1.12.0.x gargoyle-ispy 2020-March-12 21

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by ispyisail »

Lantis wrote:
Sat Apr 25, 2020 11:52 pm
This is by design.
Isolate is different to the security enabled with the guest network.
What is the difference between "Isolate" and "security enabled"

What does the "Wireless isolation" check box do?

I was hoping to have two wireless networks.

-Normal network
-Fast Roaming network

Not all clients work in the fast roaming mode :(

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by Lantis »

Isolate stops wireless clients communicating with each other.

The guest network stops clients from communicating with ANYTHING except the internet (and the DHCP/DNS ports on the router to provide those services). i.e. they can't access your local printers, network drives, or any other device wired or wireless. This is not configurable behaviour, it is inherently enabled for the guest network in Gargoyle.

If you aren't interested in that, the simplest workaround (that leaves Gargoyles GUI in tact and lets you press the save changes button without breaking it) would be to change this line in /usr/lib/gargoyle-firewall-util/gargoyle_firewall_util.sh:
https://github.com/ericpaulbishop/gargo ... il.sh#L591
from

Code: Select all

if [ "$is_guest_network" = "1" ] ; then
to

Code: Select all

if [ "$is_guest_network" = "2" ] ; then
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by ispyisail »

Thanks

So in this mode
Image

Clients can connect to each other but not printers and other stuff?

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by Lantis »

I'm 85% sure that is correct. :D
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by ispyisail »

Lantis wrote:
Sun Apr 26, 2020 4:32 am
I'm 85% sure that is correct. :D
I'm just wondering how you can tell the difference between a printer and another PC?

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by ispyisail »

I'll do some basic tests to confirm

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by Lantis »

Printer was an example. It's just any device.

The way it works is it puts a filter on the switch. So if something goes from wifi to LAN, it travels through the switch and we can filter it.
What I don't know is if it goes from 1 wifi device to another whether it uses the switch or whether it goes straight out on the wlan device again.
In any case, the "isolate" option would fix that.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

ispyisail
Moderator
Posts: 5180
Joined: Mon Apr 06, 2009 3:15 am
Location: New Zealand

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by ispyisail »

I've done tests and I've come to the conclusion that the "guest isolation selection" does nothing.

Its enabled all the time regardless of status

Image

llarsw
Posts: 5
Joined: Mon Dec 31, 2018 4:11 pm

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by llarsw »

I'm having issues with isolation too. My router config blew up in my face last night so I took the opportunity to update to 1.12 and I want to use the guest network option for my IoT devices. It works great except that if I need to get to the web interface of one of the devices I can't and disabling isolation doesn't fix that.

So ideally I would normally have isolation enabled in the web interface but if I need to get to a device temporarily I'd want to disable isolation till I'm done.

I also noticed that if I picked the "Enabled (2.4ghz only)" option and hit save changes I'd get the please wait screen forever and it would not enable. Since most IoT devices are 2.4ghz only there's no real need for 5ghz on the guest network in my use case. With "Enabled" selected it's working other than the isolation issue.

This is on a wrt32x if it makes a difference.

llarsw
Posts: 5
Joined: Mon Dec 31, 2018 4:11 pm

Re: 1.12.0.x gargoyle-ispy 2020-March-12 21

Post by llarsw »

My apologies, I should mention I am running the stock FW on the official download page. I did a search for this issue and this was the only recent thread on the issue. I didn't realize it was a discussion about a development build. I didn't realize where this topic was until I went looking for this thread again last night.

I'm not sure if this issue was present in 1.11 as I hadn't tried using guest prior.

Post Reply