Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

Post Reply
fifonik
Posts: 177
Joined: Fri Dec 02, 2016 3:52 am
Location: Brisbane, AU

Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Post by fifonik »

Thanks.
I did not think I was crazy, but I was slightly frustrated as I know if dev unable to find/re-produce the issue -- it will never be fixed.
Now I have a hope.
Top
boldga
Posts: 28
Joined: Sat Sep 18, 2010 10:05 am

Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Post by boldga »

Lantis wrote:
Sat Feb 14, 2026 7:10 am
boldga wrote:
Thu Feb 12, 2026 4:34 am
 If I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?

Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK

Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled

wireguard enabled as server.
I have PM'd you a fix.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.

Thank you
Thanks Lantis,
I'm currently on vacation and will test it next Monday.
Top
boldga
Posts: 28
Joined: Sat Sep 18, 2010 10:05 am

Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Post by boldga »

Lantis wrote:
Sat Feb 14, 2026 7:10 am
boldga wrote:
Thu Feb 12, 2026 4:34 am
 If I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?

Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK

Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled

wireguard enabled as server.
I have PM'd you a fix.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.

Thank you
I found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Top
Lantis
Moderator
Posts: 7267
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia
Contact:
Contact Lantis

Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Post by Lantis »

boldga wrote:
Sun Feb 22, 2026 11:52 pm
Lantis wrote:
Sat Feb 14, 2026 7:10 am
boldga wrote:
Thu Feb 12, 2026 4:34 am
 If I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?

Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK

Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled

wireguard enabled as server.
I have PM'd you a fix.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.

Thank you
I found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Ah got it!
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Top
boldga
Posts: 28
Joined: Sat Sep 18, 2010 10:05 am

Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28

Post by boldga »

Lantis wrote:
Mon Feb 23, 2026 6:35 am
boldga wrote:
Sun Feb 22, 2026 11:52 pm
Lantis wrote:
Sat Feb 14, 2026 7:10 am

I have PM'd you a fix.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.

Thank you
I found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Ah got it!
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
Thanks Lantis!

Another question. I noticed that when I restarted the firewall in one of my routers, which I set some restrictions by MAC addresses, it displayed the following prompt:
/usr/lib/gargoyle/restart_firewall.sh
nft add rule inet fw4 egress_restrictions meta l4proto tcp ether saddr {some MAC addresses here} reject with tcp reset
nft add rule inet fw4 egress_restrictions ether saddr {some MAC addresses here} reject
Error: There is no such init script like 'miniupnpd'.
Is this an error?
Top
Post Reply

Return to “Show / Tell / Contribute”