Guest Network not working in Firmware 386.2_2

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Mike S

Regular Contributor
Last night I updated my RT-AC68P to ver 386.2_2 (from 384.18). Everything was working fine under the old firmware. After upgrading the router to the new firmware, I did a factory restore and reconfigured everything from scratch.

Everything seems to work except for my Guest network SSIDs. When I use the default setting (Access Intranet = Disable), I can't connect to the internet. If I enable Access Intranet, everything works, but I can also access other devices on my LAN, which I of course don't want.

I am having this problem on both frequencies.
 

bbunge

Part of the Furniture
Everyone keeps reporting the Guest 1 has a bug. I just do not see it on either Asus or Merlin firmware. Most likely you have the clients with a static or reserved IP address which will cause issues! The solution is to let the clients on the guest network obtain an IP address via DHCP. Yes, this may not be what you want so use Guest 2 or 3.
But there is no bug in the firmware. It just works differently!
 

ColinTaylor

Part of the Furniture
Maybe it's only an issue if the LAN IP address range has been changed from the default.
 

Mike S

Regular Contributor
Everyone keeps reporting the Guest 1 has a bug. I just do not see it on either Asus or Merlin firmware. Most likely you have the clients with a static or reserved IP address which will cause issues! The solution is to let the clients on the guest network obtain an IP address via DHCP. Yes, this may not be what you want so use Guest 2 or 3.
But there is no bug in the firmware. It just works differently!
Sorry, but I spent almost an hour today testing this extensively. The problem is 100% repeatable. If you setup a Guest 1 SSID with Access Intranet = Disabled, you can not use the SSID for anything. I tried connecting to the SSID with an iPhone as well as a Windows 10 laptop. If I set Access Intranet = Enabled, everything works (you can access both the interernet, as well as other computers on your LAN). If I Disable Guest 1 and setup Guest 2 with the same SSID, everything works correctly, regardless of the setting of Access Intranet, using the same iPhone and Windows 10 laptop without any changes on the client end.
 

Mike S

Regular Contributor
Maybe it's only an issue if the LAN IP address range has been changed from the default.
That is definitely the case in my tests. My router has the LAN interface set to 192.168.140.1. With that setting, the problem is 100% repeatable. I did not try it with the default LAN IP address.
 

csj97229

New Around Here
I don't see this issue on my RT-AC86U with a custom subnet on the main LAN. Perhaps it is device specific or a bad interaction with some other setting. Have you tried connecting/pinging externally using IP address rather than host names to rule out any DNS issues?
 

bbunge

Part of the Furniture
Sorry, but I spent almost an hour today testing this extensively. The problem is 100% repeatable. If you setup a Guest 1 SSID with Access Intranet = Disabled, you can not use the SSID for anything. I tried connecting to the SSID with an iPhone as well as a Windows 10 laptop. If I set Access Intranet = Enabled, everything works (you can access both the interernet, as well as other computers on your LAN). If I Disable Guest 1 and setup Guest 2 with the same SSID, everything works correctly, regardless of the setting of Access Intranet, using the same iPhone and Windows 10 laptop without any changes on the client end.
I set up a laptop with fresh install of Win 10. Connected to Guest 1 and had no issues. Maybe you should not have changed the default LAN IP address.
Some things just do not like change.
 

Mike S

Regular Contributor
I don't see this issue on my RT-AC86U with a custom subnet on the main LAN. Perhaps it is device specific or a bad interaction with some other setting. Have you tried connecting/pinging externally using IP address rather than host names to rule out any DNS issues?
All my testing is using IP addresses. The only difference is using Guest 1 vs Guest 2, so the problem has nothing to do with interactions with other settings. The bottom line is that on an RT-AC68P running ver 386,2_2 with LAN IP 192.168.140.1 as a stand-alone router, Guest1 does not work with ACCESS INTRANET = DISABLED, while Guest2 works fine. On the same router, with an identical configuration this problem does not exist on ver 384.18.
 

Mike S

Regular Contributor
I set up a laptop with fresh install of Win 10. Connected to Guest 1 and had no issues. Maybe you should not have changed the default LAN IP address.
Some things just do not like change.
I am running 5 sites interconnected with VPNs. Not changing the default LAN address is not an option.
 

nikr

Regular Contributor
Could it be because of DNS server not reachable somehow.Can you check what DNS server client is getting. Also You can you try to pull up a website in chrome with build in DNS to see if its DNS related or really a problem.
 

Jack Yaz

Part of the Furniture
has anyone tried YazFi with the affected network(s)? YazFi's firewalling may work where Aus f/w fails...
 

New2This

Senior Member
When using guest network #1 here and redirected to VPN set to YES, no clients can access the internet, but as soon as I set everything to guest #2 and redirect set to yes again. They are able to access the internet
 

bbunge

Part of the Furniture
So the issue is with using the Guest 1 while connected via OpenVPN Client. I set up an AC86U and VPN connected to an AC66U_B1 remote router. The Guest 1 on the AC86U lost connection when I activated the tunnel. Could not connect to the AC66U_B1 via its IP address which is 192.168.1.1. So, changing the router LAN IP address from the default is not a problem. Using a VPN client is a problem. As the Guest 1 does use a VLAN to facilitate syncing the Guest across AiMesh nodes the answer to success may be in figuring out additional OpenVPN Client settings. Something to ponder on a, hopefully, slow Sunday.
 

