Asus Merlin: Guest Network with VPN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Stef09

New Around Here
Hello everyone, I really appreciate all the information that is on SNB and appreciate all the work.
I am relatively new to this, and I have been struggling on it for a couple of weeks, maybe someone might be able to help. Apologies if this has been asked before.
I have installed Merlin, Entware, installed and set up YazFi, Set up the VPN and it works correctly. It has taken me a long time and lots of trials and errors but have found that these have not fully helped me.
I'm trying to set up "2" networks:
- 2.4 and 5Ghz Wifi that is connected normally
- 2.4 and 5Ghz Guest Wifi that is connected through VPN

I tried using YazFi and managed to set it up. When I activate the VPN, both the normal Wifi and the guest Wifi connect through the VPN. Similarly if the VPN is not enabled, then neither network is. However I only want the Guest Wifi to have the VPN while the normal Wifi to not be connected through the VPN.

I have looked into the Github wiki (https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN) and the script is a bit too hard for me. I wouldn't know which lines to change or if the optional settings need to be included.

I have looked into this post `https://www.snbforums.com/threads/2...-ssid-how-to-route-traffic.41222/#post-349086` but I'm not sure it is still valid.

These are the settings I currently have, is there anything wrong here?
 

Attachments

  • VPN1.png
    VPN1.png
    422 KB · Views: 251
  • VPN2.jpeg
    VPN2.jpeg
    68.9 KB · Views: 268
  • YAZFI.jpeg
    YAZFI.jpeg
    39.7 KB · Views: 260

SomeWhereOverTheRainBow

Very Senior Member
Hello everyone, I really appreciate all the information that is on SNB and appreciate all the work.
I am relatively new to this, and I have been struggling on it for a couple of weeks, maybe someone might be able to help. Apologies if this has been asked before.
I have installed Merlin, Entware, installed and set up YazFi, Set up the VPN and it works correctly. It has taken me a long time and lots of trials and errors but have found that these have not fully helped me.
I'm trying to set up "2" networks:
- 2.4 and 5Ghz Wifi that is connected normally
- 2.4 and 5Ghz Guest Wifi that is connected through VPN

I tried using YazFi and managed to set it up. When I activate the VPN, both the normal Wifi and the guest Wifi connect through the VPN. Similarly if the VPN is not enabled, then neither network is. However I only want the Guest Wifi to have the VPN while the normal Wifi to not be connected through the VPN.

I have looked into the Github wiki (https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN) and the script is a bit too hard for me. I wouldn't know which lines to change or if the optional settings need to be included.

I have looked into this post `https://www.snbforums.com/threads/2...-ssid-how-to-route-traffic.41222/#post-349086` but I'm not sure it is still valid.

These are the settings I currently have, is there anything wrong here?
What version of firmware are you on?
 

SomeWhereOverTheRainBow

Very Senior Member
Hello everyone, I really appreciate all the information that is on SNB and appreciate all the work.
I am relatively new to this, and I have been struggling on it for a couple of weeks, maybe someone might be able to help. Apologies if this has been asked before.
I have installed Merlin, Entware, installed and set up YazFi, Set up the VPN and it works correctly. It has taken me a long time and lots of trials and errors but have found that these have not fully helped me.
I'm trying to set up "2" networks:
- 2.4 and 5Ghz Wifi that is connected normally
- 2.4 and 5Ghz Guest Wifi that is connected through VPN

I tried using YazFi and managed to set it up. When I activate the VPN, both the normal Wifi and the guest Wifi connect through the VPN. Similarly if the VPN is not enabled, then neither network is. However I only want the Guest Wifi to have the VPN while the normal Wifi to not be connected through the VPN.

I have looked into the Github wiki (https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN) and the script is a bit too hard for me. I wouldn't know which lines to change or if the optional settings need to be included.

I have looked into this post `https://www.snbforums.com/threads/2...-ssid-how-to-route-traffic.41222/#post-349086` but I'm not sure it is still valid.

These are the settings I currently have, is there anything wrong here?
you have to be running merlin on a firmware that supports policy based routing.
upload_2020-5-25_23-6-13.png

You need to change your policy rules to strict and then reapply the guest wifi settings.

otherwise you need to look at this guide that shows the manual method of policy routing.
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing-(manual-method)
 

SomeWhereOverTheRainBow

Very Senior Member
Hello everyone, I really appreciate all the information that is on SNB and appreciate all the work.
I am relatively new to this, and I have been struggling on it for a couple of weeks, maybe someone might be able to help. Apologies if this has been asked before.
I have installed Merlin, Entware, installed and set up YazFi, Set up the VPN and it works correctly. It has taken me a long time and lots of trials and errors but have found that these have not fully helped me.
I'm trying to set up "2" networks:
- 2.4 and 5Ghz Wifi that is connected normally
- 2.4 and 5Ghz Guest Wifi that is connected through VPN

I tried using YazFi and managed to set it up. When I activate the VPN, both the normal Wifi and the guest Wifi connect through the VPN. Similarly if the VPN is not enabled, then neither network is. However I only want the Guest Wifi to have the VPN while the normal Wifi to not be connected through the VPN.

I have looked into the Github wiki (https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN) and the script is a bit too hard for me. I wouldn't know which lines to change or if the optional settings need to be included.

I have looked into this post `https://www.snbforums.com/threads/2...-ssid-how-to-route-traffic.41222/#post-349086` but I'm not sure it is still valid.

These are the settings I currently have, is there anything wrong here?
Guest network should look like this when you hit apply.

upload_2020-5-25_23-14-33.png

redirect all to VPN option is strictly for that guest network.
 

Stef09

New Around Here
you have to be running merlin on a firmware that supports policy based routing.
View attachment 23717
You need to change your policy rules to strict and then reapply the guest wifi settings.

otherwise you need to look at this guide that shows the manual method of policy routing.
https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing-(manual-method)


Guest network should look like this when you hit apply.

View attachment 23718
redirect all to VPN option is strictly for that guest network.

Your settings are in fact correct. I have applied them and the guest network works perfectly.
(Firmware Version: 384.13_8 for an RT-AC87R)
Thank you @SomeWhereOverTheRainBow.

N.B.: For those who are having a hard time understanding how to install YazFi and Entware, this guide has been very useful.
https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/
To connect you don't necessarily need PuTTY. Simply type into your Terminal: `ssh [email protected]`. Might seem trivial, but it was useful since I don't have Windows or Linux.
 

SomeWhereOverTheRainBow

Very Senior Member
Your settings are in fact correct. I have applied them and the guest network works perfectly.
(Firmware Version: 384.13_8 for an RT-AC87R)
Thank you @SomeWhereOverTheRainBow.

N.B.: For those who are having a hard time understanding how to install YazFi and Entware, this guide has been very useful.
https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/
To connect you don't necessarily need PuTTY. Simply type into your Terminal: `ssh [email protected]`. Might seem trivial, but it was useful since I don't have Windows or Linux.
@Stef09
Sure thing. If anything else comes up and you need more help feel free to ask me, the forum, the Yazfi thread specializes in Yazfi Guest Networking @ https://www.snbforums.com/threads/y...-merlin-guest-wifi-inc-ssid-vpn-client.45924/ by @Jack Yaz , or you can even check out x3mrouting for more VPN policy routing ideas @ https://www.snbforums.com/threads/x3mrouting-selective-routing-for-asuswrt-merlin-firmware.57793/ by @Xentrk
 

Network_noob2021

New Around Here
If I was to do the same and set up a guest network with VPN would it only be that frequency that the VPN is on?
With the 5 ghz and Ethernet connections stay on the none VPN connection?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top