Menu
What's new
By:
Filters Better Search

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

All sorted! Turned out to be a VPN Client routing conflict when using 2 clients both on TCP 443 (NordVPN). Got bitten by this myself in the past! Switching one of the clients to UDP and all is now behaving as expected, with LAN going out on one VPN client and YazFi pushing an SSID over the other. I'm pleased to announce that thanks to @Brenneke and their patient testing, we can confirm the script works with the AC68U!
 
Updated script to rev 1.2.2 in 86U, will test and report back in a couple of days.

Thank you @Jack Yaz
 
Been running this script on ac88u since a week now without any problems. Just updated to the latest version and will report back if any issues are faced.

Cheers !
 
Rock solid on my RT-AC68U also.
This is the perfect solution to get two VPN clients running separately and simultaneously on home network.
Thanks again!
 
YazFi 1.2.2 has been up for about 72 hours in my 86U without a blip!.. one guest wifi routed to a vpn client and another routed to wan... excellent code.
 
In 384.5 we're getting a new service-event script (https://www.snbforums.com/threads/beta-384-ng-asuswrt-merlin-384-5-beta-is-now-available.46352/)
  • Added a new service-event script, executed before any service call (for example, restart_wireless). Note that this script will block the execution of the event until it returns, so be careful with it.
Would it be useful for YazFi to hook onto any restart_wireless events? Personally I see no reason not to, but wanted user opinions first!
 
Jack Yaz said:
Would it be useful for YazFi to hook onto any restart_wireless events? Personally I see no reason not to, but wanted user opinions first!
Click to expand...
I think if your script runs before, or in parallel with, a restart_wireless I'd be concerned about the script referencing (iptables/ebtables) interfaces that were in the process of being deleted/created. (I don't know whether that actually happens, but that's what I'd check first).
 
@Jack Yaz

Using the latest version. All appears to be working just fine. Nice Job!

Router:
RT-AC5300

Merlin:
385.b1

Caveat:
No support for the 2nd 5G radio. I don't think, that I need it. But just throwing it out there. I’ll likely only run 1 - 5G radio for VPN access. So no concerns for me.

Issues :
Upon restart, I had to manually run YazFi. Easy enough for me to add it to the wan-start script. Should this happen ? Should I have to add it myself ? Though this could be a user error, config issue. I forgot to tick start VPN at startup. I will have to wait for a bit to test again, or the wife and kids will string me up. I will post back once they go to bed.

Notes:
Needed to reboot router after setup with VPN config to get Internet traffic on VPN with YazFi enabled.
All guest WiFi received LAN IP's and not YazFi set IP's after reboot. (See question/statement above about startup issue) Once YazFi was manually started, I was able to refresh the IP and obtain the correct one for the specific WiFi ensuring proper routing.

Observations: GUEST WiFi
2.4 radio 1, SSID1, IP x.x.1.1 - confirmed working.
2,4 radio 2, SSID2, IP x.x.2.1 - confirmed working.
2.4 radio 3 SSID3, IP x.x.3.1 - disabled and not confirmed working. No reason to think an issue is present.
5g radio 1, SSID4, IP x.x.4.1 - confirmed working.
5g radio 2, SSID5, IP x.x.5.1 - confirmed working.
5g radio 3 SSID6, IP x.x.6.1 - disabled and not confirmed working. No reason to think an issue is present.
5g-2 radio 1 - n/a
5g-2 radio 2 - n/a
5g-2 radio 3 - n/a

Policy rules set Explicit.
All Ethernet Traffic and personal WiFi routed through ISP. Confirmed ISP IP.
All Guest Radios routed through VPN. Confirmed VPN IP.

@Brenneke
Many thanks to all of the posts here in the topic, as they really helped me along.
 
Jack Yaz said:
Thanks John! @MysticGold04 if you do give the script a go let me know how you get on!
Click to expand...

