What's new

YazFi SOLVED : No Internet access for Guest (no VPN used)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

o0larry0o

Occasional Visitor
Hello
I own a single RT-AC86U running on merlin 386.7_2 configured as Router, and I'd like to isolate my IoT device in a subnet.
So I installed YazFi to check it out.

After reading a lot, I can't find a simple solution to my problem, which is that the Two Way Guest is not working, and the guest have no internet.
I don't use AiMesh (also it seem to be activated and I don't know how to disable it)
I don't use a VPN client to redirect the traffic.
I tried Guest 1 and 2, same behaviour.
I tried with the by default DNS provided by YazFI (192.168.2.1), my current DNS (192.168.1.1), and google DNS

My need, I just want the IoT on a different subnet, with local connectivity, and Internet (for now)
I performed my test with my smartphone, and another computer.

Here Is my config:
1698562202817.png


What do I do wrong ?
Thx a lot for your help
 
Last edited:
I tried with the by default DNS provided by YazFI (192.168.2.1), my current DNS (192.168.1.1), and google DNS
What is the router's LAN IP address? 192.168.1.1 or some other IP address?

Which version, main or developer, of YazFi have you installed? If the main version, is it v4.4.3?

Do you have any other add-on script(s) installed?

As a troubleshooting step, access the YazFi CLI (using SSH) and select option 1 to apply the settings. Then see if any issues or errors are indicated as the settings are applied.

Edit to add: If you disable Two-Way to Guest do the YazFi clients regain internet access?

Edit to add:2: If you uninstall YazFi and just run normal Guest Network WiFi, do the Guest Network Wifi clients have internet access?

Have you configured the YazFi clients for manual IP reservations?
 
Last edited:
I use the router for dns on the same subnet, so in your case 192.168.2.1 - forced.
 
What is the router's LAN IP address? 192.168.1.1 or some other IP address?

Which version, main or developer, of YazFi have you installed? If the main version, is it v4.4.3?

Do you have any other add-on script(s) installed?

As a troubleshooting step, access the YazFi CLI (using SSH) and select option 1 to apply the settings. Then see if any issues or errors are indicated as the settings are applied.

Edit to add: If you disable Two-Way to Guest do the YazFi clients regain internet access?

Edit to add:2: If you uninstall YazFi and just run normal Guest Network WiFi, do the Guest Network Wifi clients have internet access?

Have you configured the YazFi clients for manual IP reservations?
Hello Thx for you reply

1 - Yes the routeur LAN IP is the gateway and DNS for all the subnet which is 192.168.1.1

2 - main version v4.4.3

3 - I only have a DDNS script running

4 - No, when I disable Two Way Guest I still don't have internet connexion

5 - YES !! when deinstalling YazFI I Have Internet with basic Guest Access

6 - After reinstalling, still the same, and I forced the config through the CLI

Code:
Choose an option:  1
YazFi v4.4.3 starting up
wl0.1 passed validation
wl0.1 (SSID: ASUS_08_2G_Guest) - sending all interface internet traffic over WAN interface
Forcing YazFi Guest WiFi clients to reauthenticate


I looked a bit at the the YazFI Routing Table, I did not see anything obvious.

Thx a lot
 
Last edited:
Are you using LAN > DNS Director option? If so how is it configured?
Are you using the LAN> Route option on the router to block access to DNS servers?

As a troubleshooting step you could try running the develop branch version of YazFi to see if that fixes what ever is causing your issue.
/jffs/scripts/YazFi develop

Edit to add: Another suggestion if you haven't done so already. When the YazFi WiFi client cannot access the internet, check that client's IP/DNS settings on the device itself to see what it shows. See if it matches the IP subnet range and DNS setting(s) for YazFI.
 
Last edited:
Ahhhh.

By route director do you means DNSfilter ? Or I don't know the option, can you show me what you are refering to ?

Anyway ^^

I had the static route option enabled but no route configured.
Did not think this could cause an issue since I never had any before.
But that was it!! it works now.

And yes the IP of the device was OK i checked.
And I'm writing from the guest network right now ^^

Thx a lot for your help !!!
 
By route director do you means DNSfilter ? Or I don't know the option, can you show me what you are refering to ?
You probably should give serious thought to updating your firmware to the latest version - 386.12.
DNSFilter was renamed DNS Director in January with the 386.9 firmware.
DNS Director:
DNS Director.jpg


Route:
Route.jpg

The Route page should be the same/similar on the AC series of routers.

Good to see you got YazFi working. :)
 
Last edited:
Yes yes .... I was planning to for month, I did it today ^^ all went well, you never know with updates ..

One more question though, If i want to enhance the network security of my IoT subnet, and let's say, block certains communication but not all.
Well my question is, why in the Lan Route page, I cannot select the main gateway of the router ? only devices connected ?

Do I need to tweak this using iptables ?
 
