YazFi YazFi v4.x

[Jack Yaz]

Now I get a 404 error. I used scMerlin to restart httpd, and used a uf update on YazFi again. But still 404. Should I reboot?

try

YazFi startup

 

[iTyPsIDg]

try

YazFi startup

Eureka! Thank you. That worked.

 

[iTyPsIDg]

I have a logistical question now that you helped me resolve the webUI.

If I reserve an IP for a device in LAN -> DHCP Server, should that only apply when I'm on the local network? So, if I switch that device to a guest network should it ignore that reservation? I saw something yesterday where that didn't happen, but I wasn't sure if it was a fluke.

I use 192.168.50.0/24 for local and 192.168.113.0/24 for the guest 3 5GHz network.

 

[bennor]

FYI reminder for those new to using YazFi and want to see the correct YazFi assignments. When using YazFi do not look at the Network Map for the YazFi IP address assignments. Look instead at the System Log > Wireless Log page instead for the correct YazFi IP address assignments. Or one can connect to the router using SSH and see the correct assignments via the YazFi terminal interface, option #2. Or via SSH to the router, one can issue the command: cat /var/lib/misc/dnsmasq.leases

A YazFi client should not use an IP address that was reserved via the LAN DHCP setting. It should be assigned an IP address from the YazFi Guest IP address range pool. If one wants to set an IP address for a YazFi client, it is possible. See the following URL link to an earlier YazFI thread for an example of how to do so.

https://www.snbforums.com/threads/y...inc-ssid-vpn-client.45924/page-32#post-473403

 

[jmorata]

Hello all,
I've using YazFi from months and today it begin to fail.

When I try to attach new client, I see in log:
Apr 11 12:32:58 kernel: D4:F0:57:20:79:20 not mesh client, can't update it's ip

The guest network is configured in 5GHz position 2 as WPA2/WPA3-Personal
The Yazfi config configured this position 2 and disabled all but force dns option enabled

It's very strange, since update to 4.2.0 YazFi was run ok.
I've to uninstall YazFi to recover guest Wifi usage


FW ver 386.2
YazFi 4.2.0

 

[Jack Yaz]

Hello all,
I've using YazFi from months and today it begin to fail.

When I try to attach new client, I see in log:
Apr 11 12:32:58 kernel: D4:F0:57:20:79:20 not mesh client, can't update it's ip

The guest network is configured in 5GHz position 2 as WPA2/WPA3-Personal
The Yazfi config configured this position 2 and disabled all but force dns option enabled

It's very strange, since update to 4.2.0 YazFi was run ok.
I've to uninstall YazFi to recover guest Wifi usage


FW ver 386.2
YazFi 4.2.0

Apr 11 12:32:58 kernel: D4:F0:57:20:79:20 not mesh client, can't update it's ip
is an AiMesh log message and doesn't mean anything is wrong. are you actually seeing problems with the clients, or are you worrying about a log entry?

 

[jmorata]

Apr 11 12:32:58 kernel: D4:F0:57:20:79:20 not mesh client, can't update it's ip
is an AiMesh log message and doesn't mean anything is wrong. are you actually seeing problems with the clients, or are you worrying about a log entry?

Sorry, I attach an example with client 14:0A:C5:6C:26:BF
I don't have any mesh devices.
When device connects to router, "no internet" error show up.

 

[Jack Yaz]

Sorry, I attach an example with client 14:0A:C5:6C:26:BF
I don't have any mesh devices.
When device connects to router, "no internet" error show up.

those log messages appear for me and other users even without AiMesh. asus have made logs very noisy lately.

re. internet not working, can you try a "ping" on the device to both an IP on the internet and a domain, e.g. ping 8.8.8.8 and ping google.com ?

 

[jmorata]

those log messages appear for me and other users even without AiMesh. asus have made logs very noisy lately.

re. internet not working, can you try a "ping" on the device to both an IP on the internet and a domain, e.g. ping 8.8.8.8 and ping google.com ?

Fixed, dns pool was the problem, force dns address had an unreachable ip for this (.6.x) subnet.
Thank you

 

[Jack Yaz]

Fixed, dns pool was the problem, force dns address had an unreachable ip for this (.6.x) subnet.
Thank you

dnsmasq should have been listening on the interface (e.g. wl0.2), and relevant firewall rules added. are you using dnsmasq or are you using Unbound with dnsmasq disabled?

 

[GarySargent]

I can see this has been asked a few times before, but is there any hope of YazFi working in Access Point mode? Aimesh now supports the first guest network being available on all nodes, so Asus must have enabled the right services to allow this to happen.

Can YazFi not enable services is needs like the firewall if the router is in access point mode, and it just makes sure the configuration of the firewall only applies to the guest wifi interface?

 

[Jack Yaz]

I can see this has been asked a few times before, but is there any hope of YazFi working in Access Point mode? Aimesh now supports the first guest network being available on all nodes, so Asus must have enabled the right services to allow this to happen.

Can YazFi not enable services is needs like the firewall if the router is in access point mode, and it just makes sure the configuration of the firewall only applies to the guest wifi interface?

The problem is the main router needs to be aware of the network(s) provided by the ap. If everything on the AP is considered "guest", then the implementation is simpler. If you have multiple ssids and wired devices on the ap and you want them treated separately, you start getting into vlans and support for those on the hnd routers is a bit spotty at the moment

 

[GarySargent]

I have an Asus in router mode, and two more in access point mode that essentially extend the WiFi out. Aimesh was buggy, and this way I can use multiple channels.

What I can't do is extend the guest network out, unless I allow it to have intranet access.