Works good here... I have 2 guest networks, one routing to the VPN, one to the Wan, isolated from my main network. Is works just fine on Merlin's fork. Thank you for your work on this script!
 
ColinTaylor said:
I think if your script runs before, or in parallel with, a restart_wireless I'd be concerned about the script referencing (iptables/ebtables) interfaces that were in the process of being deleted/created. (I don't know whether that actually happens, but that's what I'd check first).
Click to expand...
I'll look out for that once 384.5 is in release, I don't run beta software (I would but the wife would kill me if it crashed while I was at work and not on hand to fix!)
 
HuskyHerder said:
@Jack Yaz

Using the latest version. All appears to be working just fine. Nice Job!

Router:
RT-AC5300

Merlin:
385.b1

Caveat:
No support for the 2nd 5G radio. I don't think, that I need it. But just throwing it out there. I’ll likely only run 1 - 5G radio for VPN access. So no concerns for me.

Issues :
Upon restart, I had to manually run YazFi. Easy enough for me to add it to the wan-start script. Should this happen ? Should I have to add it myself ? Though this could be a user error, config issue. I forgot to tick start VPN at startup. I will have to wait for a bit to test again, or the wife and kids will string me up. I will post back once they go to bed.

Notes:
Needed to reboot router after setup with VPN config to get Internet traffic on VPN with YazFi enabled.
All guest WiFi received LAN IP's and not YazFi set IP's after reboot. (See question/statement above about startup issue) Once YazFi was manually started, I was able to refresh the IP and obtain the correct one for the specific WiFi ensuring proper routing.

Observations: GUEST WiFi
2.4 radio 1, SSID1, IP x.x.1.1 - confirmed working.
2,4 radio 2, SSID2, IP x.x.2.1 - confirmed working.
2.4 radio 3 SSID3, IP x.x.3.1 - disabled and not confirmed working. No reason to think an issue is present.
5g radio 1, SSID4, IP x.x.4.1 - confirmed working.
5g radio 2, SSID5, IP x.x.5.1 - confirmed working.
5g radio 3 SSID6, IP x.x.6.1 - disabled and not confirmed working. No reason to think an issue is present.
5g-2 radio 1 - n/a
5g-2 radio 2 - n/a
5g-2 radio 3 - n/a

Policy rules set Explicit.
All Ethernet Traffic and personal WiFi routed through ISP. Confirmed ISP IP.
All Guest Radios routed through VPN. Confirmed VPN IP.

@Brenneke
Many thanks to all of the posts here in the topic, as they really helped me along.
Click to expand...
Can you check if YazFi is present in/called by firewall-start?

There should be no need for a reboot as YazFi restarts the relevant services after setting up the required configuration. You would most likely need to reconnect any devices that were already on the Guest networks prior to running YazFi the first time however.

If you can send me the output of
Code: 
nvram show | grep "_vifs"
with some 5G-2 guests enabled in GUI I'll see if there's anything I can do.
 
Jack Yaz said:
Can you check if YazFi is present in/called by firewall-start?
Click to expand...

Yes it is.

I started having some weird issues today, so I just wiped the jffs partition and started over. My issues were not related to YazFi AFAICT. More likely my tinkering with the LED's on off scripts.

Rebooting works as desired now with YazFi starting appropriately. IP's handed out appropriately etc.

No issues with AB-Solution, Skynet, and FreshJR's adaptive QOS, All running simultaneously.

Results :

Code: 
wl2_vifs=wl2.1
wl0_vifs=wl0.1 wl0.2
size: 82519 bytes (48553 left)
wl1_vifs=wl1.1 wl1.2
 
HuskyHerder said:
Yes it is.

I started having some weird issues today, so I just wiped the jffs partition and started over. My issues were not related to YazFi AFAICT. More likely my tinkering with the LED's on off scripts.

Rebooting works as desired now with YazFi starting appropriately. IP's handed out appropriately etc.

No issues with AB-Solution, Skynet, and FreshJR's adaptive QOS, All running simultaneously.

