What's new

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

-With a browser open on the (wired) TV (LG, Web OS), I click a link on Favorites and nothing happens.
-With my iPhone 7(wireless of course), I open Navigator, which tries to open the last visited URL and the progress bar at the top of the browser halts at around 1/5th of the way.
-With my Windows computer(wired):
--------- Pinging yahoo.com and google.com results on requests timed out.
--------- With Firefox open, clicking on google link: Hmm. We’re having trouble finding
that site.
---------With Firefox open, clicking on youtube link:
The connection has timed out
The server at www.youtube.com is taking too long to respond.


Not sure 100% how to test if DNS is working (please forgive my ignorance). When pinging google, the ping command knows the ip address to ping. Also, "nslookup google.com" returns IPV4 and IPV6 addresses, so I think DNS is fully working or at least to some extent. Please advise if there is a better test for DNS functionality.

Haven't shared an image in a forum in a long time, let's see if this works:
VPN.png

https://www.dropbox.com/s/frzm3fn2j65pskv/VPN.png?dl=0
You need to add policy rules for your LAN clients
 
You need to add policy rules for your LAN clients
I did, but because they were not working as I mentioned above I have to remove them so they do not try to use the VPN. At the moment the snapshot was taken there was no clients added but at some point I added the ip address of the TV, iPhone 7 and my Desktop with their respective Description as well as the Destination IP (0.0.0.0)
 
It turns out the problem was me (Why I am not surprised?). I assumed the VPN client was working because it was working with the RT-AC68R. With the new RT-AC86U, the VPN client screen reported the client as connected but something was not right obviously. I follow the link given by agilani here:https://www.snbforums.com/threads/rt-ac86u-private-internet-access-merlin-ovpn-file.46936/ and after that all is working fine.

What throw me off was that clients connected thru YazFi were working ok but everything else was not. Kudos to YazFi ;).

Sorry for the trouble and thanks for the help.
 
The decrypt is not working for me on Ubuntu 18.04 I get:

% openssl aes-256-cbc -d -in YazFi.tar.gz.enc -out YazFi.tar.gz
enter aes-256-cbc decryption password:
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
bad decrypt
 
Is it possible to for 2-guest and 5-guest to be on the same subnet?
put it another way.. wl0.1 and wl1.1 to give out DHCP address in the range of 192.168.214.x
 
Is it possible to for 2-guest and 5-guest to be on the same subnet?
put it another way.. wl0.1 and wl1.1 to give out DHCP address in the range of 192.168.214.x
I don't know if this will work but in YazFi.config try:

Code:
wl01_IPADDR=192.168.214.0/25

wl11_IPADDR=192.168.214.128/25
 
Is it possible to for 2-guest and 5-guest to be on the same subnet?
put it another way.. wl0.1 and wl1.1 to give out DHCP address in the range of 192.168.214.x
Not at this time. Martin's suggestion won't work since things are currently hardcoded to a /24
 
Hi! I have an RT-AC66R, it's currently running the latest merlin firmware I can find, which appears to be 374.43_39E3j9527. I tried installing the script, but I get the following result:


admin@RT-AC66R-8C88:/jffs/scripts# ./YazFi install
YazFi: Welcome to YazFi v3.2.2, a script by JackYaz

YazFi: Checking your router meets the requirements for YazFi

YazFi: Router does not support xt_comment module for iptables. Is a newer firmware available?

YazFi: John's fork detected - service-event requires 374.43_32D6j9527 or later

YazFi: Please update to benefit from YazFi detecting wireless restarts

YazFi: Requirements for YazFi not met, please see above for the reason(s)

Press enter to continue...


Is there any way I can add the xt_comment module in order to install this script? As far as I can see, the official "Asuswrt-Merlin 384.5" firmware branch isn't supported on the RT-AC66.
Thanks!
 
I've been reading through almost the whole thread but I couldn't find a solution... I'm wondering whether there's a way to bridge two of the guest networks. The reasoning behind this is that I have two guest networks, one on 2.4 and one on 5, and I'd like devices on those networks to be able to talk to each other, while being isolated from the main network.
Add this scripts to your /jffs/scripts/firewall-start.

Code:
#!/bin/sh

#Allow packets between guest wireless clients
ebtables -t filter -I FORWARD -i wl1.1 -o wl1.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl0.1 -o wl0.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl0.1 -o wl1.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl1.1 -o wl0.1 -j ACCEPT
 
Jack thanks for sharing your code!!!
I have been struggling for several days with Vlans in AP mode and finally decided to give it a shot to your script. Worked excellent !! I do have Guest wifi isolation with subnet segregation but still have one more thing to address...

