YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[Jack Yaz]

Easily done.
I have a device that's sometimes getting an address from the main DHCP pool while connected to a guest network, I'm not sure if it's the same issue as @carloskar and @orion44 but happy to test a version with the built-in fix if you'd like.
If I manually disconnect and reconnect it's fine, and on a router reboot it seems to be okay, but if I modify the guest wifi, which I assume restarts the interfaces and some services, then I get an IP address from the main DHCP scope for that client even though it's on guest network 1.

I silently released a version with it in, using the functions you spotted already. You just need to update to 2.3.6!

Maybe I need to look into having blockdhcp kick in on a wireless service restart too, which should fix this issue

 

[preacher65]

I silently released a version with it in, using the functions you spotted already. You just need to update to 2.3.6!

Maybe I need to look into having blockdhcp kick in on a wireless service restart too, which should fix this issue

Ah okay, that makes sense now. I couldn't figure out the purpose of the commands, so before asking here I was testing them to see what changes they made, and trying to look through the code to work out what they do. I assume they create a flag file that triggers the DHCP delay if present?

 

[Jack Yaz]

Ah okay, that makes sense now. I couldn't figure out the purpose of the commands, so before asking here I was testing them to see what changes they made, and trying to look through the code to work out what they do. I assume they create a flag file that triggers the DHCP delay if present?

Could you run the below, and let me know what your device does after you run the below please?

#!/bin/sh
service restart_wireless
sleep 30
/jffs/scripts/YazFi

To answer the your questiob, running blockdhcp creates a file in /jffs/configs/YazFi to tell the script to add some additional parameters to /jffs/configs/dnsmasq.conf.add , namely no-dhcp-interface=XX where XX is br0, and the line is repeated for each interface enabled in YazFi

Once YazFi runs, it creates a file in /tmp to signify YazFi setup is complete. Since /tmp is purged on reboot, this is ideal.

/jffs/scripts/dnsmasq.postconf is created to call a new function in YazFi whenever dnsmasq is restarted. The function checks for the tmp file, and if it exists, the postconf will remove the no-dhcp lines

 

[brambil]

Just installed it, I don't see anymore the client connected to guest wifi in the webui, is it correct?

Other question, anyone already implement a rule on freshjr's QoS enhancement to put Guest at the bottom?

I run RT-AC68U, Merlin 384.7_2, diversion, freshjr QoS and SkyNet firewall.

 

[Jack Yaz]

Just installed it, I don't see anymore the client connected to guest wifi in the webui, is it correct?

That's correct. Networkmap can only show things on the primary LAN subnet. You can see connected guests by running

/jffs/scripts/YazFi status

 

[preacher65]

Could you run the below, and let me know what your device does after you run the below please?

With or without the blockdhcp feature enabled? I'm assuming with, as I already had it turned on, so have tested that way.

The device in question is my work-supplied iPhone, which I removed from the main SSID and added to the guest network. I removed any static leases and custom client settings, and rebooted, to try to ensure the mac address wasn't already known to the router (I'm assuming any existing leases are stored in /tmp but not really sure). The main thing I'm unclear about is the logic controlling how the iPhone reconnects after losing wifi, sometimes it seems to do so immediately, sometimes it takes a while and occasionally it seems to give up and I have to reconnect manually. (I'm more of an Android user normally, so this isn't something I've played with often on the iPhone. I might try with an Android device later.)

I've run the above script several times and it still sometimes gets an IP address from the main pool. I'm wondering if there's something specific to my router config causing this.

Thanks for the explanation on how the blocking works, I've had a look through the script and while a lot of the specific commands are way over my head, I can follow some of the logic.

 

[Jack Yaz]

With or without the blockdhcp feature enabled? I'm assuming with, as I already had it turned on, so have tested that way.

The device in question is my work-supplied iPhone, which I removed from the main SSID and added to the guest network. I removed any static leases and custom client settings, and rebooted, to try to ensure the mac address wasn't already known to the router (I'm assuming any existing leases are stored in /tmp but not really sure). The main thing I'm unclear about is the logic controlling how the iPhone reconnects after losing wifi, sometimes it seems to do so immediately, sometimes it takes a while and occasionally it seems to give up and I have to reconnect manually. (I'm more of an Android user normally, so this isn't something I've played with often on the iPhone. I might try with an Android device later.)

I've run the above script several times and it still sometimes gets an IP address from the main pool. I'm wondering if there's something specific to my router config causing this.

Thanks for the explanation on how the blocking works, I've had a look through the script and while a lot of the specific commands are way over my head, I can follow some of the logic.

After running

service restart_wireless

(but not running YazFi yet!) can you send me the output of the below please?

ebtables -L
ebtables -t broute -L

 

[brambil]

That's correct. Networkmap can only show things on the primary LAN subnet. You can see connected guests by running

/jffs/scripts/YazFi status

Thanks.

I will make a custom page where check them.

 

[FlipIt]

I can confirm it works on the RT-AC88U.
I finally have a guest wi-fi network that doesn't bleed my internal network DNS set-up - great work!

Is there a mailing list or some way of being notified of updates?

 

[Jack Yaz]

I can confirm it works on the RT-AC88U.
I finally have a guest wi-fi network that doesn't bleed my internal network DNS set-up - great work!

Great news I've updated the README and first post

Is there a mailing list or some way of being notified of updates?

I generally announce updates on this thread, so as long as you're watching the thread, you should receive an email

 

[chiphead]

Working fine on RT-AC66U with john's latest.

