YazFi YazFi v4.x

[maxbraketorque]

Can YazFi be used in combination with the approach described in the link below to create isolated Guest networks on a second router?

AsusWRT and guest network with no intranet access on AP mode

I have 2 RT-AC68U running AsusWRT 384.13. One is the main router, connected to the internet via a cable modem. The other is configured as AP mode and connected to the main router via ethernet. The primary router provides 2 SSID, let's call them SSID1_24 and SSID1_5. The secondary AP uses...

www.snbforums.com

 

[Jack Yaz]

If your AP is actually running in router mode with its own subnet, you could leverage additional firewall rules in YazFi via user scripts to allow YazFi guests to talk/not talk to that router

 

[maxbraketorque]

If your AP is actually running in router mode with its own subnet, you could leverage additional firewall rules in YazFi via user scripts to allow YazFi guests to talk/not talk to that router

ok. Seems like this is a viable solution if I can figure out how to make this work.

 

[maxbraketorque]

Well, I got my AP working in router mode, but I'm not sure that I'm any better off yet. Here is the setup for the "AP" following guho's directions:

The AP is connected to the main router via LAN to LAN port.

Advanced Settings - WAN

• WAN connection type - Static
• Enable WAN - Yes
• Enable NAT - No
• Enable UPnP - No
• WAN IP - 192.168.0.2 - This is not a subnet that I am using.
• Subnet Mask - 255.255.255.0
• Default Gateway - 192.168.0.1 - This is not a subnet that I am using.
• DNS Server - Set to LAN IP of my main router.

Advanced Settings - LAN

• LAN IP
  • IP address - Set to private IP addy on the LAN address range of the main router.
  • Subnet mask - 255.255.255.0
• DHCP Server
  • DHCP server - disabled.
• LAN - Route
  • Static route enabled
    • Host IP and netmask set to 0.0.0.0
    • Gateway set to LAN IP address of my main router
    • Metric is null
    • Interface is LAN

Advanced Settings - Firewall

• General
  • IPv4 firewall - disabled
  • IPv6 firewall - disabled

When I connect to the regular wireless networks on the AP, I can readily access everything on the LAN and on the internet. YazFi was successfully installed on the AP. If Guest networks are enabled, and YazFi is not operational, guest networks from the AP can only access the internet when "Access Intranet" is enabled. With YazFi enabled along with full isolation from LAN and other clients, there is no LAN or internet access. Perhaps the key issue here is that the AP (in router mode) is still connected to the main router via the LAN port on the main router? Any suggestions on where to go from here?

 

[Patrick123]

Hello,

Can i use YazFi to bind a guest network to a physical port of my RT-AC87U router? (with latest version of merlin)

Greetz: Patrick

 

[TITAN]

Loving YazFi so far, just wondering if there is any way to have the guests show in connected devices (Network Map) page and traffic analyser statistics?

 

[bennor]

Loving YazFi so far, just wondering if there is any way to have the guests show in connected devices (Network Map) page and traffic analyser statistics?

This issue gets asked from time to time. Here is one prior response by Jack on this Network Map issue.
https://www.snbforums.com/threads/a...-device-on-private-network.69671/#post-655957

Network map is hardcoded by Asus to only look at the primary subnet, unfortunately it isn't possible to list YazFi guests there. You can check in the Wireless Log as you do now, or using option 2 in the YazFi CLI menu. (GUI list is on the feature request list)

For now to see connected yazfi clients one can use; the system log > wireless log, or the yazfi cli option #2, or one issues the ssh command: cat /var/lib/misc/dnsmasq.leases

 

[TITAN]

This issue gets asked from time to time. Here is one prior response by Jack on this Network Map issue.
https://www.snbforums.com/threads/a...-device-on-private-network.69671/#post-655957

For now to see connected yazfi clients one can use; the system log > wireless log, or the yazfi cli option #2, or one issues the ssh command: cat /var/lib/misc/dnsmasq.leases

Didn't even know that page existed, that's brilliant, thank you

Any ideas/suggestions on the traffic analyser statistics?

 

[Jack Yaz]

Hello,

Can i use YazFi to bind a guest network to a physical port of my RT-AC87U router? (with latest version of merlin)

Greetz: Patrick

not at the moment. a re-write to use bridges that would allow this is something i'm considering

 

[maxbraketorque]

Something has gone wrong with YazFi after updating my AC86U firmware to 386.3b1 and applying the YazFi 4.2.1 hotfix. Here are some notes on this:

• If I set the YazFi guest network to a subnet higher than my router LAN subnet, e.g., if my router LAN subnet is 192.168.120.x and YazFi is set to 192.168.130.x, then the YazFi guest network no longer has internet access, nor does it have access to the LAN.
• If I set the YazFi guest network to a subnet lower than my router LAN subnet, e.g., 192.168.110.x, then YazFi guests can access the internet, but they can also access some LAN resources. For instance, I can access the router via the webui and via ssh. It also appears that port 443 is open to the LAN. When running in this configuration, if I view the YazFi client list from the CLI (option 2) it shows the client Hostname and IP values as "UNKNOWN".
• Uninstalling and reinstalling YazFi with router power cycles after each step does not fix the issue. When I uninstalled YazFi, I told it to delete all setting.
• As best as I can estimate, its something due to there being two active VPN clients running on this router. These clients permanently connect to ASUS routers across the WAN to join all my networks together. The VPN tunnels are only for accessing LAN resources between the networks.