Heres my topology

ISP modem -----Router A ----Router B (running your script)

Router A serves internal subnets x.x.1.0/24 and Router B x.x.2.0 for Internal devices (both wired and wireless) and x.x.3.0 & x.x.4.0 for guest wifi. Note that to avoid doble nat I disabled NAT in router B since that is done by router A

Isolation within Router B subnets works perfect and any device connected to x.x.3.0/24 or x.x.4.0/24 can not reach devices in x.x.2.0 but once the packets are out of the WAN port of Router B they are able to reach whatever is connected in router A not just internet. Makes sense since for Router B whatever beyond the wan port should be Internet and free for access

I guess adding iptables rules I should be able to make all packets from subnet x.x.3.0 & x.x.4.0 not destined to the RouterA "gateway" be dropped by Router B but so far had no success. Any suggestion will be appreciated.

Eventually I can do some firewall filtering in Router A but prefer to have the filters in Router B to avoid any traffic not destined to internet to be dropped there and not further in the chain.
Thanks!
 
Will YazFi allow specific devices on the guest network to access the LAN?
In my case, I have one device I'd like to access the LAN.
 
Will YazFi allow specific devices on the guest network to access the LAN?
Yes. There is a setting called "wl01_LANACCESS" that when set to True will/should allow guests on a specific guest network to have LAN access. See post #2 where the YazFi settings are explained. Setup one of the guest WiFi subnets with LAN access and configure the one specific device to access that specific guest WiFi subnet.
 
Add this scripts to your /jffs/scripts/firewall-start.

Code:
#!/bin/sh

#Allow packets between guest wireless clients
ebtables -t filter -I FORWARD -i wl1.1 -o wl1.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl0.1 -o wl0.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl0.1 -o wl1.1 -j ACCEPT
ebtables -t filter -I FORWARD -i wl1.1 -o wl0.1 -j ACCEPT

Thank you very much JGN0123! It works well for me.
 
You need to add policy rules for your LAN clients
Noob question, can you please explain benefits of the script over standard guest network in Merlin software?

I have limited DHCP number for family only and created guest network but what does this script do?
 
Noob question, can you please explain benefits of the script over standard guest network in Merlin software?

I have limited DHCP number for family only and created guest network but what does this script do?

See the first post in this thread. :)
 
I've been following this thread for awhile now and am getting ready to dip my toes in. But first I have a couple of questions...

1) Currently, I'm using 2 RT-AC68U's running the latest 'E' version of John's fork (39E3). One is set up as a router only (Wi-Fi is disabled) and the other is an Access Point. Since this method disables all Guest Wi-Fi isolation, would I be able to restore the ability to isolate Guest Networks with this script?

2) If the answer above is Yes, where would I set up and install the script? On the Router or Access Point?
 
You need to add policy rules for your LAN clients

If I have all of my LAN clients set to "Router" under DNSFilter, and I have NordVPN running as a VPN Client on my 86U, is YazFI even necessary? Can someone help me see the need for YazFI?


thanks.
 
If I have all of my LAN clients set to "Router" under DNSFilter, and I have NordVPN running as a VPN Client on my 86U, is YazFI even necessary? Can someone help me see the need for YazFI?


thanks.
YazFi is for extending the possibilities of guest networks, with customised isolation/access to LAN resources
 
I've been following this thread for awhile now and am getting ready to dip my toes in. But first I have a couple of questions...

1) Currently, I'm using 2 RT-AC68U's running the latest 'E' version of John's fork (39E3). One is set up as a router only (Wi-Fi is disabled) and the other is an Access Point. Since this method disables all Guest Wi-Fi isolation, would I be able to restore the ability to isolate Guest Networks with this script?

2) If the answer above is Yes, where would I set up and install the script? On the Router or Access Point?
YazFi requires router mode - AP mode is not supported
 
Hi there, I'm currently using AMTM to install Diversion/PixelServ, Skynet and DNSCrypt, Diversion requires pixelserv to use an IP address that YazFi defaulted my guest network to.

Should my YazFi wl01_IPADDR IP address be my default system IP or a new/separate one?

And whilst I'm asking, are there any other settings I should be aware of with my above configuration?

Cheers.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top