YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[Jack Yaz]

Set AC86U router with:
LAN > DHCP Server > DNS Server 1 - 192.168.51.123 = Pihole IP
WAN > Internet Connection > WAN DNS SEtting > Connect to DNS Server automatically - YES

I set up YazFi with these options:
wl01_ENABLED=true
wl01_IPADDR=192.168.52.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=192.168.51.123
wl01_DNS2=192.168.51.123
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=2
wl01_LANACCESS=false
wl01_CLIENTISOLATION=true

I get an IP assigned from the 52.0 block when connecting to the guest network. However, no internet. Also the device doesn't show up in the network map list on the router.

And what DNS have you set on the PiHole?

 

[jbpcan]

Open DNS

 

[jbpcan]

And what DNS have you set on the PiHole?

OpenDns

 

[Jack Yaz]

OpenDns

Can you see DNS queries hitting the PiHole? Can affected guests ping 8.8.8.8 for example?

 

[jbpcan]

Can you see DNS queries hitting the PiHole? Can affected guests ping 8.8.8.8 for example?

Yes. Can ping.

I think I figured out the issue from this.
Under pihole > DNS > Interface listening behavior:
Listen on all interfaces, permit all origins

 

[jbpcan]

Yes. Can ping.

I think I figured out the issue from this.
Under pihole > DNS > Interface listening behavior:
Listen on all interfaces, permit all origins

Is there any way to make the devices connected to YazFi appear on the router admin Network map?

 

[Jack Yaz]

Is there any way to make the devices connected to YazFi appear on the router admin Network map?

No, Asus hardcoded it to the /24 of your LAN.

You can either use YazFi's status, the DHCP status page or Wireless Log

 

[jbpcan]

No, Asus hardcoded it to the /24 of your LAN.

You can either use YazFi's status, the DHCP status page or Wireless Log

ok. Thank you. Appreciate your help.

 

[Jack Yaz]

ok. Thank you. Appreciate your help.

no problem!

 

[mackun]

If you add it to the top of the YazFiINPUT chain that should be fine, add your rules after YazFi in firewall-start

kind sire, i stared at your reply for a good while. but can't figured out what to do lol. what / how to configure.
can you point me in any guide?

 

[Jack Yaz]

kind sire, i stared at your reply for a good while. but can't figured out what to do lol. what / how to configure.
can you point me in any guide?

This will allow guests on 5Ghz-1 guest 1 to access Samba on the router:

iptables -D YazFiINPUT -i wl1.1 -p tcp -m tcp --dport 445 -j ACCEPT
iptables -I YazFiINPUT -i wl1.1 -p tcp -m tcp --dport 445 -j ACCEPT

Replace wl1.1 with the appropriate guest interface

 

[mackun]

This will allow guests on 5Ghz-1 guest 1 to access Samba on the router:

iptables -D YazFiINPUT -i wl1.1 -p tcp -m tcp --dport 445 -j ACCEPT
iptables -I YazFiINPUT -i wl1.1 -p tcp -m tcp --dport 445 -j ACCEPT

Replace wl1.1 with the appropriate guest interface

much appreciated sire! i'll report back once i've get to it.!!

 

[thelonelycoder]

@Jack Yaz if you would not rename YazFi.sh to YazFi in /jffs/scripts/ then one could do an md5sum on the two files.
But with the renaming that is not possible. Any way you could change that for amtm to do such an update check?

 

[Jack Yaz]

@Jack Yaz if you would not rename YazFi.sh to YazFi in /jffs/scripts/ then one could do an md5sum on the two files.
But with the renaming that is not possible. Any way you could change that for amtm to do such an update check?

Skynet does an equivalent renaming. The .sh is used primarily for Codacy to check my work - sadly it isn't smart enough to work on files without an extension.

In any case - does renaming actually affect the hash?

admin@RT-AC86U:/tmp/home/root# md5sum /jffs/scripts/YazFi.sh 
98cdaf74b34d4eb279e23a003b3d3afb  /jffs/scripts/YazFi.sh

admin@RT-AC86U:/tmp/home/root# mv /jffs/scripts/YazFi.sh /jffs/scripts/YazFi.test

admin@RT-AC86U:/tmp/home/root# md5sum /jffs/scripts/YazFi.test
98cdaf74b34d4eb279e23a003b3d3afb  /jffs/scripts/YazFi.test

 

[thelonelycoder]

Skynet does an equivalent renaming. The .sh is used primarily for Codacy to check my work - sadly it isn't smart enough to work on files without an extension.

In any case - does renaming actually affect the hash?

admin@RT-AC86U:/tmp/home/root# md5sum /jffs/scripts/YazFi.sh
98cdaf74b34d4eb279e23a003b3d3afb  /jffs/scripts/YazFi.sh

admin@RT-AC86U:/tmp/home/root# mv /jffs/scripts/YazFi.sh /jffs/scripts/YazFi.test

admin@RT-AC86U:/tmp/home/root# md5sum /jffs/scripts/YazFi.test
98cdaf74b34d4eb279e23a003b3d3afb  /jffs/scripts/YazFi.test

You are right, the same md5 code works for Skynet. Let me check what I do wrong.

 

[thelonelycoder]

In any case - does renaming actually affect the hash?

Ahh, copy/paste error. All's good.

 

[Jack Yaz]

Ahh, copy/paste error. All's good.

Good stuff! Was going to say if changes needed I can do before 10AM GMT then i'm off to look at a potential house to rent

 

[thelonelycoder]

Good stuff! Was going to say if changes needed I can do before 10AM GMT then i'm off to look at a potential house to rent

I was comparing YazFi against Stubby, so the result was correct in a way...

 

[Jack Yaz]

I was comparing YazFi against Stubby, so the result was correct in a way...

Well I was involved with the Stubby project at one stage

 

[bennor]

Is there any way to make the devices connected to YazFi appear on the router admin Network map?

In addition to the methods Jack Yaz suggested to display the devices connected to YazFi one can also, via ssh, do:

cat /var/lib/misc/dnsmasq.leases

For example, if using Windows one can create a batch (bat) file to run the command via Plink. I have a shortcut on my Windows Desktop for the batch file to call up when I want to see the devices connected (current lease devices). Example script:

plink.exe -batch -ssh -l <ssh login name> -pw <ssh password> <router IP address> cat /var/lib/misc/dnsmasq.leases

PAUSE