Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Sat Jul 06, 2024 8:17 am
0. Check initial ipv6 connectivity is OK
Pinging google.com [2404:6800:4015:803::200e] with 32 bytes of data:
Reply from 2404:6800:4015:803::200e: time=13ms
Reply from 2404:6800:4015:803::200e: time=15ms
Reply from 2404:6800:4015:803::200e: time=22ms
Reply from 2404:6800:4015:803::200e: time=15ms
Lantis wrote:
Sat Jul 06, 2024 8:17 am
1. rm /etc/config/tor
rm: can't remove '/etc/config/tor': No such file or directory
Lantis wrote:
Sat Jul 06, 2024 8:17 am
2. ip6tables -t filter -nvL | grep tor
Nothing
Lantis wrote:
Sat Jul 06, 2024 8:17 am
3. Check ipv6 connectivity
Pinging google.com [2404:6800:4015:803::200e] with 32 bytes of data:
Reply from 2404:6800:4015:803::200e: time=11ms
Reply from 2404:6800:4015:803::200e: time=17ms
Reply from 2404:6800:4015:803::200e: time=18ms
Reply from 2404:6800:4015:803::200e: time=19ms
Lantis wrote:
Sat Jul 06, 2024 8:17 am
4. Install tor plugin, do not configure it
Done
Lantis wrote:
Sat Jul 06, 2024 8:17 am
5. ip6tables -t filter -nvL | grep tor
Nothing
Lantis wrote:
Sat Jul 06, 2024 8:17 am
6. Check ipv6 connectivity
Pinging google.com [2404:6800:4015:803::200e] with 32 bytes of data:
Reply from 2404:6800:4015:803::200e: time=20ms
Reply from 2404:6800:4015:803::200e: time=22ms
Reply from 2404:6800:4015:803::200e: time=22ms
Reply from 2404:6800:4015:803::200e: time=11ms
Lantis wrote:
Sat Jul 06, 2024 8:17 am
7. Configure tor
Done
Lantis wrote:
Sat Jul 06, 2024 8:17 am
8. cat /etc/config/tor (paste it here)
config global 'global'
option enabled '1'
option loglevel 'notice'
option control_port '9051'
option data_dir '/var/tor'

config client 'client'
option client_mode '2'
option trans_port '9040'
option dns_port '9053'
option hidden_service_subnet '10.192.0.0'
option hidden_service_mask_bits '12'
option block_unsupported_proto '0'
option zone 'lan'
option enabled_ip_file '/etc/tor.ips'

config relay 'relay'
option relay_mode '0'
option relay_port '9090'
option obfsproxy_port '0'
option zone 'wan'
option publish '1'
option max_bw_rate_kb '500'

Lantis wrote:
Sat Jul 06, 2024 8:17 am
9. ip6tables -t filter -nvL | grep tor
3141 606K tor_client all * * ::/0 ::/0
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
0 0 tor_client udp * * ::/0 ::/0 udp dpt:53
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
6 546 tor_client udp * * ::/0 ::/0 udp dpt:53
Chain tor_client (5 references)
Lantis wrote:
Sat Jul 06, 2024 8:17 am
10. Check ipv6 connectivity
Pinging google.com [2a00:1450:400e:811::200e] with 32 bytes of data:
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Lantis wrote:
Sat Jul 06, 2024 8:17 am
11. Disable tor
Done
Lantis wrote:
Sat Jul 06, 2024 8:17 am
12. ip6tables -t filter -nvL | grep tor
4685 909K tor_client all * * ::/0 ::/0
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
0 0 tor_client udp * * ::/0 ::/0 udp dpt:53
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
6 546 tor_client udp * * ::/0 ::/0 udp dpt:53
Chain tor_client (5 references)
Lantis wrote:
Sat Jul 06, 2024 8:17 am
13. check ipv6 connectivity
Pinging google.com [2a00:1450:400e:811::200e] with 32 bytes of data:
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.

Lantis
Moderator
Posts: 6851
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

When you disabled Tor, what steps did you take? This result was unexpected.

Thanks for running the other tests. This confirms that simply installing the plugin does not break ipv6.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

marcinkk
Posts: 13
Joined: Sun Mar 05, 2017 5:09 pm

Re: Gargoyle 1.15.x BETA - 2024-03-11 - Based on OpenWrt 23.05

Post by marcinkk »

Lantis wrote:
Mon May 27, 2024 6:08 pm
High chance. Sysupgrade without preserving settings.
If it works I’d be happy to add the device (as you have)
Compiled again today and finally installed:

Code: Select all

Device Name:                                            Gargoyle
Gargoyle Version:      1.15.X (Built 20240709-1351 git@66d5adbf)
Model:                 Xiaomi Redmi Router AX6000 (stock layout)
Generally working. I will make more testing later.

