Others (Individual) quotas problem
Moderator: Moderators
Others (Individual) quotas problem
I'm having a problem setting up quotas in Gargoyle. It turns out that setting the "All Individual Hosts Without Explicit Quotas" function simply doesn't work in "Quota usage" (No hosts without explicit quotas appear).
The same problem does not occur in the "Combined" function.
Why is this happening?
Thank you for your attention.
Gargoyle Version:1.14.0
Model:TP-Link Archer C7 v5
Active Quotas:
192.168.1.101-192.168.1.111 Always NA/0kB/NA
Others (Individual) Always NA/100MB/NA
QoS (
Normal 65% zero nolimit
Outros 30% zero nolimit
Limited 5% zero 3000
Hosts With Active Connections:
A56 192.168.1.108
Asus_G 192.168.1.105
android 192.168.1.158
RedmiNote 192.168.1.204
The same problem does not occur in the "Combined" function.
Why is this happening?
Thank you for your attention.
Gargoyle Version:1.14.0
Model:TP-Link Archer C7 v5
Active Quotas:
192.168.1.101-192.168.1.111 Always NA/0kB/NA
Others (Individual) Always NA/100MB/NA
QoS (
Normal 65% zero nolimit
Outros 30% zero nolimit
Limited 5% zero 3000
Hosts With Active Connections:
A56 192.168.1.108
Asus_G 192.168.1.105
android 192.168.1.158
RedmiNote 192.168.1.204
Re: Others (Individual) quotas problem
This is already reported and fixed in 1.15
https://github.com/ericpaulbishop/gargoyle/issues/991
https://github.com/ericpaulbishop/gargoyle/issues/991
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Others (Individual) quotas problem
Thanks, i installed version 1.15 and now it works perfectly.
There is only one problem that I can report:
It works perfectly at startup, but if you run "/etc/init.d/firewall restart", for some reason the function breaks, returning normally only after the router has been restarted.
Output:
There is only one problem that I can report:
It works perfectly at startup, but if you run "/etc/init.d/firewall restart", for some reason the function breaks, returning normally only after the router has been restarted.
Output:
Code: Select all
root@Router:~# /etc/init.d/firewall restart
Warning: Option @defaults[0].enforce_dhcp_assignments is unknown
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing IPv6 filter table
* Flushing IPv6 nat table
* Flushing IPv6 mangle table
* Flushing IPv6 raw table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
- Using automatic conntrack helper attachment
* Zone 'wan'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'lan' -> 'wan'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 nat table
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 raw table
* Zone 'lan'
- Using automatic conntrack helper attachment
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
Bad argument `MASQUERADE'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `ACCEPT'
Try `iptables -h' or 'iptables --help' for more information.
* Running script '/etc/firewall.user'
* Running script '/etc/openvpn.firewall'
* Running script '/etc/wireguard.firewall'
root@Router:~#
Last edited by user.xd on Thu Sep 26, 2024 12:18 pm, edited 1 time in total.
Re: Others (Individual) quotas problem
I’ll take a look.
Does /usr/lib/gargoyle/restart_firewall.sh work?
This is the proper way to restart the firewall with Gargoyle.
Also, did you preserve settings when upgrading? This may cause an issue and should have been reset.
Does /usr/lib/gargoyle/restart_firewall.sh work?
This is the proper way to restart the firewall with Gargoyle.
Also, did you preserve settings when upgrading? This may cause an issue and should have been reset.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Others (Individual) quotas problem
In this new version I configured everything from 0, not preserving the old settings.
Now using the command: "/usr/lib/gargoyle/ restart_firewall .sh" I could see that it worked without problems. It even reestablished the function when interrupted by the other command.
Output:
I used "/etc/init.d/firewall restart" to undo some temporary iptables and ebtables script rules.
Now using the command: "/usr/lib/gargoyle/ restart_firewall .sh" I could see that it worked without problems. It even reestablished the function when interrupted by the other command.
Output:
Code: Select all
root@Router:~# /usr/lib/gargoyle/restart_firewall. sh
iptables: No chain/target/match by that name.
ip6tables: No chain/target/match by that name.
Error: There is no such init script like 'miniupnpd'.
Last edited by user.xd on Fri Sep 27, 2024 12:17 am, edited 1 time in total.
Re: Others (Individual) quotas problem
Stick with the Gargoyle official method of restarting the firewall.
Ideally both methods work without issue, so I will look into it further.
Ideally both methods work without issue, so I will look into it further.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Others (Individual) quotas problem
I've had a look at the problem.
There are many services that should really be started and stopped in a specific order when the firewall needs to be restarted for Gargoyle to operate correctly.
The /usr/lib/gargoyle/restart_firewall.sh script takes care of this for you.
If you call only /etc/init.d/firewall restart, the Gargoyle firewall is initialised, but Quotas, Restrictions and Port Forwarding Loopbacks are not created.
While I think it would be possible to have this behave the same no matter which way you call it, I don't think I could reliably test every possible configuration and outcome to be sure I've got it right. So for now I'm calling it expected behaviour and advising to use the Gargoyle method to restart the firewall.
There are many services that should really be started and stopped in a specific order when the firewall needs to be restarted for Gargoyle to operate correctly.
The /usr/lib/gargoyle/restart_firewall.sh script takes care of this for you.
If you call only /etc/init.d/firewall restart, the Gargoyle firewall is initialised, but Quotas, Restrictions and Port Forwarding Loopbacks are not created.
While I think it would be possible to have this behave the same no matter which way you call it, I don't think I could reliably test every possible configuration and outcome to be sure I've got it right. So for now I'm calling it expected behaviour and advising to use the Gargoyle method to restart the firewall.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Others (Individual) quotas problem
OK thanks!
Enjoying, just going a little off topic.
How do I access OpenVPN Server through IPV6?
I was able to remotely access SSH with Putty via IPV6 but the VPN only stays something like this when trying in client:
Internally the connection is successful with the local IP 192.168.1.1
Any Firewall rules I'm missing or other settings?
Enjoying, just going a little off topic.
How do I access OpenVPN Server through IPV6?
I was able to remotely access SSH with Putty via IPV6 but the VPN only stays something like this when trying in client:
Code: Select all
Fri Sep 27 15:06:10 2024 Remote UDP Link: [AF_INET6]2804:xxxx:xxx:x:xxx:xxxx:xxx:xxxx:1094
Fri Sep 27 15:06:10 2024 MANAGEMENT: > STATE: 1727460370, WAIT,,,,,,
Any Firewall rules I'm missing or other settings?
Re: Others (Individual) quotas problem
We don’t enable IPv6 for OpenVPN. If you want to enable it yourself have a look at modifying the config at /etc/openvpn/server.conf
Also add appropriate firewall rules to accept the connection.
Also add appropriate firewall rules to accept the connection.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: Others (Individual) quotas problem
Now it works!
I changed the proto "udp" to "udp6" in server.conf and added "float" in the client's .ovpn file.
And finally I released the door with:
Many networks are behind NAT and do not always have an external IPV4 available, it would be interesting in future versions to perhaps implement the option on the web configuration page as an alternative.
Thank you for your attention.
I changed the proto "udp" to "udp6" in server.conf and added "float" in the client's .ovpn file.
And finally I released the door with:
Code: Select all
ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT
Thank you for your attention.