Guest network pro

[jsn2233]

I'm looking to get one of these routers and would like to know what are the possibilities with VPN/DNS and guest networks. I currently use YazFi and am able to put multiple guest networks through different wireguard tunnels, is this possible with guest network pro? I understand the firmware for these routers are unable to use YazFi at this time.

Would I be able to use my Pihole on my LAN as DNS for these guest networks in combination with a VPN? I always use Merlin, so would this make things easier or more difficult? Are there any other limitations I should be aware of?

 

[bennor]

@jsn2233, if you haven't done so already, use the forum search feature to search for the many past discussions on the Guest Network Pro feature and how it works. (https://www.snbforums.com/search/1880148/?q=Guest+Network+Pro&o=relevance) YazFi is not supported on the 3006.102.x firmware. There are various past discussions showing how to setup Pi-Hole on Asus routers including how to setup DNS Director on the 3006.102.x firmware to route Guest Network Pro clients to Pi-Hole. For example see this link: https://www.snbforums.com/threads/guest-network-pro-pi-hole.94392/#post-977343

[Guest Network Pro] How to set up VPN Network?

Example of the Guest Network Pro IoT profile VPN tab (from a RT-AX86U Pro) with existing VPN Client configurations (currently using Proton VPN and Nord VPN).

Edit to add: One can use YazDHCP to configure manual IP reservations for Guest Network Pro clients. See the YazDHCP GitHub page for more.

GitHub - AMTM-OSR/YazDHCP: Feature expansion of DHCP assignments using AsusWRT-Merlin's Addons API to read and write DHCP assignments, increasing the limit on the number of reservations.

Feature expansion of DHCP assignments using AsusWRT-Merlin's Addons API to read and write DHCP assignments, increasing the limit on the number of reservations. - AMTM-OSR/YazDHCP

github.com

YazDHCP - YazDHCP v1.2.4 [2025-Nov-21] - Feature expansion of DHCP assignments (increasing limit on the number of DHCP reservations)

Release Notes for YazDHCP v1.0.8 production version now available [2025-May-29] The fork from @Jack Yaz's repository is now hosted on the AMTM-OSR GitHub repo: https://github.com/AMTM-OSR/YazDHCP 1) FIXED: Errors when loading the webGUI page on the 3006.102.x F/W version. 2) FIXED: Some...

www.snbforums.com

For certain YazFi options like one-way or two-way to guest one will likely have to use custom IPtables scripting to accomplish the same/similar under Guest Network Pro. There are a number of past discussions on IPTables and Guest Network Pro that can be found using the forum search feature.

 

[jsn2233]

Ok cool, thanks man. Will do a deeper search next time as kind of did a surface search to see what was possible and didn't see much I understood, so wanted a definitive yes or no.

Good to hear I can do that with DNS director still. So it is possible to still route different guest networks through different VPNs by using something like VPN Fusion or those screenshots you just posted? It's hard for me to understand as I don't have hands on experience yet.

I always hear things are possible and then find the dumbest bugs that stop my use case so just wanted to be sure.

 

[bennor]

So it is possible to still route different guest networks through different VPNs by using something like VPN Fusion or those screenshots you just posted?

Asus Merlin firmware has a VPN Director which is similar to VPN Fusion in the stock Asus firmware. A very quick and dirty test assigning one of my IOT Guest Network Pro profiles to a active VPN Client does appear to route those Guest Network Pro clients through the correct client VPN even though the VPN Director is not configured to route that Guest Network Pro's IP address subnet through a VPN tunnel. Someone who has more experience with Guest Network Pro and VPN will hopefully chime in with their experience. For more on the basics of Guest Network Pro see the following Asus support document, and the various links within it, if you haven't already.

[Guest Network Pro] What is Guest Network Pro? | Official Support | ASUS USA

 

[Some1]

I’d honestly stay away from these routers if VLAN-style segmentation is what you’re after. I spent days trying to get a stable VPN/DNS/guest-network setup working on a BE88U and it was a constant headache. Configuration changes are slow, frequent reboots are required, and things tend to break unexpectedly
Guest Network Pro is more limited than YazFi. You can’t easily route different guest SSIDs through different WireGuard tunnels, and policy-based routing for guest networks is very restricted compared to YazFi.