BTW: Sysupgrade images looks fine, but initramfs images are much bigger than OpenWrt images:

Code: Select all

-rw-r--r-- 1 sklab sklab 51380224 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-factory.ubi
-rw-r--r-- 1 sklab sklab 48820844 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-kernel.bin
-rw-r--r-- 1 sklab sklab 15442765 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin
-rw-r--r-- 1 sklab sklab   735393 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-bl31-uboot.fip
-rw-r--r-- 1 sklab sklab 51380224 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-factory.ubi
-rw-r--r-- 1 sklab sklab 48824320 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-initramfs-recovery.itb
-rw-r--r-- 1 sklab sklab   205560 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-preloader.bin
-rw-r--r-- 1 sklab sklab 16790355 lip  9 17:10 gargoyle_1.15.x-mediatek-filogic-xiaomi_redmi-router-ax6000-ubootmod-squashfs-sysupgrade.itb

Code: Select all

-rw-rw-r--  1 sklab sklab  8519680 lip  9 14:48 openwrt-23.05.3-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-factory.ubi
-rw-rw-r--  1 sklab sklab  7279040 lip  9 17:14 openwrt-23.05.3-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-initramfs-kernel.bin
-rw-rw-r--  1 sklab sklab  8704338 lip  9 17:14 openwrt-23.05.3-mediatek-filogic-xiaomi_redmi-router-ax6000-stock-squashfs-sysupgrade.bin

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Tue Jul 09, 2024 5:58 am
When you disabled Tor, what steps did you take? This result was unexpected.
As I mentioned earlier I configure Tor Client as "enabled, toggled by each host"

So to enabled it I go to the Gargoyle login page, don't need to login, there is a button to enable Tor, click the button to enable, and click it again to disable it.

Lantis
Moderator
Posts: 6851
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

Good.
Then everything works as I wrote and there is no problem. :)

IPv6 will be blocked when Tor is
- installed, AND
- configured as a client (either whole network or individually activated)
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Wed Jul 10, 2024 3:49 am
Then everything works as I wrote and there is no problem. :)
IPV6 didn't come back when Tor was disabled
rockyd wrote:
Wed Jul 10, 2024 3:24 am
Lantis wrote: ↑
Sat Jul 06, 2024 10:17 pm
11. Disable tor

Done

Lantis wrote: ↑
Sat Jul 06, 2024 10:17 pm
12. ip6tables -t filter -nvL | grep tor

4685 909K tor_client all * * ::/0 ::/0
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
0 0 tor_client udp * * ::/0 ::/0 udp dpt:53
0 0 tor_client tcp * * ::/0 ::/0 tcp dpt:53
6 546 tor_client udp * * ::/0 ::/0 udp dpt:53
Chain tor_client (5 references)

Lantis wrote: ↑
Sat Jul 06, 2024 10:17 pm
13. check ipv6 connectivity

Pinging google.com [2a00:1450:400e:811::200e] with 32 bytes of data:
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.
Destination port unreachable.

Lantis
Moderator
Posts: 6851
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

Can you be very clear what action you took for “disabled”?
A) Client mode disabled on the Tor page
Or
B) Tor disabled for your specific client on the login page
rockyd wrote:
Wed Jul 10, 2024 3:24 am
Lantis wrote:
Tue Jul 09, 2024 5:58 am
When you disabled Tor, what steps did you take? This result was unexpected.
As I mentioned earlier I configure Tor Client as "enabled, toggled by each host"

So to enabled it I go to the Gargoyle login page, don't need to login, there is a button to enable Tor, click the button to enable, and click it again to disable it.
This indicates B.

This is expected behaviour.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Wed Jul 10, 2024 5:46 am
B) Tor disabled for your specific client on the login page
Yes that is the method I use, what you said there sounds like Tor is enabled everywhere. It isn't, it is disabled everywhere and only enabled when I click the button on that client, and then disabled again when I click the button again.
Lantis wrote:
Wed Jul 10, 2024 5:46 am
This is expected behaviour.
If it is, it means the only way to enable IPV6 again would be to uninstall the Tor plug in. I am not even sure if that will work again, it's what worked on the other router when I had the latest repositories incorrectly set as the Tor plug in source.

I would have thought the expected behaviour would be
ipv6 works
click the button to enable Tor ipv6 stops working on that client.
click the button to disable Tor and ipv6 resumes working again.

Lantis
Moderator
Posts: 6851
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

I won’t go into semantics over what is enabled vs disabled. There are two levels, enabling the plugin and enabling clients. We were talking at cross purposes, I should have been clearer.

I agree with your expectation of the behaviour. However practically, that can’t be achieved in a simple manner.
The ipv4 client goes to the router and presses enable.
How do I know what their ipv6 address is at that point? I have to do a complex lookup and that may not be possible. Maybe I can block it by mac, that might work but it’s all just ugly.
It was significantly simpler to block all traffic as soon as the plugin is configured in a manner where clients will be individually enabled/disabled.

As I said originally anyone is welcome to pick up the mantle and try to tackle the problem.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Thu Jul 11, 2024 4:09 am
It was significantly simpler to block all traffic as soon as the plugin is configured in a manner where clients will be individually enabled/disabled.
Fair enough, I have tried disabling the plugin at the Tor page, that does restore ipv6, enabling it again seems to have trouble for some reason, takes a long time and complains Tor may not have connectivity.

So what would be involved in restoring the previous, ipv6 leaking when Tor is enabled setting, at least personally as enabling and disabling ipv6 on my pc is much simpler and quicker than enabling and disabling the the Tor plugin at the Tor page.
Which file was modified, can i use my older beta version of that file, to keep my current setup? At least until some Tor expert can update the Tor plugin for ipv6.

Post Reply