One more question though, If i want to enhance the network security of my IoT subnet, and let's say, block certains communication but not all.
Well my question is, why in the Lan Route page, I cannot select the main gateway of the router ? only devices connected ?
For more on the LAN > Route option, what it is and how to use it, see the following Asus support document:

See the Custom Firewall Rules and scripting on the YazFi GitHub page. It has a brief explanation of how to setup custom firewall rules for YazFi Guest WiFi clients:

One could setup YazFi custom firewall rules to filter or block certain ports or traffic to or from their YazFi WiFi Guest clients. Obviously creating such scripts does take some knowledge or skills learning. Use the forum search feature to find other discussions about using the YazFi custom scripting. There are a number of past discussions on such scripts and what they can be used for.

In my case I use the LAN > Route option to try and block attempts by network clients to access Google's DNS servers. Example of how to do so explained here:

Example:
Route.jpg
 
Last edited:
Ahhh you can just enter en IP address in the gateway field and ignoring the drop down list ..... never tried that aha

Anyway, ... YazFI guest stopped working, my device doesn't have Internet anymore, it has to do with the VPN config.

When I disabled the static route option, I noticed my VPN server was down, it was, if I recall well, trying to apply the configuration, I then restarted the service, and the VPN server went back online, since then I lost internet access for the YazFi guest wifi.

The static route option is still down.

The routing table seems odd
Code:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
8.8.4.4         192.168.2.1     255.255.255.255 UGH   1      0        0 eth1
8.8.8.8         192.168.2.1     255.255.255.255 UGH   1      0        0 eth1
94.140.14.14    192.168.0.1     255.255.255.255 UGH   1      0        0 eth0
94.140.15.15    192.168.0.1     255.255.255.255 UGH   1      0        0 eth0

192.168.0.1 is my main gateway, the ISP router IP
94.140... is the Adblock DNS configured in the Asus.

I have no idea what the google DNS are doing here, since the DNS on the 192.168.2.0 subnet is forced to 192.168.2.1

Althought, Two Way Guest does not work, I cannot ping anything from or to the guest network ....

I'm off on holiday till sunday, so I'll get back at it next week
 
Last edited:
I added a static route from my 192.168.2.0 to my main gateway and it works now.
Why the allow internet option in YazFi GUI does not work ? I was looking at everything but this ....
 
Why the allow internet option in YazFi GUI does not work ? I was looking at everything but this ....
Not sure what your problem is with that option. The YazFi "allow internet access" GUI option works for me. When disabled (set to No) the YazFi guest WiFi client(s) cannot access the internet. When enabled (set to Yes), they do access the internet. Shrugs.
 
Not sure what your problem is with that option. The YazFi "allow internet access" GUI option works for me. When disabled (set to No) the YazFi guest WiFi client(s) cannot access the internet. When enabled (set to Yes), they do access the internet. Shrugs.
IWIK what the default guest network settings are set to...
 
Not sure what your problem is with that option. The YazFi "allow internet access" GUI option works for me. When disabled (set to No) the YazFi guest WiFi client(s) cannot access the internet. When enabled (set to Yes), they do access the internet. Shrugs.
no sure as well,
But this has to do with the VPN server running,
There must a be a conflit with routing somewhere
 
no sure as well,
But this has to do with the VPN server running,
There must a be a conflit with routing somewhere
Maybe there is something with your VPN Server settings that's interfering. Post up those settings so others can see if there is something that might be conflicting.

On a side note, don't recall have any issues with YazFi when experimenting with the OpenVPN and Wireguard Servers (basic default setup/configuration) a while back on a RT-AX86U Pro.
 
Maybe there is something with your VPN Server settings that's interfering. Post up those settings so others can see if there is something that might be conflicting.

On a side note, don't recall have any issues with YazFi when experimenting with the OpenVPN and Wireguard Servers (basic default setup/configuration) a while back on a RT-AX86U Pro.
It's a standard config from the GUI,
I only specified a specific subnet

1699282685910.png


1699282700730.png
 
Ho wait ....

I have dual lan connection in fail over mode, and the fail over network use the 192.168.2.x which is the same as the YazFi one ...
but when the fail over network is not up the subnet does not exist, as far as I can see

But maybe that's why.

I'll have to test that, but not during work hours, or netflix hours ....keep you posted, but I still don't understand the relation with the VPN

I just set another unsed subnet for YazFI, and removed my static route and it works, although the VPN server crashed again, I had to re apply the setting for it to went back online.
Strange

I think there are 2 differents unrelated problems here
 
Last edited:
Check the IP address subnets in YazFi. As a troubleshooting step. Make sure none of them are configure for 192.168.10.0 which is what you have configured in the VPN Subnet/Netmask entry in your screen capture.

Edit to add: Just checked my router's OpenVPN settings and it's VPN Subnet is set to 10.8.0.0 which doesn't conflict with the YazFi clients which use 192.168.x.0.
VPN Server.jpg
 
Last edited:
Well now I don't have any duplicate subnet, the only one was for the Fail Over which is not UP since the main internet WAN connection is UP.

which is 192.168.2.0, and which was also the YazFi guest subnet

1699345081447.png


1699345126781.png


Guess that was the problem
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top