Others (Individual) quotas problem

Report issues relating to bandwith monitoring, bandwidth quotas or QoS in this forum.

Moderator: Moderators

Post Reply
user.xd
Posts: 3
Joined: Fri Sep 20, 2024 4:42 pm

Others (Individual) quotas problem

Post by user.xd »

I'm having a problem setting up quotas in Gargoyle. It turns out that setting the "All Individual Hosts Without Explicit Quotas" function simply doesn't work in "Quota usage" (No hosts without explicit quotas appear).

The same problem does not occur in the "Combined" function.

Why is this happening?
Thank you for your attention.

Gargoyle Version:1.14.0
Model:TP-Link Archer C7 v5


Active Quotas:
192.168.1.101-192.168.1.111 Always NA/0kB/NA
Others (Individual) Always NA/100MB/NA

QoS (
Normal 65% zero nolimit
Outros 30% zero nolimit
Limited 5% zero 3000

Hosts With Active Connections:
A56 192.168.1.108
Asus_G 192.168.1.105
android 192.168.1.158
RedmiNote 192.168.1.204

Lantis
Moderator
Posts: 6921
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Others (Individual) quotas problem

Post by Lantis »

This is already reported and fixed in 1.15
https://github.com/ericpaulbishop/gargoyle/issues/991
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

user.xd
Posts: 3
Joined: Fri Sep 20, 2024 4:42 pm

Re: Others (Individual) quotas problem

Post by user.xd »

Thanks, i installed version 1.15 and now it works perfectly.

There is only one problem that I can report:

It works perfectly at startup, but if you run "/etc/init.d/firewall restart", for some reason the function breaks, returning normally only after the router has been restarted.

Output:

Code: Select all

root@Router:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv4 raw table
 * Flushing IPv6 filter table
 * Flushing IPv6 nat table
 * Flushing IPv6 mangle table
 * Flushing IPv6 raw table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 raw table
   * Zone 'lan'
     - Using automatic conntrack helper attachment
   * Zone 'wan'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 raw table
   * Zone 'lan'
     - Using automatic conntrack helper attachment
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
 * Running script '/etc/firewall.user'
 * Running script '/etc/openvpn.firewall'
 * Running script '/etc/wireguard.firewall'
root@Router:~#
Last edited by user.xd on Thu Sep 26, 2024 12:18 pm, edited 1 time in total.

Lantis
Moderator
Posts: 6921
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Others (Individual) quotas problem

Post by Lantis »

I’ll take a look.
Does /usr/lib/gargoyle/restart_firewall.sh work?
This is the proper way to restart the firewall with Gargoyle.

Also, did you preserve settings when upgrading? This may cause an issue and should have been reset.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

user.xd
Posts: 3
Joined: Fri Sep 20, 2024 4:42 pm

Re: Others (Individual) quotas problem

Post by user.xd »

In this new version I configured everything from 0, not preserving the old settings.

Now using the command: "/usr/lib/gargoyle/ restart_firewall .sh" I could see that it worked without problems. It even reestablished the function when interrupted by the other command.

Output:

Code: Select all

root@Router:~# /usr/lib/gargoyle/restart_firewall. sh
iptables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.
Error: There is no such init script like 'miniupnpd'.
I used "/etc/init.d/firewall restart" to undo some temporary iptables and ebtables script rules.
Last edited by user.xd on Fri Sep 27, 2024 12:17 am, edited 1 time in total.

Lantis
Moderator
Posts: 6921
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Others (Individual) quotas problem

Post by Lantis »

Stick with the Gargoyle official method of restarting the firewall.
Ideally both methods work without issue, so I will look into it further.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Lantis
Moderator
Posts: 6921
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Others (Individual) quotas problem

Post by Lantis »

I've had a look at the problem.
There are many services that should really be started and stopped in a specific order when the firewall needs to be restarted for Gargoyle to operate correctly.
The /usr/lib/gargoyle/restart_firewall.sh script takes care of this for you.
If you call only /etc/init.d/firewall restart, the Gargoyle firewall is initialised, but Quotas, Restrictions and Port Forwarding Loopbacks are not created.

While I think it would be possible to have this behave the same no matter which way you call it, I don't think I could reliably test every possible configuration and outcome to be sure I've got it right. So for now I'm calling it expected behaviour and advising to use the Gargoyle method to restart the firewall.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

user.xd
Posts: 3
Joined: Fri Sep 20, 2024 4:42 pm

Re: Others (Individual) quotas problem

Post by user.xd »

OK thanks!

Enjoying, just going a little off topic.
How do I access OpenVPN Server through IPV6?
I was able to remotely access SSH with Putty via IPV6 but the VPN only stays something like this when trying in client:

Code: Select all

Fri Sep 27 15:06:10 2024 Remote UDP Link: [AF_INET6]2804:xxxx:xxx:x:xxx:xxxx:xxx:xxxx:1094
Fri Sep 27 15:06:10 2024 MANAGEMENT: > STATE: 1727460370, WAIT,,,,,,
Internally the connection is successful with the local IP 192.168.1.1

Any Firewall rules I'm missing or other settings?

Lantis
Moderator
Posts: 6921
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Others (Individual) quotas problem

Post by Lantis »

We don’t enable IPv6 for OpenVPN. If you want to enable it yourself have a look at modifying the config at /etc/openvpn/server.conf
Also add appropriate firewall rules to accept the connection.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

user.xd
Posts: 3
Joined: Fri Sep 20, 2024 4:42 pm

Re: Others (Individual) quotas problem

Post by user.xd »

Now it works!

I changed the proto "udp" to "udp6" in server.conf and added "float" in the client's .ovpn file.

And finally I released the door with:

Code: Select all

ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT
Many networks are behind NAT and do not always have an external IPV4 available, it would be interesting in future versions to perhaps implement the option on the web configuration page as an alternative.

Thank you for your attention.

Post Reply