Menu
What's new
By:
Filters Better Search

How to use a different subnet for WiFi guest network?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

First attempt here: https://pastebin.com/WnEeg41E

Usage notes and further commenting for which bits to edit will follow - tonight was not a good night, most of it spent in the hospital visiting a very poorly relative =[

General usage is:

./GuestWifi.sh wl0.2
./GuestWifi.sh wl0.1 vpnall 1 #redirects all wl0.1 over VPN client 1 N.B. subnet/clients must be added in Policy Routing (i have been working on the ip rule lookup bit to save this step, lets call that v2)
./GuestWifi.sh wl0.3 vpn 1 #allows wl0.3 to be routed over VPN client 3, for use with selective port routing over VPN N.B. same as example above
 
Jack Yaz said:
First attempt here: https://pastebin.com/WnEeg41E

Usage notes and further commenting for which bits to edit will follow - tonight was not a good night, most of it spent in the hospital visiting a very poorly relative =[

General usage is:

./GuestWifi.sh wl0.2
./GuestWifi.sh wl0.1 vpnall 1 #redirects all wl0.1 over VPN client 1 N.B. subnet/clients must be added in Policy Routing (i have been working on the ip rule lookup bit to save this step, lets call that v2)
./GuestWifi.sh wl0.3 vpn 1 #allows wl0.3 to be routed over VPN client 3, for use with selective port routing over VPN N.B. same as example above
Click to expand...

Thank you Jack, much appreciated for this. I will start playing with it the weekend.

Don't apologize and no need to rush, Health and Family have highest priority.
 
Jack Yaz said:
First attempt here: https://pastebin.com/WnEeg41E

Usage notes and further commenting for which bits to edit will follow - tonight was not a good night, most of it spent in the hospital visiting a very poorly relative =[

General usage is:

./GuestWifi.sh wl0.2
./GuestWifi.sh wl0.1 vpnall 1 #redirects all wl0.1 over VPN client 1 N.B. subnet/clients must be added in Policy Routing (i have been working on the ip rule lookup bit to save this step, lets call that v2)
./GuestWifi.sh wl0.3 vpn 1 #allows wl0.3 to be routed over VPN client 3, for use with selective port routing over VPN N.B. same as example above
Click to expand...
Thanks for this Jack Yaz; now I have some homework to do.

Cheers!

Sent from my ONEPLUS A3000 using Tapatalk
 
Alfsu said:
Thanks for this Jack Yaz; now I have some homework to do.

Cheers!

Sent from my ONEPLUS A3000 using Tapatalk
Click to expand...
I'm working on an updated version to include parameters, and comments! At the moment it only does 2.4GHz as my 87U has a frankly weird 5GHz implementation. I'm lead to believe it's just wl1.1, wl1.2 etc.
 
Alfsu said:
Hey Jack, would you please share these scripts? Thanks!

Sent from my ONEPLUS A3000 using Tapatalk
Click to expand...

If you want to try
Code: 
#=========================================================================== © 2016-2018 Martineau, v01.01b (Public Beta)
#
# Configure Guest WiFi with new DHCP subnet and DNS using '/etc/dnsmasq.conf' and optionally allow LAN access to specified IPs
#
# Usage:    GuestSubnet  ['help' | '-h']
#                        {wifi_interface | ssid } | ['del[subnet]'] ['autodnsmasq'] [ 'ssid='name] ['ip='ipaddress[,ipaddress]]
#
#           GuestSubnet  wl0.1
#                        Guest WiFI 2.4GHz interface wl0.1 will have the new DHCP subnet and DNS applied (default)
#           GuestSubnet  wl0.1 del
#                        Guest WiFI 2.4GHz interface wl0.1 firewall rules will be removed but subnet remains.
#           GuestSubnet  wl0.1 delsubnet
#                        Guest WiFI 2.4GHz interface wl0.1 firewall rules will be removed and subnet will be reset to Asus default.
#           GuestSubnet  wl0.2 autodnsmasq
#                        Guest WiFi 2.4GHz interface wl0.2 will have new DHCP and DNS directives inserted into /jffs/configs/dnsmasq.conf.add
#                        if they don't already exist.
#                        NOTE: dnsmasq will be bounced.
#           GuestSubnet  wl1.2 ip=192.168.1.99,192.168.1.100
#                        Guest WiFi 5GHz interface wl1.2 will allow access to LAN devices 192.168.1.99,192.168.1.100
#           GuestSubnet  Guest242
#                        Guest WiFI SSID 'Guest242' (possibly wl0.2?) will have the new DHCP subnet and DNS applied

then let me know and I'll send you the link to the Public Beta.
 
Last edited:
Good catch! The LAN IP was probably a remnant where I was testing this in an Ubuntu VM for fear of disturbing the router. The nvram approach makes a lot more sense.
 