Could there be an option in YazFi to specify a vlan when creating the guest network. You'd then need to make sure that each access point uses the same vlan as the router. Suspect I'm massively simplifying things

 

[Jack Yaz]

I have an Asus in router mode, and two more in access point mode that essentially extend the WiFi out. Aimesh was buggy, and this way I can use multiple channels.

What I can't do is extend the guest network out, unless I allow it to have intranet access.

Could there be an option in YazFi to specify a vlan when creating the guest network. You'd then need to make sure that each access point uses the same vlan as the router. Suspect I'm massively simplifying things

It's the "use a vlan" part that's fiddly

 

[slidermike]

I have an Asus in router mode, and two more in access point mode that essentially extend the WiFi out. Aimesh was buggy, and this way I can use multiple channels.

What I can't do is extend the guest network out, unless I allow it to have intranet access.

Could there be an option in YazFi to specify a vlan when creating the guest network. You'd then need to make sure that each access point uses the same vlan as the router. Suspect I'm massively simplifying things

vlan support is no bueno in Asus firmware.
If you need vlans you would have to take a look at tomato or perhaps ddwrt (not sure about the latter).
At best, vlan configuration has been a dark art in Asus routers in the past. Not saying it can't be done but no one here is offering a solution for vlans that I am aware of sir.
Good luck!

ASUS Global

Driven by innovation & committed to quality, ASUS has a wide selection of best in class products. Find & buy a laptop, phone, router, monitor, motherboard & more

www.asus.com

 

[GarySargent]

So how does Aimesh manage to extend the guest network out and still keep it isolated? Do we know how that works technically?

 

[Jack Yaz]

So how does Aimesh manage to extend the guest network out and still keep it isolated? Do we know how that works technically?

vlans. but if you search the forums for "problems with guest network 1 on aimesh", you'll have your answer why I haven't attempted vlans yet

 

[Willing to...]

Hi, I started using Yazfi since my router blocks a lot of stuff and my children complain that they beloved sites are mostly broken so after reading some 30-40 pages of old tread I installed Yazfi and I need some clarifications even after hours of reading just to be sure.
Router is RT-86U and I run diversion with pixelserv, skynet and encrypted DNS.
I set up Yazfi with - Force DNS and just entered in both fields 9.9.9.9 (found that both fields need to be filled in).
I want to bypass as much as possible any filtering by router especially encrypted DNS since I use a lot of wildcharacters blocking so my questions are:

1- With Forced DNS in Yazfi I'm bypassing encrypted DNS but Diversion with pixelserv and skynet are still filtering traffic?
2 - Is there anyway to baypass diversion with pixelserv?
3 - Do I need to make some changes in GUI of Yazfi ( choose Forced DNS and client isolation) and/or maybe in LAN DNS setting (there I have Enable DNS-based filtering set as Router - this means if I'm correct that all traffic reaching router are forced through router DNS and not mobile phones or laptop DNS?
4 - Not related to Yazfi but very easy question just to be sure that I understand things correctly - I can use Diversion for traffic filtering but without pixelserv it will filter only http and not https traffic?
5 - If I don't install pixelserv ca.cert on some mobile phones, laptops etc they will get only http filtered traffic but not https from Diversion, but encrypted DNS will still be forced on those devices?

Thanks

 

[bennor]

1- With Forced DNS in Yazfi I'm bypassing encrypted DNS but Diversion with pixelserv and skynet are still filtering traffic?
2 - Is there anyway to baypass diversion with pixelserv?
3 - Do I need to make some changes in GUI of Yazfi ( choose Forced DNS and client isolation) and/or maybe in LAN DNS setting (there I have Enable DNS-based filtering set as Router - this means if I'm correct that all traffic reaching router are forced through router DNS and not mobile phones or laptop DNS?
4 - Not related to Yazfi but very easy question just to be sure that I understand things correctly - I can use Diversion for traffic filtering but without pixelserv it will filter only http and not https traffic?
5 - If I don't install pixelserv ca.cert on some mobile phones, laptops etc they will get only http filtered traffic but not https from Diversion, but encrypted DNS will still be forced on those devices?

Thanks

You may want to check, if you haven't done so already, with those specific applications (Diversion, Pixelserv and Skyne) to see if they can be configured to exclude specific clients. For example with Diversion: https://diversion.ch/faq-reader/how-to-exclude-a-client-from-ad-blocking.html

On Question 2, 4 and 5 since those really do have anything to do with YazFi, you should see the various Diversion and Pixelserv topics for those answers.

 

[Willing to...]

You may want to check, if you haven't done so already, with those specific applications (Diversion, Pixelserv and Skyne) to see if they can be configured to exclude specific clients. For example with Diversion: https://diversion.ch/faq-reader/how-to-exclude-a-client-from-ad-blocking.html

On Question 2, 4 and 5 since those really do have anything to do with YazFi, you should see the various Diversion and Pixelserv topics for those answers.

Thanks for suggestion but that solution will not allow my other clients to use encrypted dns since router is not selected as default filter - at least that is how I understand configuration.
Question No.2 - it is connected to Yazfi since Yaz said that Yazfi will automatically pick up pixelserv filtering - so what needs to be done to avoid that if that is possible, probably not?
Question No.3 - it is connected to Yazfi since it is setting in Yazfi, I'm asking (not native speaker so...) what is exactly consequences of using FORCE option, does this mean that "Enable DNS-based filtering set as Router" will be bypassed by Yazfi.
Questions 4 & 5 OK they are not related but should be easy to answer since it is not some twisted setup, but OK - I tried to avoid too many questions on the forum.