Mike S

Regular Contributor
So the issue is with using the Guest 1 while connected via OpenVPN Client. I set up an AC86U and VPN connected to an AC66U_B1 remote router. The Guest 1 on the AC86U lost connection when I activated the tunnel. Could not connect to the AC66U_B1 via its IP address which is 192.168.1.1. So, changing the router LAN IP address from the default is not a problem. Using a VPN client is a problem. As the Guest 1 does use a VLAN to facilitate syncing the Guest across AiMesh nodes the answer to success may be in figuring out additional OpenVPN Client settings. Something to ponder on a, hopefully, slow Sunday.
It does appear that the problem is related to an OpenVPN Client being open on the router. My router LAN address is 192.168.140.1. When I connect to the Guest2 network, my laptop gets a LAN address 192.168.140.xxx assigned, with the DNS server and default router both set to 192.168.140.1. If I connect to the Guest1 network, the laptop is assigned address 192.168.101.xxx with the default router and DNS server being 192.168.101.1.

If I have an OpenVPN Client connected, the Guest1 network does not work. If the OpenVPN Client is disconnected it works. Note: The state of the OpenVPN Client does not change the IP address assigned to the Guest1 connected laptop.
 

bbunge

Part of the Furniture
It does appear that the problem is related to an OpenVPN Client being open on the router. My router LAN address is 192.168.140.1. When I connect to the Guest2 network, my laptop gets a LAN address 192.168.140.xxx assigned, with the DNS server and default router both set to 192.168.140.1. If I connect to the Guest1 network, the laptop is assigned address 192.168.101.xxx with the default router and DNS server being 192.168.101.1.

If I have an OpenVPN Client connected, the Guest1 network does not work. If the OpenVPN Client is disconnected it works. Note: The state of the OpenVPN Client does not change the IP address assigned to the Guest1 connected laptop.
That is what I've seen in my test this morning. I suspected that the VLAN for Guest 1 was the issue but I've discovered that the VLAN for Guest 1 does not kick in until you enable Guest 1 to sync across AiMesh nodes.
The nvram settings show me that interface w10.1 is for the Guest 1 network at 192.168.101.0/24 and 192.168.102.0/24.
When the OpenVPN client kicks in it is blocking access from the Guest gateway (192.168.101.1 and 192.168.102.1) I've tried both TUN and TAP adaptors from the OpenVPN server. Tried to change the OpenVPN DNS settings. No success with either. Have reached the limit of my knowledge, so far, in trouble shooting this issue.
However, it is good to know the current limitations of the product. Still feel it does not warrant being labeled as a bug as most users will not use a VPN client to hide their browsing nor a business use a "home" product for critical business use.
 

Mike S

Regular Contributor
That is what I've seen in my test this morning. I suspected that the VLAN for Guest 1 was the issue but I've discovered that the VLAN for Guest 1 does not kick in until you enable Guest 1 to sync across AiMesh nodes.
The nvram settings show me that interface w10.1 is for the Guest 1 network at 192.168.101.0/24 and 192.168.102.0/24.
When the OpenVPN client kicks in it is blocking access from the Guest gateway (192.168.101.1 and 192.168.102.1) I've tried both TUN and TAP adaptors from the OpenVPN server. Tried to change the OpenVPN DNS settings. No success with either. Have reached the limit of my knowledge, so far, in trouble shooting this issue.
However, it is good to know the current limitations of the product. Still feel it does not warrant being labeled as a bug as most users will not use a VPN client to hide their browsing nor a business use a "home" product for critical business use.
Anything that does not work properly is a bug, regardless of whether or not the situation that causes the malfunction is unusual or not.

The whole attraction of the Asus-Merlin firmware is the enhanced VPN support. That shouldn't be breaking the Guest Network functionality.
 

csj97229

New Around Here
Are you expecting your guest internet traffic to be routed through the VPN or to bypass the VPN and go directly out through the WAN?

If the former, your VPN server could be dropping traffic destined to the different subnet used by Guest #1. Perhaps it needs an additional route/iroute defined.

If the latter, do you have "Force internet traffic through tunnel" enabled or disabled on your VPN client settings? I have it set to "No" so that only traffic going to other VPN subnets gets routed through the VPN. With this configuration everything works fine even for guest #1. If you want your non-guest LAN traffic to use the VPN but the guest LAN to bypass it, then it seems like it would take some custom routing rules to make it work.
 

Morris

Senior Member
That is definitely the case in my tests. My router has the LAN interface set to 192.168.140.1. With that setting, the problem is 100% repeatable. I did not try it with the default LAN IP address.

I have intranet disabled on Guest network 1. Hosts on the network can reach the Internet yet not internal hosts. Working properly for me. My router IP is 192.168.2.1 so not default.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top