Thanks.
I did not think I was crazy, but I was slightly frustrated as I know if dev unable to find/re-produce the issue -- it will never be fixed.
Now I have a hope.
Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
Moderator: Moderators
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
Thanks Lantis,Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
I'm currently on vacation and will test it next Monday.
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
I found it partially works, but there still seem to be some bugs with wireguard.Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
Ah got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pmI found it partially works, but there still seem to be some bugs with wireguard.Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
Thanks Lantis!Lantis wrote: ↑Mon Feb 23, 2026 6:35 amAh got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pmI found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
Another question. I noticed that when I restarted the firewall in one of my routers, which I set some restrictions by MAC addresses, it displayed the following prompt:
Is this an error?/usr/lib/gargoyle/restart_firewall.sh
nft add rule inet fw4 egress_restrictions meta l4proto tcp ether saddr {some MAC addresses here} reject with tcp reset
nft add rule inet fw4 egress_restrictions ether saddr {some MAC addresses here} reject
Error: There is no such init script like 'miniupnpd'.
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
No not a problem unless you are using upnp.boldga wrote: ↑Mon Feb 23, 2026 10:45 amThanks Lantis!Lantis wrote: ↑Mon Feb 23, 2026 6:35 amAh got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pm
I found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
Another question. I noticed that when I restarted the firewall in one of my routers, which I set some restrictions by MAC addresses, it displayed the following prompt:
Is this an error?/usr/lib/gargoyle/restart_firewall.sh
nft add rule inet fw4 egress_restrictions meta l4proto tcp ether saddr {some MAC addresses here} reject with tcp reset
nft add rule inet fw4 egress_restrictions ether saddr {some MAC addresses here} reject
Error: There is no such init script like 'miniupnpd'.
The printing of the nft commands is just part of debugging and only happens when you invoke the script manually. You would normally not see them in logs etc.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Gargoyle 1.15.x OpenWrt 24.10 - 2026-01-28
Before I update all the release information etc, a soft release has been made available to tackle the pppoe bandwidth graph issue, pppoe uptime issue and guest isolation issue.
Feedback appreciated.
https://lantisproject.com/downloads/gar ... DIyNCJdXX0
I have a strong feeling that dual stack pppoe (IPv4 + IPv6) will not record any IPv6 traffic in the bandwidth graphs. I’m investigating, would appreciate anyone confirming as such.
Feedback appreciated.
https://lantisproject.com/downloads/gar ... DIyNCJdXX0
I have a strong feeling that dual stack pppoe (IPv4 + IPv6) will not record any IPv6 traffic in the bandwidth graphs. I’m investigating, would appreciate anyone confirming as such.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog