YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

mcse

Occasional Visitor
perhaps already done, but a few items to check

remove all reservations from the devices you wish to have on a separate (new SSID) network
on the device itself remove or 'forget' the previous network's SSID
a couple of my devices were very stubborn to 'move'. when i defined the new SSID i allocated the full network, but only allowed a subrange of addresses for dhcp. i assigned a fixed address for 24hours (my dhcp renew time) then returned them to automatic. after that, they all played nice and connected where i wanted them to connect.
 

Chewie420

Occasional Visitor
perhaps already done, but a few items to check
on the device itself remove or 'forget' the previous network's SSID​
I was really hoping not to have to do that again as I have a lot of devices lol I will eventually if needed. Thanks for the info!
 

Chewie420

Occasional Visitor
I had to disable for now had some weird issues going on. My Harmony Hub had the new subnet IP but wouldn't work and my phone was connected to Wi-Fi but showed LTE no matter what Wi-Fi I used. Guest or Regular. WeMo Switches stopped working too so I decided to revert for now. Cool idea but maybe I am missing something or maybe it needs an update.
 

distilled

Senior Member
Is it possible (and without great difficulty) for a YazFi user to make a modification that would allow a single specific address on an isolated guest network communicate back and forth with a specific address on the main LAN? In YazFi terms, I want "Two Way to Guest" with one specific device only. If it can be done but would require particle physics and black magick, it isn't worth it, but if there is a reasonable way, I would love to know.
 

L&LD

Part of the Furniture
@distilled just create a Guest network for that single device only with its own SSID and password that you don't share with anyone/anything else. ;)
 

distilled

Senior Member
@distilled just create a Guest network for that single device only with its own SSID and password that you don't share with anyone/anything else. ;)
Thanks L&LD, I may end up doing just that. Sometimes less is more, and that certainly applies to RF noise, but creating a dedicated guest may be the only alternative.
 

L&LD

Part of the Furniture
Ha! I can manipulate iptables in my sleep! :D

It's when I wake up that they get the better of me, every-single-time. :p
 

distilled

Senior Member
if you know how to manipulate iptables, fairly easily
Not bloody likely ;)

Iptables looks like Telerin to me. These days, much smarter, younger people at work do that sort of heavy lifting, while I shake prospective client's hands and pretend to know what is going on around me. I did manage a Secureway firewall on AIX several decades ago, but Big Blue experience doesn't usually translate to a hill of beans outside of IBM shops.

I will just make a network for it, no biggie.
 

Lurkmaster

Occasional Visitor
Anyone - Is there a way to track the traffic history on a guest network? I want to see what my guest clients are doing. All I can find at the moment is grepping for the guest device MAC or IP in dnsmasq.log. Not very informative. I can't find anything in the other logs and they don't show up in QoS - Web History. Is there some other place I can extract these data from?

I imagine this has been asked already ad nauseam but I can't find anything relevant after searching on the terms: log, track or history in this thread.

Thank you in advance for any pointers.
 

distilled

Senior Member
Anyone - Is there a way to track the traffic history on a guest network? I want to see what my guest clients are doing.
This probably isn't the "click a radio button" answer that you want, but you could easily run pfsense or Wfilter, maybe in a VM. That might be a hassle, and might not be doable for various reasons, but it would get you some traffic logs.
 

Lurkmaster

Occasional Visitor
Thanks @distilled - I might look into that but yeah, I am hoping I can just put a script together if I knew where to look for the data, if it exists in the filesystem or some readable nvram vars.

I guess I can just use the Skynet search function along with grepping dnsmaq.log. Although it would be cool if the guest devices showed up in QOS - History. Seems like Asus would have implemented that.
 
Last edited:

roundaway

Occasional Visitor
@YazFi -- Thank you for this great tool. Post #2 has 11 options and it appears there are 12 on the GUI. Can someone please explain the function of "Two way to guest"?

I have a RT-AC66U B1 running 384.15. I have a guest wi-fi on a different subnet than the main LAN. Would like this wi-fi to be guests only and isolated from seeing each other (Client isolation = YES).

Have a Smart Things Hub and Echo Dot on a 5Ghz guest wi-fi with it's own subnet. Need to be able to "see" these clients but they don't to see the main LAN (One way to Guest = ON). Don't care if they interact (Client Isolation = No)

Have a third 2.4Ghz guest wi-fi (only 2.4Ghz capable) for thermostats with there own subnet. Same deal One way to guest and Client isolation settings.

Should the DNS Server setting be blank, set to the router's IP (DNS Filter = Router), or 1.1.1.1?

Thank you for the help.
 

bennor

Regular Contributor
Can someone please explain the function of "Two way to guest"?
The YazFi page in the Asus administration page indicates the following when one rolls their mouse coursor over the Two Way to Guest text and clicks: "Should LAN/Guest Network traffic have unrestricted access to each other? Cannot be enabled if _ONEWAYTOGUEST is enabled"

ETA: ooops pasted in the wrong tip text, corrected. :)
 

Attachments

roundaway

Occasional Visitor
The YazFi page in the Asus administration page indicates the following when one rolls their mouse coursor over the Two Way to Guest text and clicks: "Should LAN/Guest Network traffic have unrestricted access to each other? Cannot be enabled if _ONEWAYTOGUEST is enabled"

ETA: ooops pasted in the wrong tip text, corrected. :)
@bennor Thanks for the reply. Rolling over the GUI items was the answer for that question.
 

Wisiwyg

Regular Contributor
Quick question... can I use this script to run an internet accessible OpenVPN Server to Guest Network? Young son, who is now 'stuck' at home doing homework until... wants to run a Minecraft server from home so he and buddies from school can game together. I'm reluctant to simply put them on our home network with OVPN Server - high school boys... Second, if I can make this happen, is there a way to prevent said HS boys from browsing the internet from the guest network IP? Happy to run through tutorial / instructions if this has been already posted somewhere. I thought maybe using YazFi would be simpler.

So the plan would be for me to run VPN Server on AC86U directing to Guest, son log into Guest WiFi and run Minecraft server to the Guest network. Buddies VPN into Guest and play.

I apologize in advance if this is covered in the >1k messages on this thread. TIA
 
Last edited:

L&LD

Part of the Furniture
@Wisiwyg, why do they need to access an OpenVPN Server for their Minecraft gaming? I don't think it works like that. :)
 

Wisiwyg

Regular Contributor
@Wisiwyg, why do they need to access an OpenVPN Server for their Minecraft gaming? I don't think it works like that. :)
Hi @L&LD,

The server will be the Minecraft java edition running locally on #1 Son's computer, available on the network. The other guys will be at home, vpn'ing into our home to access the local server. I know there are options to game on hosted servers set up by others, but he wanted to create his own. Am I missing something?

I have run one on my home server, customized with lots of goodies, and the family all joined in. He wants to create and run his own, now, and have is buddies who are also 'stuck' at home join in. I know I can set up a VPN server and have them join on our home network and access his server instance. I'm trying to see if I can put him/server on the guest WiFi network and redirect the VPN to the Guest instead.

From what I understand, this YazFi script places the guest network on a VPN client (not server) so anything on the Guest Network can get internet via VPN client. I'm looking for guidance on how to redirect my existing VPN server to an existing Guest Wifi network so that anyone coming into the VPN server gets connected to the Guest network. Make sense?
 
Last edited:

L&LD

Part of the Furniture
I'm not the one to ask, but there should be a client available that just needs a port open on your router to the computer that is hosting the game. I would not be giving any teenagers access to my entire network willingly, via an OpenVPN connection. :)
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top