In the end, I gave up and now use the BE88U as an AP only (which feels like a waste of money) and run OPNsense on a spare PC for proper VLANs, VPNs, and DNS. Much more flexible and stable.
If advanced VLAN + VPN + DNS control is important to you, I’d strongly recommend a dedicated firewall/router instead of relying on these all-in-one units.

 

[Tech9]

Lower cost full VLAN support All-In-One device with advanced routing features is Ubiquiti UDR7. It's a mini UniFi system with Controller, Gateway, Switch and tri-band Wi-Fi 7 Access Point at around $280 price (US Store). Similar to @Some1 OPNsense solution (which is excellent) - it requires above average networking knowledge. There will be learning curve for users coming from home AIO router.

 

[Ripshod]

Don'

I’d honestly stay away from these routers if VLAN-style segmentation is what you’re after. I spent days trying to get a stable VPN/DNS/guest-network setup working on a BE88U and it was a constant headache. Configuration changes are slow, frequent reboots are required, and things tend to break unexpectedly
Guest Network Pro is more limited than YazFi. You can’t easily route different guest SSIDs through different WireGuard tunnels, and policy-based routing for guest networks is very restricted compared to YazFi.

In the end, I gave up and now use the BE88U as an AP only (which feels like a waste of money) and run OPNsense on a spare PC for proper VLANs, VPNs, and DNS. Much more flexible and stable.
If advanced VLAN + VPN + DNS control is important to you, I’d strongly recommend a dedicated firewall/router instead of relying on these all-in-one units.

When I got my RT-BE88U I also had loads of problems setting up guest networks. I was advised on these forums to not use the preset networks, rather start with a custom network and build what I want for that. I believe this is only a problem on this particular router that doesn't affect the others.
Instead of painting the whole range of these routers with the same brush, how about opening a thread and getting solutions to your problems? Yes, the RT-BE88U is a finicky beast, and the RT-BE92U has been a complete let-down, but the rest are actually pretty good with basic settings.

 

[Some1]

I did use custom network instead of guest. Still, not satisfied with the result and instability. Just my two cents.

 

[Tech9]

In my opinion what Jack did with YazFi was excellent user-friendly solution for AIO device. The mix between pro features and user-friendly GUI in current Asuswrt is not working well. It confuses both Pro and non-Pro users. Pro users wonder what ASUS mean, non-Pro users wonder how it works. And all because of limited functionality AiMesh with additional challenges which users encounter later. ASUS had to separate ExpertWiFi products from RT/GT/TUF products. The former with proper VLAN terminology and manual configuration and the latter with user-friendly few clicks presets.

 

[CaptainSTX]

Asus Merlin firmware has a VPN Director which is similar to VPN Fusion in the stock Asus firmware. A very quick and dirty test assigning one of my IOT Guest Network Pro profiles to a active VPN Client does appear to route those Guest Network Pro clients through the correct client VPN even though the VPN Director is not configured to route that Guest Network Pro's IP address subnet through a VPN tunnel. Someone who has more experience with Guest Network Pro and VPN will hopefully chime in with their experience. For more on the basics of Guest Network Pro see the following Asus support document, and the various links within it, if you haven't already.

[Guest Network Pro] What is Guest Network Pro? | Official Support | ASUS USA

I utilize Guest network pro and by assigning a device a static/sticky IP then using the VPN director I can assign any device connecting to either the main IP or any of the three guest network VLANs to either use the WAN or whichever of the three WG VPN clients I have running simultaneously on the router. Other ways to accomplish the same thing by assigning specified IP ranges to a particular VPN tunnel which maybe be simpler but lacks the more granular approach. Guest network pro also allows you to assign LAN ports to a specific VLAN on a port by port basis and then to a specific VPN client based on its assigned IP.