Martineau said:
If you want to try

then let me know and I'll send you the link to the Public Beta.
Click to expand...

I would like to test your public beta Martineau if thats possible.

Thanks
 
Further updates, script now adds subnets to RPDB as required, including a patch for default gateway + Exclusive DNS if the policy routing table is blank in GUI and they are not generated by the firmware for any reason.

Next on to-do: remove RPDB if a guest network is changed from VPN routed to non VPN routed
 
Hi Jack,

I see you're using this, presumably to remove the trailing space if it exists from $IFACELIST.

awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }'

It's a safe approach but is unnecessary as that variable is only used to generate a FOR word-list where whitespace is ignored.

Just sayin':)
 
ColinTaylor said:
Hi Jack,

I see you're using this, presumably to remove the trailing space if it exists from $IFACELIST.

awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }'

It's a safe approach but is unnecessary as that variable is only used to generate a FOR word-list where whitespace is ignored.

Just sayin':)
Click to expand...
I was flipping the order of the list so the iptables -I appeared in interface ascending order...it bugs me otherwise !
 
Martineau said:
If you want to try
Code: 
#=========================================================================== [emoji767] 2016-2018 Martineau, v01.01b (Public Beta)
#
# Configure Guest WiFi with new DHCP subnet and DNS using '/etc/dnsmasq.conf' and optionally allow LAN access to specified IPs
#
# Usage:    GuestSubnet  ['help' | '-h']
#                        {wifi_interface | ssid } | ['del[subnet]'] ['autodnsmasq'] [ 'ssid='name] ['ip='ipaddress[,ipaddress]]
#
#           GuestSubnet  wl0.1
#                        Guest WiFI 2.4GHz interface wl0.1 will have the new DHCP subnet and DNS applied (default)
#           GuestSubnet  wl0.1 del
#                        Guest WiFI 2.4GHz interface wl0.1 firewall rules will be removed but subnet remains.
#           GuestSubnet  wl0.1 delsubnet
#                        Guest WiFI 2.4GHz interface wl0.1 firewall rules will be removed and subnet will be reset to Asus default.
#           GuestSubnet  wl0.2 autodnsmasq
#                        Guest WiFi 2.4GHz interface wl0.2 will have new DHCP and DNS directives inserted into /jffs/configs/dnsmasq.conf.add
#                        if they don't already exist.
#                        NOTE: dnsmasq will be bounced.
#           GuestSubnet  wl1.2 ip=192.168.1.99,192.168.1.100
#                        Guest WiFi 5GHz interface wl1.2 will allow access to LAN devices 192.168.1.99,192.168.1.100
#           GuestSubnet  Guest242
#                        Guest WiFI SSID 'Guest242' (possibly wl0.2?) will have the new DHCP subnet and DNS applied

then let me know and I'll send you the link to the Public Beta.
Click to expand...
Of course I would like to give it a try, thanks!

Sent from my ONEPLUS A3000 using Tapatalk
 
Stupid question. What is the difference between Martineau and Jack Yaz' version? Is Martineau's version more restrictive in term of net access? I need something to keep my visitors from my PCs but not worry to much on they do with the internet access.
 
You must log in or register to reply here.

Similar threads

J
Guest Network Pro and printer
Replies
7
Views
313
bennor
B
R
Disable Intranet access for a LAN port (not the WiFi Guest network)?
Replies
13
Views
492
Tech9
Tech9
S
Philips Hue - LAN Port to be part of YazFi Wireless Guest Network Subnet
Replies
8
Views
1K
RandomUser777
R
G
RT-AC86U VLAN-like modifications to guest network
Replies
19
Views
2K
pjd50
P
T
Troubles with VPN Client + DDNS Setup on GT-BE98
Replies
5
Views
357
Tuntenfisch
T
Similar threads
Thread starter Title Forum Replies Date
N How to allow different VPN clients ping each other? Asuswrt-Merlin 5
A Found a way to make AImesh nodes to have different channels! Asuswrt-Merlin 31
I Guest net / subnet for wired connections? Asuswrt-Merlin 4
J Devices connected through wifi extender are showing up under guest IP subnet Asuswrt-Merlin 3
A Adguard Home and clients of subnet (wireguard tunnel) Asuswrt-Merlin 19
P Using Avahi to cast to a PyChromeCast on another subnet Asuswrt-Merlin 4
M Finding my Correct Network/Subnet Mask Asuswrt-Merlin 10
A Malfunctioning AX86U Pro? WiFi Radio Fail, Trouble Ejecting/Mounting Entware USB Asuswrt-Merlin 3
Z Asus AX88u slow on 2.4ghz wifi on certain devices Asuswrt-Merlin 9
R Disable Intranet access for a LAN port (not the WiFi Guest network)? Asuswrt-Merlin 13

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 778 (members: 13, guests: 765)
Top