 2012 6:28 am

Re: Version 1.9.1

Post by vwalien »

Model: TP-Link TL-WR841N/ND v8

Flashed to 1.9.1 and setup an Up/Down quota of 9.5GB. Everything was working and the quota was hit, all network traffic shut down. Great!

Then the day the quota reset the system logs 40GB/hr and traffic shows it sent 250GB. (Which I think is physically impossible over LTE, and also we don't have any applications that would send/receive such data).

The internet connection is a cellular modem with a 10GB plan, and we've been having $600/m overage fees. Needed Gargoyle to reign it in and shut down the internet connection.

So I'm thinking there might be a bug in the data traffic calculation, I am waiting for the bill to arrive! Also, if it truly sent 250GB the quota shutdown system didn't work.

ispyisail
Moderator
Posts: 4736
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: Version 1.9.1

Post by ispyisail »

vwalien wrote:Model: TP-Link TL-WR841N/ND v8

Flashed to 1.9.1 and setup an Up/Down quota of 9.5GB. Everything was working and the quota was hit, all network traffic shut down. Great!

Then the day the quota reset the system logs 40GB/hr and traffic shows it sent 250GB. (Which I think is physically impossible over LTE, and also we don't have any applications that would send/receive such data).

The internet connection is a cellular modem with a 10GB plan, and we've been having $600/m overage fees. Needed Gargoyle to reign it in and shut down the internet connection.

So I'm thinking there might be a bug in the data traffic calculation, I am waiting for the bill to arrive! Also, if it truly sent 250GB the quota shutdown system didn't work.


I think you need a better router to start with. 4 Meg routers are unreliable (I think yours is 4 meg)

To make the firmware fit they had to take stuff out but some things have broken

Wings
Posts: 1
Joined: Fri Nov 11, 2016 10:33 am
Location: Atibaia
Contact:

Re: Version 1.9.1

Post by Wings »

Hello,

My router is a TP-Link TL-WDR4300 v1.7, with Gargoyle 1.9.1.

In this version it is no longer possible to place the frequency of 5Ghz in BGN mode, only in AN, in the previous versions it was possible to put the router in dual band 2.4Ghz and 5Ghz in N mode.

Is there any way to change it?

Lantis
Moderator
Posts: 5382
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Version 1.9.1

Post by Lantis »

Wings wrote:Hello,

My router is a TP-Link TL-WDR4300 v1.7, with Gargoyle 1.9.1.

In this version it is no longer possible to place the frequency of 5Ghz in BGN mode, only in AN, in the previous versions it was possible to put the router in dual band 2.4Ghz and 5Ghz in N mode.

Is there any way to change it?


2.4ghz N mode is "BGN"
5ghz N mode is "AN"
You can't use BG on 5ghz and you can't use A on 2.4ghz.

The way the settings are applied was changed to allow for more granular control of each individual interface.

The settings are correct. Or were you referring to something else? If so please provide a picture.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Gecko951
Posts: 5
Joined: Sun Dec 14, 2014 2:24 pm
Location: USA

Re: Version 1.9.1

Post by Gecko951 »

I wanted to report a potential security issue...

Today, I enabled dynamic dns via ddclient from my linux server sitting behind the gargoyle router and performed a NMAP port scan against the WAN IP.
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https

Port 53 must be open for DNS and ports 80 and 443 were forwarded via the Gargoyle Router for my linux server. Port 22 open? Not sure why so I tested the WAN IP with PuTTY and successfully connected to the router via SSH. How could that be? The Garygoyle router web gui says only LAN SSH access is enabled.

Then I checked /etc/config/dropbear and see:
config dropbear 'global'
option PasswordAuth 'on'
option Port '22'

I backed up the original file and created a new one with this content:
config dropbear
option PasswordAuth 'on'
option Port '22'
option Interface 'lan'

config dropbear
option PasswordAuth 'off'
option Interface 'wan'
option Port '22222'

Now I can SSH via LAN but cannot access the gargoyle router via the WAN and NMAP does not show port 22 open. :)

Lantis
Moderator
Posts: 5382
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Version 1.9.1

Post by Lantis »

Will check. Thanks for reporting.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

oliver
Posts: 32
Joined: Wed Jun 04, 2014 7:30 pm

Re: Version 1.9.1

Post by oliver »

Gecko951 wrote:I backed up the original file and created a new one with this content:
config dropbear
option PasswordAuth 'on'
option Port '22'
option Interface 'lan'

config dropbear
option PasswordAuth 'off'
option Interface 'wan'
option Port '22222'

Now I can SSH via LAN but cannot access the gargoyle router via the WAN and NMAP does not show port 22 open. :)


Why is the second section needed? Doesn't it conflict with your statement that you cannot access the router via the WAN (except now it's on 22222)?

Gecko951
Posts: 5
Joined: Sun Dec 14, 2014 2:24 pm
Location: USA

Re: Version 1.9.1

Post by Gecko951 »

I believe that WAN config just allows me to setup passwordless SSH authentication over port 22222. There is probably a better way to restrict with the firewall but I just don't want random bots port scanning and then brute forcing the router.

oliver
Posts: 32
Joined: Wed Jun 04, 2014 7:30 pm

Re: Version 1.9.1

Post by oliver »

Gecko951 wrote:I believe that WAN config just allows me to setup passwordless SSH authentication over port 22222. There is probably a better way to restrict with the firewall but I just don't want random bots port scanning and then brute forcing the router.


OK... thanks for posting BTW. I didn't realise SSH was open and now just have it open on the LAN using the first block.

Post Reply