Solved How to direct WiFi Guests to WAN instead of VPN tunnel?

DTS

Regular Contributor
I would like to enable the WiFi Guest Network feature. I'm using Asus Merlin 386.3_2 on an RT-AC86U. All my other traffic goes out via a VPN tunnel (and I'm using the VPN Director feature). Is it possible to direct WiFi Guests to the WAN interface instead of a VPN tunnel?

EDIT: the solution is YazFi
 
Last edited:

DTS

Regular Contributor
After posting this question I found some prior discussions on related topics, particularly this one: http://www.snbforums.com/threads/guest-network-ip.75264/post-719198

I decided to replicate what @eibgrad did using my AC86U. Here's the start:

Guest #1 enabled

Code:
[email protected]:/tmp/home/root# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.1cb72ccb0960       yes             eth1
                                                        eth2
                                                        eth3
                                                        eth4
                                                        eth5
                                                        eth5.0
                                                        eth6
                                                        eth6.0
br1             8000.1cb72ccb0961       yes             eth1.501
                                                        eth2.501
                                                        eth3.501
                                                        eth4.501
                                                        eth5.501
                                                        eth6.501
                                                        wl0.1
[email protected]:/tmp/home/root# ifconfig br1
br1       Link encap:Ethernet  HWaddr <redacted>
          inet addr:192.168.101.1  Bcast:192.168.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:1 overruns:0 frame:0
          TX packets:264 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:60 (60.0 B)  TX bytes:16393 (16.0 KiB)



Guest #2 enabled

Code:
[email protected]:/tmp/home/root# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.1cb72ccb0960       yes             eth1
                                                        eth2
                                                        eth3
                                                        eth4
                                                        eth5
                                                        eth6
[email protected]:/tmp/home/root# ifconfig br1
ifconfig: br1: error fetching interface information: Device not found
[email protected]:/tmp/home/root# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.1cb72ccb0960       yes             eth1
                                                        eth2
                                                        eth3
                                                        eth4
                                                        eth5
                                                        eth6
                                                        wl0.2
And then my router crashed and refused to reboot properly. I have to assume that the Guest Network functionality is not stable. Is that true?

Is it even worth trying to do what I asked about (direct WiFi Guests to the WAN interface instead of a VPN tunnel)?
 

eibgrad

Part of the Furniture
These days, I think most ppl would solve this type of problem using YazFi, which allows you to assign any of the guest networks their own unique IP network (e.g., 192.168.3.0/24), separate from the private network (e.g., 192.168.1.0/24). If you then establish policy rules that only route 192.168.1.0/24 over the VPN, the guest network(s) will be excluded.

That said, I always recommend you stay away from guest #1 since ASUS has messed around with it for the benefit of AiMesh.
 

CaptainSTX

Part of the Furniture
Policy based routing also is a possibility though you would need to assign devices static IPs.
 

DTS

Regular Contributor
Policy based routing also is a possibility though you would need to assign devices static IPs.
Guest devices are outside of my control, and even if I could control them, it would not be practical to manage ever-changing guests that way.

YazFi looks like it will work. Now I just need to find out why my router started crashing when I enabled guest networking...
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top