A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/
Thanks Lantis,Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
I found it partially works, but there still seem to be some bugs with wireguard.Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
Ah got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pmI found it partially works, but there still seem to be some bugs with wireguard.Lantis wrote: ↑Sat Feb 14, 2026 7:10 amI have PM'd you a fix.boldga wrote: ↑Thu Feb 12, 2026 4:34 amIf I recall correctly, guest Wi-Fi should not be able to connect to LAN hosts. However, after Flash the firmware in AX4200Q, when connected to guest Wi-Fi, it can connect to LAN hosts. Is this a bug?
Guest Network:
Enabled (2.4GHz Only)
Encryption:
WPA3/WPA2 SAE/PSK
Fast Roaming:
Disabled
Broadcast SSID:
Enabled
Wireless Client Isolation:
Enabled
wireguard enabled as server.
If I haven't heard back in a week I'll push it out anyway, but it would be great to get a verification, if you have the time and are able to assist.
Thank you
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Thanks Lantis!Lantis wrote: ↑Mon Feb 23, 2026 6:35 amAh got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pmI found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
Is this an error?/usr/lib/gargoyle/restart_firewall.sh
nft add rule inet fw4 egress_restrictions meta l4proto tcp ether saddr {some MAC addresses here} reject with tcp reset
nft add rule inet fw4 egress_restrictions ether saddr {some MAC addresses here} reject
Error: There is no such init script like 'miniupnpd'.
No not a problem unless you are using upnp.boldga wrote: ↑Mon Feb 23, 2026 10:45 amThanks Lantis!Lantis wrote: ↑Mon Feb 23, 2026 6:35 amAh got it!boldga wrote: ↑Sun Feb 22, 2026 11:52 pm
I found it partially works, but there still seem to be some bugs with wireguard.
Since I use WireGuard to connect two routers (192.168.1.1 and 192.168.8.1), if I connect to the guest Wi-Fi of the 192.168.1.1 router, it isolates me from 192.168.1.0/24 but allows access to 192.168.8.0/24. Conversely, connecting to the guest Wi-Fi of the router at 192.168.8.1 isolates me from 192.168.8.0/24 but permits access to 192.168.1.0/24.
Have a look here: https://github.com/lantis1008/gargoyle/ ... #L716-L719
If you add in lines 716-719 to your file that should fix that as well.
I did think those might still be required but convinced myself otherwise. WireGuard (and OpenVPN) are the exceptions.
Another question. I noticed that when I restarted the firewall in one of my routers, which I set some restrictions by MAC addresses, it displayed the following prompt:
Is this an error?/usr/lib/gargoyle/restart_firewall.sh
nft add rule inet fw4 egress_restrictions meta l4proto tcp ether saddr {some MAC addresses here} reject with tcp reset
nft add rule inet fw4 egress_restrictions ether saddr {some MAC addresses here} reject
Error: There is no such init script like 'miniupnpd'.
Hi Lantis,Lantis wrote: ↑Thu Feb 26, 2026 8:17 amFeedback appreciated.
https://lantisproject.com/downloads/gar ... DIyNCJdXX0
They disappear from WebUI -> Status -> Overview -> WAN IP Address and LAN IP Address. In my case, I should have an SLAAC for pppoe-wan as well as a delegated IPv6 address for br-lan. They won't exist a few days later. At that time, I also can't see an IPv6 default route by using "ip -6 ro" command. I will double check for this with an old firmware.