Gargoyle 1.15.x BETA - 2024-08-11 - Based on OpenWrt 23.05

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

Lantis
Moderator
Posts: 6911
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

You reported that while using Tor ipv6 addresses weren’t anonymised.
I fixed that by disabling IPv6 routing while Tor is enabled. While this might be the sledge hammer for the nail, handling it properly without using NAT6 was more effort than I wanted to put into it.

IPv6 doesn’t leak anymore. Problem fixed. :)
If someone wants to put in more effort than that, contributions are welcome

I did however go to the effort of making sure we support IPv6 when we are acting as a bridge or relay.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Thu Jul 04, 2024 6:36 am
You reported that while using Tor ipv6 addresses weren’t anonymised.
I fixed that by disabling IPv6 routing while Tor is enabled. While this might be the sledge hammer for the nail, handling it properly without using NAT6 was more effort than I wanted to put into it.
That's fair enough.

Just to be clear of the effect I was seeing with each plugin version.

With the 1.15.x_2305_test_builds version, IPV6, would not work at all on any computer in the network, if the plug in was installed, not even enabled. All computers had their IPV6 address's as they did when IPV6 was working, but test sites reported IPV6 was not enabled.
Was that the effect you were going for? If yes, I would agree that's using a sledgehammer for a nail.
Maybe it was because it was the wrong version plugin for the Gargoyle I had installed, I am not sure.

With the 1.15.x_20240520 version it behaves as I previously reported where the IPV6 address stays the same whether Tor is in use or not. But as I mentioned, I can disable IPV6 on the particular computer I am messing with Tor on, and that's an easy enough work around.

BTW When I play I with Tor, I use the "Enabled by each host" variety of the Tor Anonymization Client.

Lantis
Moderator
Posts: 6911
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

Just installing the plugin is not enough to turn off IPv6. If you're experiencing that, it's a bug.
But I cannot see how that can be possible. None of the firewall rules fire if the plugin is disabled. I just tested it and I cannot reproduce that behaviour.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Fri Jul 05, 2024 10:05 am
Just installing the plugin is not enough to turn off IPv6. If you're experiencing that, it's a bug.
I wouldn't have thought so either. Yet installing Tor killed IPV6 connectivity to the internet and uninstalling it restored it.

My Gargoyle is 1.15.X (Built 20240518-1111 git@d891778a)

Could the wrong version plugin do something like that? As I mentioned previously the previous links I had to your plugin repositories stopped working, so I googled and found what I thought were the new links.

The repositories I used were ones found here
https://lantisproject.com/downloads/gar ... rget=mvebu

After the ipv6 issue, I went looking for repositories closer to my version of Gargoyle

And found these
https://lantisproject.com/downloads/gar ... rget=mvebu

That restored the previous functionality I had, before everything fell apart.

Lantis
Moderator
Posts: 6911
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

Install the latest firmware image and the latest plugin repository. Please don't attempt to mix and match plugin repositories.

Can you do a clean test please. Start with plugin uninstalled.
0. Check initial ipv6 connectivity is OK
1. rm /etc/config/tor
2. ip6tables -t filter -nvL | grep tor
3. Check ipv6 connectivity
4. Install tor plugin, do not configure it
5. ip6tables -t filter -nvL | grep tor
6. Check ipv6 connectivity
7. Configure tor
8. cat /etc/config/tor (paste it here)
9. ip6tables -t filter -nvL | grep tor
10. Check ipv6 connectivity
11. Disable tor
12. ip6tables -t filter -nvL | grep tor
13. check ipv6 connectivity

Post back results at each step.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Lantis
Moderator
Posts: 6911
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

fifonik wrote:
Wed Jul 03, 2024 9:53 am
When I just visiting update.sh page I have two lines of such error in log.
If I remove line '<%din hooks/update/ %>' from update.sh -- there is no such error any longer when I visiting the page.
I do not know how gargoyle's macro prosessor works so unable to debug it further.

P.S. I understand that it probably harmless. Still as a developer I do not like to see 'error' in production's logs :)
Figured it out. Bad line endings on /www/hooks/update/050-doh.sh
https://github.com/ericpaulbishop/gargo ... dce4a5dee1
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

Lantis wrote:
Sat Jul 06, 2024 8:17 am
Can you do a clean test please. Start with plugin uninstalled.
I just tried to do it on my original Gargoyle 1.12 Linksys WRT1900AC v2, I don't want to risk the currently working one, and want to have a working router, if something goes wrong.
So I downloaded the latest sysupgrade version, loaded it and hit upgrade, it uploaded the file and said it was upgrading. But it didn't appear to do anything. After about 5 minutes I tried loading the gargoyle page and Gargoyle 1.12 popped straight up.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

I remembered having issues seeing the temperatures when I first loaded the firmware on the currently working router and you got me to do
cat /tmp/sysinfo/model

out of curiosity I thought I would check that on this router and it gives

Linksys WRT1900ACv2

where as the other one has the space

Linksys WRT1900AC v2

Wondering would that be the reason the sys upgrade doesn't seem to work?

Lantis
Moderator
Posts: 6911
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by Lantis »

Sysupgrade that far means you are running into the DSA changes and possibly the storage layout change. If you run the sysupgrade via the command line it will tell you what you need to do. I think you need to do a new factory image and not preserve settings.

If the model name difference is an issue it will highlight to you as well.

Another option is to incrementally upgrade.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

rockyd
Posts: 93
Joined: Tue Oct 22, 2019 5:49 am

Re: Gargoyle 1.15.x BETA - 2024-05-20 - Based on OpenWrt 23.05

Post by rockyd »

OK I tried via the commandline, got a bunch of errors, so I thought it failed. But it seems to to have worked.

root@Gargoyle:/tmp# sysupgrade -F -n -v gargoyle.bin
Device armada-385-linksys-cobra not supported by this image
Supported devices: linksys,wrt1900ac-v2 armada-385-linksys-cobra linksys,cobra - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA
Image check 'fwtool_check_image' failed but --force given - will update anyway!
Commencing upgrade. Closing all shell sessions.

Post Reply