YazFi YazFi v4.x

[oOMrYairOo]

As Jack indicated have you enabled/turned on at least one of the YazFi guests?

In the YazFi Guest tab, select the Guest Network you are setting up, then select Enabled value Yes, then select the Apply button when finished assigning the values for each of the YazFi Guest Network's you've enabled. Example:

View attachment 34686

If using the YazFi CLI (via SSH), make sure to change the w1x1_ENABLED value from false to true and configure YazFi Guest as needed. Then save the changes. One will then need to apply those changes in the main YazFi CLI menu by selecting Option 1. Example of the configuration using nano:

View attachment 34684

I have on guest wifi, it's not my first setup of any wifi, I work whit the IT team so I know how to setup VLAN's Lan's VPN's Firewallt's etc.

 

[bennor]

I have on guest wifi, it's not my first setup of any wifi, I work whit the IT team so I know how to setup VLAN's Lan's VPN's Firewallt's etc.

Per your prior post of the syslog ("Jun 29 21:20:01 YazFi: No YazFi guests are enabled in the configuration file!") YazFi is indicating that no YazFi guests are enabled. Post a screen shot of the YazFi GUI page for Jack to review and if he can see what if anything is may possibly be wrong with your YazFi configuration. Also if you haven't done so already generate a diagnostics report for Jack. ("Option d" in the YazFi CLI).

 

[oOMrYairOo]

the error message from the syslog suggests it isn't on. can you screenshot the webui for YazFi please?

Hay again Sorry for the delayed replay, here is a screenshot from CLI and UI

as you can see the guest wifi is enabled and also in the cli yazfi config ENABLED=true but when I try to connect to gues wifi I cannot get IP from the subnet that I set 172.18.17.0/24
I'm getting APIPA, also see that in the UI option access intranet in enable and cannot put in disable every time I click on disable after I'm refreshing the UI or reboot the router it comes back to the enabled state,
I think this bug related to the latest firmware when I was running older firmware this addon worked great without a single problem.

As for diagnostic, I need to spin Linux VM to open tag.gc file because the pice of crap windows 10 won't let me extra the YazFi.tar.gc even whit 7 zip.

Router: AX88U
Firmware: 386.2_6

 

[bennor]

Hay again Sorry for the delayed replay, here is a screenshot from CLI and UI

View attachment 34718

Click on the YazFi tab and post that screen which will show the YazFi configuration settings. The screen capture you posted isn't the YazFi Configuration GUI. It is the Asus-Merlin Guest Network GUI. If you do not see a YazFi tab in the Guest Network section that indicates a possible YazFi installation problem.

 

[Jack Yaz]

Hay again Sorry for the delayed replay, here is a screenshot from CLI and UI

View attachment 34718

View attachment 34719

as you can see the guest wifi is enabled and also in the cli yazfi config ENABLED=true but when I try to connect to gues wifi I cannot get IP from the subnet that I set 172.18.17.0/24
I'm getting APIPA, also see that in the UI option access intranet in enable and cannot put in disable every time I click on disable after I'm refreshing the UI or reboot the router it comes back to the enabled state,
I think this bug related to the latest firmware when I was running older firmware this addon worked great without a single problem.

As for diagnostic, I need to spin Linux VM to open tag.gc file because the pice of crap windows 10 won't let me extra the YazFi.tar.gc even whit 7 zip.

Router: AX88U
Firmware: 386.2_6

access intranet enabled is yazfi doing it, that's fine
don't worry about extracting the tar, please send to me (i can send a dropbox upload link) and PM me the passphrase

 

[oOMrYairOo]

access intranet enabled is yazfi doing it, that's fine
don't worry about extracting the tar, please send to me (i can send a dropbox upload link) and PM me the passphrase

Hey again

adding screenshot from yazfi UI page

send me a dropbox upload link I will send you diagnostics from yazfi and the password to the tar file.

 

[Jack Yaz]

Hey again

adding screenshot from yazfi UI page

send me a dropbox upload link I will send you diagnostics from yazfi and the password to the tar file.

View attachment 34723

all the relevant firewall rules etc. seem to be in place, so your device should at least be getting an IP. i can see you're using nextdns, which could be a factor. can you send me a full copy of /etc/dnsmasq.conf please? we'll start from the bottom in getting your device an IP in the subnet we expect

 

[oOMrYairOo]

all the relevant firewall rules etc. seem to be in place, so your device should at least be getting an IP. i can see you're using nextdns, which could be a factor. can you send me a full copy of /etc/dnsmasq.conf please? we'll start from the bottom in getting your device an IP in the subnet we expect

config from dnsmasq,i just removed mac address
for some reason I cannot paste dnsmasq uploaded to your dropbox link.
check you dropbox.