Results :

Code: 
wl2_vifs=wl2.1
wl0_vifs=wl0.1 wl0.2
size: 82519 bytes (48553 left)
wl1_vifs=wl1.1 wl1.2
Click to expand...
Ah, glad you got it sorted, though sorry to hear you had problems!

The good news is, with a small patch, I should be able to support your 5GHz-2 radio. I'll update the script and config file, if you're willing to give it a test?
 
Jack Yaz said:
Ah, glad you got it sorted, though sorry to hear you had problems!

The good news is, with a small patch, I should be able to support your 5GHz-2 radio. I'll update the script and config file, if you're willing to give it a test?
Click to expand...
Yeah no problem glad to help. Though it may take a few days as I travel for work and today is departure day.
 
YazFi v1.2.3 is now available

Changelog:

Support of 2nd 5G radio guests, add support for models with 2 5Ghz radios, e.g. RT-AC5300
Click to expand...

Thanks to @HuskyHerder for suggesting it and testing!


Script updated by running:
Code: 
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/jackyaz/YazFi/master/YazFi" -o "/jffs/scripts/YazFi" && chmod 0755 /jffs/scripts/YazFi


This version brings an updated config file, to allow for configuration of 5GHz-2 guests. This can be downloaded from:
Code: 
https://raw.githubusercontent.com/jackyaz/YazFi/master/YazFi.config
 
Jack Yaz said:
YazFi v1.2.3 is now available

Changelog:



Thanks to @HuskyHerder for suggesting it and testing!


Script updated by running:
Code: 
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/jackyaz/YazFi/master/YazFi" -o "/jffs/scripts/YazFi" && chmod 0755 /jffs/scripts/YazFi


This version brings an updated config file, to allow for configuration of 5GHz-2 guests. This can be downloaded from:
Code: 
https://raw.githubusercontent.com/jackyaz/YazFi/master/YazFi.config
Click to expand...
So just to confirm, I can now have 4 different VPN clients in play on my RT-AC68U? (2Ghz main & guest, 5Ghz main & guest)
Or is it just 3? (main, 2Ghz guest & 5Ghz guest)
 
Last edited:
You must log in or register to reply here.

Similar threads

Jack Yaz
YazFi YazFi v4.x - continued
4 5 6
Replies
107
Views
15K
Martinski
M
B
Yazfi: VPN Server for guest network access only
Replies
10
Views
693
jrmathis
jrmathis
T
Make IoT devices on one-way-to-guest YazFi VLANs discoverable on main LAN
Replies
5
Views
925
fotingo
F
lluke
YazFi, ntpMerlin and guest network isolation
Replies
1
Views
662
bennor
B
janico82
sbnMerlin 1.2.1 - Network Isolation Tool based on Guest Networks, April 19 2024
2 3 4
Replies
65
Views
5K
visortgw
visortgw
Similar threads
Thread starter Title Forum Replies Date
B YazFi YazFi Guest Network unable to access Pi-Hole DNS server Asuswrt-Merlin AddOns 22
P YazFi Support AiMesh Yet? Asuswrt-Merlin AddOns 9
B Yazfi: VPN Server for guest network access only Asuswrt-Merlin AddOns 10
T Make IoT devices on one-way-to-guest YazFi VLANs discoverable on main LAN Asuswrt-Merlin AddOns 5
N YazFi Can/Should YazFi be installed on external USB drive? Asuswrt-Merlin AddOns 2
lluke YazFi, ntpMerlin and guest network isolation Asuswrt-Merlin AddOns 1
P Disable YazFi Asuswrt-Merlin AddOns 1
Gary_Dexter YazFi YazFi - All Clients Disconnect Asuswrt-Merlin AddOns 2
J Skynet Is skynet active on guest networks? (without the use of YazFi, etc) Asuswrt-Merlin AddOns 1
J YazFi YazFi speedlimit Asuswrt-Merlin AddOns 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 777 (members: 26, guests: 751)
Top