Gargoyle Forum

Lantis wrote: ↑

Sat Apr 25, 2020 11:52 pm

This is by design.
Isolate is different to the security enabled with the guest network.

What is the difference between "Isolate" and "security enabled"

What does the "Wireless isolation" check box do?

I was hoping to have two wireless networks.

-Normal network
-Fast Roaming network

Not all clients work in the fast roaming mode

Isolate stops wireless clients communicating with each other.

The guest network stops clients from communicating with ANYTHING except the internet (and the DHCP/DNS ports on the router to provide those services). i.e. they can't access your local printers, network drives, or any other device wired or wireless. This is not configurable behaviour, it is inherently enabled for the guest network in Gargoyle.

If you aren't interested in that, the simplest workaround (that leaves Gargoyles GUI in tact and lets you press the save changes button without breaking it) would be to change this line in /usr/lib/gargoyle-firewall-util/gargoyle_firewall_util.sh:
https://github.com/ericpaulbishop/gargo ... il.sh#L591
from to

Thanks

So in this mode


Clients can connect to each other but not printers and other stuff?

I'm 85% sure that is correct.

Lantis wrote: ↑

Sun Apr 26, 2020 4:32 am

I'm 85% sure that is correct.

I'm just wondering how you can tell the difference between a printer and another PC?

I'll do some basic tests to confirm

Printer was an example. It's just any device.

The way it works is it puts a filter on the switch. So if something goes from wifi to LAN, it travels through the switch and we can filter it.
What I don't know is if it goes from 1 wifi device to another whether it uses the switch or whether it goes straight out on the wlan device again.
In any case, the "isolate" option would fix that.

I've done tests and I've come to the conclusion that the "guest isolation selection" does nothing.

Its enabled all the time regardless of status

I'm having issues with isolation too. My router config blew up in my face last night so I took the opportunity to update to 1.12 and I want to use the guest network option for my IoT devices. It works great except that if I need to get to the web interface of one of the devices I can't and disabling isolation doesn't fix that.

So ideally I would normally have isolation enabled in the web interface but if I need to get to a device temporarily I'd want to disable isolation till I'm done.

I also noticed that if I picked the "Enabled (2.4ghz only)" option and hit save changes I'd get the please wait screen forever and it would not enable. Since most IoT devices are 2.4ghz only there's no real need for 5ghz on the guest network in my use case. With "Enabled" selected it's working other than the isolation issue.

This is on a wrt32x if it makes a difference.

My apologies, I should mention I am running the stock FW on the official download page. I did a search for this issue and this was the only recent thread on the issue. I didn't realize it was a discussion about a development build. I didn't realize where this topic was until I went looking for this thread again last night.

I'm not sure if this issue was present in 1.11 as I hadn't tried using guest prior.