 

[Jack Yaz]

config from dnsmasq,i just removed mac address
for some reason I cannot paste dnsmasq uploaded to your dropbox link.
check you dropbox.

spotted the problem. remove the exit 0 added by nextdns to /jffs/scripts/dnsmasq.postconf
then run

service restart_dnsmasq

 

[Jack Yaz]

spotted the problem. remove the exit 0 added by nextdns to /jffs/scripts/dnsmasq.postconf
then run

service restart_dnsmasq

@Olivier Poitrey https://github.com/nextdns/nextdns/issues/538

 

[bennor]

@Olivier Poitrey https://github.com/nextdns/nextdns/issues/538

Apparently not the first time that issue has been mentioned. From last year.
https://github.com/nextdns/nextdns/issues/115

And mentioned a few times in the NextDNS Installer thread last year.
https://www.snbforums.com/threads/nextdns-installer.61002/page-23
https://www.snbforums.com/threads/nextdns-installer.61002/page-24

 

[bennor]

From the post at the top of page 24 of that NextDNS Installer thread, something to be aware of. The "exit 0" might return upon a restart/reboot of NextDNS:

True, in my opinion. IIRC, it’s feasible to edit dnsmasq.postconf and remove the exit 0 and then restart dnsmasq, but it would return after a nextdns restart/reboot.

 

[Jack Yaz]

Hotfix rolled out, the exit 0 line will be purged when YazFi does its startup/rule application, as well as every 10 minutes as part of the persistence check. If NextDNS and exit 0 are present in /jffs/scripts/dnsmasq.postconf the line will be removed and dnsmasq restarted

 

[oOMrYairOo]

Hotfix rolled out, the exit 0 line will be purged when YazFi does its startup/rule application, as well as every 10 minutes as part of the persistence check. If NextDNS and exit 0 are present in /jffs/scripts/dnsmasq.postconf the line will be removed and dnsmasq restarted

I just applied your hotfix now it's working, my devices on 172.18.17.0/24 getting IP from the subnet, thank you very much!

 

[oOMrYairOo]

I just applied your hotfix now it's working, my devices on 172.18.17.0/24 getting IP from the subnet, thank you very much!

well i was happy to soon after few hours all clients on the guest network stop from getting IP, I removed the addon now all clients on the guest network getting IP from hardcoded subnet 192.168.101.0/24 and cannot access to the main lan which is fine for now, I guess that nextdns and yazfi don't work together till nextdns devs fix this issue, by the way, I notice that even if I put different DNS servers on yazfi let's say 9.9.9.9 and 1.0.0.2 and force DNS all traffic is going thru nextdns and not using different DNS servers that i configure under yazfi.

 

[Jack Yaz]

well i was happy to soon after few hours all clients on the guest network stop from getting IP, I removed the addon now all clients on the guest network getting IP from hardcoded subnet 192.168.101.0/24 and cannot access to the main lan which is fine for now, I guess that nextdns and yazfi don't work together till nextdns devs fix this issue, by the way, I notice that even if I put different DNS servers on yazfi let's say 9.9.9.9 and 1.0.0.2 and force DNS all traffic is going thru nextdns and not using different DNS servers that i configure under yazfi.

what do you mean getting an ip? unless 12hours had passed the clients shouldn't have been trying to renew their DHCP list. it'd be useful for another set of diagnostics when clients get broken again

nextdns is rather invasive and hijacks dnsmasq to ensure your router uses their service.

i'll install nextdns on my spare router and see if i can find a way around it.

 

[bennor]

I guess that nextdns and yazfi don't work together till nextdns devs fix this issue

Based on the NexDNS dev responses in the previous github links posted above yesterday, chances are probably very slim that they will modify their code (that affects dnsmasq.postconf) to allow other scripts to run properly. They've known about this issue since mid 2020.

On a side note, did chuckle at how someone marked Jacks last reply post in his GitHub NextDNS bug post as disruptive.

 

[Jack Yaz]

On a side note, did chuckle at how someone marked Jacks last reply post in his GitHub NextDNS bug post as disruptive.

Not my comment!

 

[bennor]

Not my comment!

Ooops your right, on my browser the way its presented made it look like someone marked your comment as disruptive. Someone still gave your comment a thumb down though.

 

[maxbraketorque]

I know its been stated that its not possible, but it sure would be nice if guest networks on my AP could be isolated from my LAN because my AP is needed to be able to provide full area coverage for my IOT devices and guests.