 

[FlipIt]

I can confirm it works on the RT-AC88U.
I finally have a guest wi-fi network that doesn't bleed my internal network DNS set-up - great work!

I may have been a bit premature I'm afraid.

Whilst both 2.4 and 5GHz seem OK after a reboot, if I leave my Android phone connected to the guest network then after a while (the exact time seems to vary) it will drop the connection and reconnect to my main wi-fi. If I try to reconnect to the guest network it hangs at 'Obtaining IP address'. At that point, if I try connecting from a Windows tablet it ends up with the auto-configured IP address so this looks like a DHCP issue. Disabling and re-enabling the guest network gets it back up and running.

The config I have is:

wl01_ENABLED=true
wl01_IPADDR=192.168.9.0
wl01_DHCPSTART=2
wl01_DHCPEND=10
wl01_DNS1=208.67.222.222
wl01_DNS2=208.67.220.220
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=
wl01_VPNCLIENTNUMBER=
wl01_LANACCESS=false
wl01_CLIENTISOLATION=​

wl11 differs only in the IPADDR

 

[Jack Yaz]

I may have been a bit premature I'm afraid.

Whilst both 2.4 and 5GHz seem OK after a reboot, if I leave my Android phone connected to the guest network then after a while (the exact time seems to vary) it will drop the connection and reconnect to my main wi-fi. If I try to reconnect to the guest network it hangs at 'Obtaining IP address'. At that point, if I try connecting from a Windows tablet it ends up with the auto-configured IP address so this looks like a DHCP issue. Disabling and re-enabling the guest network gets it back up and running.

The config I have is:

wl01_ENABLED=true
wl01_IPADDR=192.168.9.0
wl01_DHCPSTART=2
wl01_DHCPEND=10
wl01_DNS1=208.67.222.222
wl01_DNS2=208.67.220.220
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=
wl01_VPNCLIENTNUMBER=
wl01_LANACCESS=false
wl01_CLIENTISOLATION=​

wl11 differs only in the IPADDR

Next time it fails, can you please send the outputs of

iptables -S
ebtables -L
ebtables -t broute -L
cat /jffs/config/dnsmasq.conf.add

Feel free to redact any public IPs

 

[.TT.]

Hi @Jack Yaz
I updated to latest testversion yesterday 2.3.7 and lost wifi access on all but one device. It was working fine for an hour or so after update.
From what i can tell the only working device was not assigned a static lease. Issue was not corrected by reboot.
I know this is test branch. Just wanted to let you know

Edit: /jffs/scripts/YazFi blockdhcp was active
Devices was on main SSID.

 

[Jack Yaz]

Hi @Jack Yaz
I updated to latest testversion yesterday 2.3.7 and lost wifi access on all but one device. It was working fine for an hour or so after update.
From what i can tell the only working device was not assigned a static lease. Issue was not corrected by reboot.
I know this is test branch. Just wanted to let you know

Edit: /jffs/scripts/YazFi blockdhcp was active
Devices was on main SSID.

Blockdhcp is removed in the test branch currently, it should have removed the additional config created. Could you clarify what you mean by "assigned a static lease" please

 

[.TT.]

Blockdhcp is removed in the test branch currently, it should have removed the additional config created. Could you clarify what you mean by "assigned a static lease" please

Ok, i did not check if it was actually in config. i ran "/jffs/scripts/YazFi blockdhcp" while on 2.3.6 and just wanted to include any info i had
Manually assigned ip under LAN-> DHCP SERVER
Not sure if it is relevant at all.

 

[Jack Yaz]

Ok, i did not check if it was actually in config. i ran "/jffs/scripts/YazFi blockdhcp" while on 2.3.6 and just wanted to include any info i had
Manually assigned ip under LAN-> DHCP SERVER
Not sure if it is relevant at all.

The manual assignment might get in the way for devices on the guest network, but not on the main ssid. Are you able to reproduce the issue? If so, I'll PM you a list of commands I'll check the output of

2.3.7 should undo the changes made by blockdhcp - there was a bug but I thought I had fixed that prior to pushing to testing!

 

[FlipIt]

Next time it fails, can you please send the outputs of

iptables -S
ebtables -L
ebtables -t broute -L
cat /jffs/config/dnsmasq.conf.add

Worked from Wednesday afternoon, all through Thursday but failed at some point overnight last night. My router is currently set to reboot nightly but that would have also happened on Wednesday. I captured the diagnostics, removed and re-enabled the 2.4GHz guest and then ran the diagnostics again. The only difference was in the dnsmasq config which had lost all of the Yazfi entries.

 

[Jack Yaz]

Worked from Wednesday afternoon, all through Thursday but failed at some point overnight last night. My router is currently set to reboot nightly but that would have also happened on Wednesday. I captured the diagnostics, removed and re-enabled the 2.4GHz guest and then ran the diagnostics again. The only difference was in the dnsmasq config which had lost all of the Yazfi entries.

dnsmasq.conf.add lost the YazFi lines, you mean?

At the moment its expected that changing Guest Networks in the GUI will "break" YazFi until it is manually run but the conf file should remain intact

 

[avi68]

Hi, I have a question about routing the wifi guest user to a specific vpn server. So I need to add the vpn provider under the vpn client settings within the router but does that need to be active?
As all I would like to do is just use the vpn provider for the guest wifi users and not for all the connections that go through the router. Is there a special setting I need to activate?

Thanks