What's new

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi,

What is best practice with the DNS fields in YazFi for guest networks. I'm not using the VPN feature. Do I need to put anything in the DNS Server fields? Attached are my current YazFi settings, and my WAN DNS settings.

Thanks,
Anton
YazFi Settings.jpgWan DNS Settings.jpg
 
Do I need to put anything in the DNS Server fields?
Yes you will typically need to fill in the DNS fields with what ever DNS servers you plan on using depending on the ASUS router's options. That could be the DNS servers used by your broadband provider. That could be public DNS servers like those listed in the following link: https://www.lifewire.com/free-and-public-dns-servers-2626062 Or if one is using their own DNS servers (like Pi-Hole or similar) one would input the IP addresses in the required fields. In some cases, depending on the ASUS router settings, the router may configured for passing DNS requests to the next upstream device rather than use user input DNS server values.

Currently (at least on my ASUS router) one has to fill out both DNS fields for YazFi. One can duplicate one DNS server to both YazFi fields or use two different DNS servers.

You generally need DNS entries as that is how network clients resolve web addresses. For YazFi (in my usage) the script will fail to validate if a DNS server isn't used.
 
Yes you will typically need to fill in the DNS fields with what ever DNS servers you plan on using depending on the ASUS router's options. That could be the DNS servers used by your broadband provider. That could be public DNS servers like those listed in the following link: https://www.lifewire.com/free-and-public-dns-servers-2626062 Or if one is using their own DNS servers (like Pi-Hole or similar) one would input the IP addresses in the required fields. In some cases, depending on the ASUS router settings, the router may configured for passing DNS requests to the next upstream device rather than use user input DNS server values.

Currently (at least on my ASUS router) one has to fill out both DNS fields for YazFi. One can duplicate one DNS server to both YazFi fields or use two different DNS servers.

You generally need DNS entries as that is how network clients resolve web addresses. For YazFi (in my usage) the script will fail to validate if a DNS server isn't used.
Thanks!
 
Hello all,

All i would like to use this excellent script for is to have devices on seperate subnets, like many of you im guessing.
I have a setup that i want to keep using with x3mrouting and the router setup as a vpn client for some devices etc.

My question is, can i just install this and it wont interfear with things like x3mrouting or routingtables etc? Like i said all i want is more subnets.

Thank you!

edit: an example of what i dont want changed/messed up (or i probably am not savvy enough to fix it), im using x3mrouting to direct traffic to amazon/netflix to WAN instead of using the VPN so "VPN-blocks" dont happend.
Looking quickly through a setting called "Redirect all to VPN" in YazFi, im thinking this might interfear with eachother?

edit #2: is it possible to block internet access from just one client in a specific guest wlan with this?
 
Last edited:
Hello all,

All i would like to use this excellent script for is to have devices on seperate subnets, like many of you im guessing.
I have a setup that i want to keep using with x3mrouting and the router setup as a vpn client for some devices etc.

My question is, can i just install this and it wont interfear with things like x3mrouting or routingtables etc? Like i said all i want is more subnets.

Thank you!

edit: an example of what i dont want changed/messed up (or i probably am not savvy enough to fix it), im using x3mrouting to direct traffic to amazon/netflix to WAN instead of using the VPN so "VPN-blocks" dont happend.
Looking quickly through a setting called "Redirect all to VPN" in YazFi, im thinking this might interfear with eachother?

edit #2: is it possible to block internet access from just one client in a specific guest wlan with this?
if you leave redirect to VPN off, x3mrouting should still work.
 
Ok, but then all traffic that isnt amazon/netflix will also go to WAN
ah right. in that case, turn on redirect to VPN. you may need to ensure x3mrouting entries in the policy routing table are higher than YazFi's entry (I'm not sure, its been a while since I worked with the routing priorities)
 
I have switched to Pihole, running Merling on AC66U_B1.
I use cloudflared on Pihole as upstream DNS to get DoH. In Asus LAN DNS I have set the DNS server to the Pihole address.
And I have DNS Filtering enabled for Pihole (set to No Filtering) -> this is the only way to have Pihole working. And everything is working perfectly fine. Except Guest Wifi.
I don't have internet access on Guest wifi for some reason. Installed YazFi, tried to configure, but doesn't work.
I have listen on all interfaces set in Pihole DNS config.
Any ideas how can I make this work? I really need Guest wifi. Thanks!

