YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[Jack Yaz]

Yes, the main network is full speed. For example; on my personal phone (Note 8) when I connect to the main network the phone shows 975Mbps for connection quality. When I connect to the network, it is showing 520Mbps (now), but usually as high as 720Mbps.

I wonder if its something to do with NAT acceleration. Are non YazFi enabled guests full speed? Also, do you use QoS?

What link speed is shown for the YazFi guest on the phone?

 

[L&LD]

I wonder if its something to do with NAT acceleration. Are non YazFi enabled guests full speed? Also, do you use QoS?

What link speed is shown for the YazFi guest on the phone?

I am using FreshJR's QOS v8 and CTF is enabled. I don't have access to the other guest phone, but my phone right now on the YazFi guest network is showing 520Mbps. I can't test a non-YazFi guest network right now. I'll be sure to do it later.

 

[Jack Yaz]

I am using FreshJR's QOS v8 and CTF is enabled. I don't have access to the other guest phone, but my phone right now on the YazFi guest network is showing 520Mbps. I can't test a non-YazFi guest network right now. I'll be sure to do it later.

No worries. It would be useful to see if standard guests are affected and whether turning QoS off makes a difference.

I suspect its because traffic has to pass through the firewall so is subject to the router's CPU speed

EDIT: If the above suggestions don't help, I may be able to improve my usage of ebtables for this, if you're happy to assist testing a development version of the script.

 

[Jack Yaz]

I am using FreshJR's QOS v8 and CTF is enabled. I don't have access to the other guest phone, but my phone right now on the YazFi guest network is showing 520Mbps. I can't test a non-YazFi guest network right now. I'll be sure to do it later.

One last thing - what is your normal upload speed?

 

[L&LD]

No worries. It would be useful to see if standard guests are affected and whether turning QoS off makes a difference.

I suspect its because traffic has to pass through the firewall so is subject to the router's CPU speed

EDIT: If the above suggestions don't help, I may be able to improve my usage of ebtables for this, if you're happy to assist testing a development version of the script.

One last thing - what is your normal upload speed?

Jack Yaz, I would be happy to help where I can with a development version of your script!

The 'new' normal upload speed on my network (have had Gbps ISP a few days now) is around 780Mbps when I have everything dialed in good with DSLReports.com. The fast.com site shows 1.4Gbps upload.

 

[Jack Yaz]

Jack Yaz, I would be happy to help where I can with a development version of your script!

The 'new' normal upload speed on my network (have had Gbps ISP a few days now) is around 780Mbps when I have everything dialed in good with DSLReports.com. The fast.com site shows 1.4Gbps upload.

Did you get a chance to test a non-YazFi network? I did some digging in ebtables last night and other than discover that I can chop 2 rules that never get hit I got no closer to diagnosing the cause

I need me one of those FTTH connections

 

[L&LD]

Did you get a chance to test a non-YazFi network? I did some digging in ebtables last night and other than discover that I can chop 2 rules that never get hit I got no closer to diagnosing the cause

I need me one of those FTTH connections

Yes, I have tested with a non-YazFi guest network with my own phone and the results are all over the place. Unfortunately, the guest device that I had last Sunday there won't be around for a couple of weeks again.

At this point, I would maybe regard this as a glitch on my network unless someone else reports something similar?

Thank you for reaching out again to me. Sorry I didn't post my (non) findings sooner!

 

[Jack Yaz]

Yes, I have tested with a non-YazFi guest network with my own phone and the results are all over the place. Unfortunately, the guest device that I had last Sunday there won't be around for a couple of weeks again.

At this point, I would maybe regard this as a glitch on my network unless someone else reports something similar?

Thank you for reaching out again to me. Sorry I didn't post my (non) findings sooner!

No worries! My gut feeling is its related to NAT Acceleration so if anyone with 100-150mbps+ WAN speed can post speedtest results of YazFi and non YazFi networks that would help support or quash that theory.

If it is that, the next problem is I have no idea where to start on fixing it...

 

[L&LD]

No worries! My gut feeling is its related to NAT Acceleration so if anyone with 100-150mbps+ WAN speed can post speedtest results of YazFi and non YazFi networks that would help support or quash that theory.

If it is that, the next problem is I have no idea where to start on fixing it...

Well, you wouldn't be responsible for the low processing power of everyone's router!

It would be nice to verify this though in the next few weeks or sooner.

If YazFi does throttle guests, you could push that as a feature!