 

[Jack Yaz]

Something has gone wrong with YazFi after updating my AC86U firmware to 386.3b1 and applying the YazFi 4.2.1 hotfix. Here are some notes on this:

• If I set the YazFi guest network to a subnet higher than my router LAN subnet, e.g., if my router LAN subnet is 192.168.120.x and YazFi is set to 192.168.130.x, then the YazFi guest network no longer has internet access, nor does it have access to the LAN.
• If I set the YazFi guest network to a subnet lower than my router LAN subnet, e.g., 192.168.110.x, then YazFi guests can access the internet, but they can also access some LAN resources. For instance, I can access the router via the webui and via ssh. It also appears that port 443 is open to the LAN. When running in this configuration, if I view the YazFi client list from the CLI (option 2) it shows the client Hostname and IP values as "UNKNOWN".
• Uninstalling and reinstalling YazFi with router power cycles after each step does not fix the issue. When I uninstalled YazFi, I told it to delete all setting.
• As best as I can estimate, its something due to there being two active VPN clients running on this router. These clients permanently connect to ASUS routers across the WAN to join all my networks together. The VPN tunnels are only for accessing LAN resources between the networks.

are you redirecting anything to VPN with YazFi? if yes, turn that off and check again please

 

[Jack Yaz]

Something has gone wrong with YazFi after updating my AC86U firmware to 386.3b1 and applying the YazFi 4.2.1 hotfix. Here are some notes on this:

• If I set the YazFi guest network to a subnet higher than my router LAN subnet, e.g., if my router LAN subnet is 192.168.120.x and YazFi is set to 192.168.130.x, then the YazFi guest network no longer has internet access, nor does it have access to the LAN.
• If I set the YazFi guest network to a subnet lower than my router LAN subnet, e.g., 192.168.110.x, then YazFi guests can access the internet, but they can also access some LAN resources. For instance, I can access the router via the webui and via ssh. It also appears that port 443 is open to the LAN. When running in this configuration, if I view the YazFi client list from the CLI (option 2) it shows the client Hostname and IP values as "UNKNOWN".
• Uninstalling and reinstalling YazFi with router power cycles after each step does not fix the issue. When I uninstalled YazFi, I told it to delete all setting.
• As best as I can estimate, its something due to there being two active VPN clients running on this router. These clients permanently connect to ASUS routers across the WAN to join all my networks together. The VPN tunnels are only for accessing LAN resources between the networks.

also, diagnostics please

 

[maxbraketorque]

are you redirecting anything to VPN with YazFi? if yes, turn that off and check again please

No YazFi redirects to either VPN tunnel. One-way and two-way traffic are disabled and client isolation is enabled. No rules in VPNDirector either.

 

[Jeffrey Young]

not at the moment. a re-write to use bridges that would allow this is something i'm considering

I like this idea. I played around with the original guest bridges on the ac86u before using yazfi as I wanted to put a wired AP in the guest network. Ended up using a repeater instead. But before installing yazfi, it was pretty simple too just move the one port to the guest bridge.

 

[Jack Yaz]

Little POC of a new feature in the next version

 

[NinjaTortuga]

Hello all. I’ve recently started working with some of the available addons for my AC86u but have run into a problem using YazFi for separate Wi-Fi vpn and standard guest networks. Any assistance would be greatly appreciated.

Basically, I can’t apply any settings on the YazFi page no matter what I try and plug in. Even if it’s just enabling and trying to apply.

All devices have been properly nuked, and upgraded in the past few days. Only modifications I’ve made are related to getting me this far. I was able to get amtm, Entware, Diversion, and YazFi installed without issues with L&LD’s guide. Thanks for that!

My goal is to have a SSID for trusted devices, a VPN SSID, and a guest network for IoT devices. Wired devices, SSID1, and guest network should be getting custom DNS from master router. The VPN SSID should be the recommended DNS from the provider preferably with the kill switch enabled. Currently I don’t have a policy rule set for forcing clients through the tunnel.

Thank in advance!

 

[Jack Yaz]

Hello all. I’ve recently started working with some of the available addons for my AC86u but have run into a problem using YazFi for separate Wi-Fi vpn and standard guest networks. Any assistance would be greatly appreciated.

Basically, I can’t apply any settings on the YazFi page no matter what I try and plug in. Even if it’s just enabling and trying to apply.

All devices have been properly nuked, and upgraded in the past few days. Only modifications I’ve made are related to getting me this far. I was able to get amtm, Entware, Diversion, and YazFi installed without issues with L&LD’s guide. Thanks for that!

My goal is to have a SSID for trusted devices, a VPN SSID, and a guest network for IoT devices. Wired devices, SSID1, and guest network should be getting custom DNS from master router. The VPN SSID should be the recommended DNS from the provider preferably with the kill switch enabled. Currently I don’t have a policy rule set for forcing clients through the tunnel.

Thank in advance!

Can you screenshot the webui page with 5ghz expanded please? I suspect the issue is in that section.

 

[NinjaTortuga]

Can you screenshot the webui page with 5ghz expanded please? I suspect the issue is in that section.

Thank you for the reply.

You can see remnants of my original attempt of guest 3 on 5G. That yielded the same error message so I deleted it and tried again on 2.4. Smart connect enabled (default) after the nuke. I though this might have something to do with it but haven't touched it yet.

 

[Jack Yaz]

Thank you for the reply.

You can see remnants of my original attempt of guest 3 on 5G. That yielded the same error message so I deleted it and tried again on 2.4. Smart connect enabled (default) after the nuke. I though this might have something to do with it but haven't touched it yet.

i cant see anything there that should fail validation. can you try via option 1 of yazfi over ssh please and let me know if it gives more info?

 

[Jack Yaz]

I'm looking for testers of YazFi and the upcoming VPN Director firmware feature (currently in beta). Is anyone interested?