EDIT: I managed to fix this by setting Wifi Guest DNS to Cloudflare and not Pihole. Now it is working fine. Strange, why can't I set it to use Pihole as DNS?
 
Last edited:
I have switched to Pihole, running Merling on AC66U_B1.
I use cloudflared on Pihole as upstream DNS to get DoH. In Asus LAN DNS I have set the DNS server to the Pihole address.
And I have DNS Filtering enabled for Pihole (set to No Filtering) -> this is the only way to have Pihole working. And everything is working perfectly fine. Except Guest Wifi.
I don't have internet access on Guest wifi for some reason. Installed YazFi, tried to configure, but doesn't work.

I have listen on all interfaces set in Pihole DNS config.

Any ideas how can I make this work? I really need Guest wifi. Thanks!
Please share your settings for YazFi
 
This is the settings now. Can I try to use Pihole DNS (192.168.1.10) instead of CF?
If you have more than one Pi-Hole running don't use Force DNS. When that option is enabled if DNS 1 goes down, devices may not be able to gain internet access even though you are using a second DNS entry in the settings. See the reply to a post I made about that very issue a couple of weeks ago.

If you have only one Pi-Hole, then duplicate its IP to the DNS 2 field, you can leave Force DNS enabled i that instance.

And there is no need for enabling One Way to Guest unless you need it. Pi-Hole will work fine without that feature enabled.
 
I had a strange issue last night, at around 02:10:00 the wan and wifi stopped working, the router was still working fine without wan and wifi until I restarted it and everything went back to normal.
It might not be related to YazFi but that's the last major change I did to my router, any idea what could have caused this or how could I gather more information?
https://pastebin.com/MH4vJdmK
 
@Quietsy, what router are you talking about? What firmware? When did you add/update YazFi on your router? From which version?

Did you try seeing what's in the logs?

 
I had a strange issue last night, at around 02:10:00 the wan and wifi stopped working, the router was still working fine without wan and wifi until I restarted it and everything went back to normal.
It might not be related to YazFi but that's the last major change I did to my router, any idea what could have caused this or how could I gather more information?
https://pastebin.com/MH4vJdmK
NTP tried to update and failed
Code:
Aug  3 02:09:58 ntp: start NTP update 
Aug  3 02:11:03 connmon: Waiting for NTP to sync...
Aug  3 02:12:03 ntp: NTP update failed after 5 attempts
Aug  3 02:14:33 ntp: NTP update failed after 5 attempts
 
I have an N66u running john's LTS 374.43_43E6j9527, installed YafZi a couple of weeks ago.
I wonder if the NTP update failure caused the problem, or did the problem cause the NTP update to fail.
I've changed the NTP server to cloudflare and see if the problem occurs again.

Thanks for the help!
 
Latest beta 1.
My vpn client restarted for some reason, maybe mismatching keys. Not a problem.
Yazfi sent a log message detecting it and that it'll start after 15 seconds. Yazfi didn't start.
I have to manually (re)start it as soon as I noticed.

No logs on that just the YazFi info that it'll restart...
 
Latest beta 1.
My vpn client restarted for some reason, maybe mismatching keys. Not a problem.
Yazfi sent a log message detecting it and that it'll start after 15 seconds. Yazfi didn't start.
I have to manually (re)start it as soon as I noticed.

No logs on that just the YazFi info that it'll restart...
is it reproducable?
 
is it reproducable?
I'm trying (forcing an ip update on my LTE modem, so the vpn client in router goes down).
Vpn client restarts, yazfi issues the 15 seconds sleep message, but then it starts working normally....
Something odd happened I'll keep you updated once or if it happens again
 
I succesfuly create a setup for my 1900p that use YazFi to separate guests network from my family's one. Only guests networks is using the VPN tunnel. Everything is working great except that devices connected to the guests network leak the guests network ip through WebRTC... As I wish to make sure that if one of my guests do something wrong when connected to my network (like downloading copyrighted stuff), it will be a bit more difficult to trace route to my network address, and thus, maybe avoiding further problems; blocking WebRTC is critical to me.

Is there a way to completely tunnel traffic of my guests directly into the router's settings?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top