 

[Rob Q]

Sorry for the really n00bish question but what does this thing do anyway? Something to do with guest networks on WiFi? Wondering if I need this script but if I don't use guest networks, then it's not worth it?

 

[L&LD]

What it lets me do is have my main router on the (eg.) 192.168.199.254 subnet, including my trusted wireless devices on the main WiFi network too.

It also lets me have the option to have guest networks on my network (if I don't include them in the YazFi setup).

Most importantly for me though is the ability to have guests on separate subnets (eg.) like 10.100.1.0 for the 5GHz guests and 172.16.100.0 for the 2.4GHz guests and to have them isolated from my main network and from each other.

Even though everyone is now segregated as I want, they all still use and benefit from Diversion, pixelserv-tls, Stubby, Skynet and any other scripts I may have enabled, including FreshJR.

This is a great way to run a home network!

How did safe WiFi happen before Feb 2019?

 

[Jack Yaz]

Sorry for the really n00bish question but what does this thing do anyway? Something to do with guest networks on WiFi? Wondering if I need this script but if I don't use guest networks, then it's not worth it?

Pretty much what L&LD said https://www.snbforums.com/threads/y...inc-ssid-vpn-client.45924/page-31#post-469171

Also if you have VPN clients configured on the router you can create specific networks that will use the VPN

 

[Seamaster]

Hi, I´m planing to install amtm and Stubby.
Then the question is whether I need to uninstall YazFi before installing amtm and then reinstall YazFi via amtm?

 

[Rob Q]

Pretty much what L&LD said https://www.snbforums.com/threads/y...inc-ssid-vpn-client.45924/page-31#post-469171

Also if you have VPN clients configured on the router you can create specific networks that will use the VPN

I don't use VPN or have a guest wifi set up.

 

[amoney]

Thanks for this awesome script. Got it working and confirmed that its going through the VPN.

I was wondering if there is any way i can get the guest networks to use a local dns (pihole) running in a different subnet 192.168.1.*. Router is configured to hand out the pihole address as the dns. My guest networks are in 192.168.[2-3].*.

Before i had to enable intranet access in my guest networks to make them work. But with these scripts i can change their DNS and thus disable intranet access.

Wondering if there is a way to get the best of both worlds .

 

[Jack Yaz]

Hi, I´m planing to install amtm and Stubby.
Then the question is whether I need to uninstall YazFi before installing amtm and then reinstall YazFi via amtm?

There should be no need to reinstall

 

[Jack Yaz]

Thanks for this awesome script. Got it working and confirmed that its going through the VPN.

I was wondering if there is any way i can get the guest networks to use a local dns (pihole) running in a different subnet 192.168.1.*. Router is configured to hand out the pihole address as the dns. My guest networks are in 192.168.[2-3].*.

Before i had to enable intranet access in my guest networks to make them work. But with these scripts i can change their DNS and thus disable intranet access.

Wondering if there is a way to get the best of both worlds .

Set the DNS in the YazFi config for your guest networks to that of the PiHole and watch the magic happen! This will work independently of YazFi's LAN access option so you can leave it set to off and DNS should still work to a LAN server (pinhole firewall rules).

One thing to note is if a network is routed over VPN and the VPN Client is set to Accept DNS Configuration is set to Exclusive, this will likely override YazFi DNS

In any case, the GUI setting for Allow Intranet Access is overruled.

 

[Zonkd]

Hi, I´m planing to install amtm and Stubby.
Then the question is whether I need to uninstall YazFi before installing amtm and then reinstall YazFi via amtm?

Its not necessary to uninstall YazFi before installing AMTM. AMTM is just a menu tool to automatically Install/launch other scripts without you needing to remember the commands. I also don’t think it should be necessary to uninstall and then reinstall YazFi with AMTM. Personally I would have done so simply because it’s easier and faster than asking and waiting for the answer. I do everything through AMTM because it’s so damn reliable, up-to-date and you can be certain it’ll do the job correctly.

 

[amoney]

Set the DNS in the YazFi config for your guest networks to that of the PiHole and watch the magic happen! This will work independently of YazFi's LAN access option so you can leave it set to off and DNS should still work to a LAN server (pinhole firewall rules).

One thing to note is if a network is routed over VPN and the VPN Client is set to Accept DNS Configuration is set to Exclusive, this will likely override YazFi DNS

In any case, the GUI setting for Allow Intranet Access is overruled.

Yup. I should have just tried this before posting lol . Thanks again.

 

[Jack Yaz]

Yup. I should have just tried this before posting lol . Thanks again.

No problem, happy to help!