YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[Jack Yaz]

DEMONIC POSSESSION!!! Update: FIXED!!! Updated all scripts with AMTM, reboot. Done!
I had some weird errors in my log.... repeating many times.
May 15 14:46:19 kernel: EXT2-fs (sda2): previous I/O error to superblock detected
May 15 14:46:19 kernel: EXT2-fs (sda2): previous I/O error to superblock detected
I couldn't identify SDA2 using fdisk -l or DF or LSusb. Should be something mounted very early in the boot process. So I rebooted and now.... a case of multiple personalities? Demonic Posession? What??? Yazfi is now spdMerlin???
Speedtest is now Connmon????
View attachment 23501 View attachment 23502

Sounds like your USB filesystem is corrupted. I assume you have amtm disk check script, which would have run to try and repair the errors after a reboot

 

[Slawek P]

Hi,

I have setup YazFi guest network and connected a device to it. The thing that confuses is me that this new device shows up on WebUI Network Map with DHCP IP from the main network rather than from guest network range. What am I missing?

 

[Slawek P]

Hi,

I have setup YazFi guest network and connected a device to it. The thing that confuses is me that this new device shows up on WebUI Network Map with DHCP IP from the main network rather than from guest network range. What am I missing?

Fixed - activated networks on YazFi MUST be in line with Guest Network. (no extra Yes on YazFi tab). I reapplied settings on the command line and everything works

 

[WorkInProgress]

Hi,

I have setup YazFi guest network and connected a device to it. The thing that confuses is me that this new device shows up on WebUI Network Map with DHCP IP from the main network rather than from guest network range. What am I missing?

I'm new here, joined just for this issue....

I have Merlin 384.17 running on my AC86u router, and installed YazFi a few days ago to try and better control the guest network. Unfortunately I have run into a string of issues.....

I have AMTM 3.1.7 installed, and used it to install YazFi 4.0.3. I created my guest network through the webUI (enabled the Asus config then options for YazFi). When I connected a new device to the guest network, it obtained an IP in my home DHCP scope. Even though the device (and the router info) confirm a home network IP, the client was only able to ping the router and not other devices in my home network so isolation at least is working.

I deleted the config, tested again with the same result. I uninstalled and reinstalled YazFi, same result. I noticed when I applied the config through Putty, an error would display saying 192.168.0.2 (or whatever network I tried) is already in use on an interface, even though that subnet is not used in my network.

So a few hours of reading through this thread and testing has me here. I found #1053 and related on page 53, which concerned a router build with an IP address other than the expected x.x.x.1 - this is my case as well. Per the messages, I blanked out the _IPADDR= and the DHCP start/end lines and applied the config successfully (no errors) this time. I connected a device back to the guest wifi and it obtained the expected guest IP. Success I thought.....

I rebooted the client, it reconnected to guest and obtained a home network IP lease again. I renewed the DHCP lease with no change and waited about 15 minutes. The device still had the home network IP but as further above isolation seems to be working.

My home network is 10.10.12.x with a specifically defined DHCP scope. I have set the YazFi config to 10.10.13.x with the full .2-.254 scope and a narrower scope, plus left the default 192.169.0.2 info. The problem remains.

Any ideas that I haven't uncovered yet? Based on the success of others in this thread it seems like something I have incorrect, but not sure if that is due to the odd router IP address I have assigned, my home DHCP config, or something else. Thanks for any info you can provide!

Recap of issues:
1. Clients obtain DHCP lease from home scope and not DHCP.
2. YazFi config would fail to apply with network already in use, even though it was not defined.
3. Once network error resolved by blanking out config lines, DHCP leases still not working as expected.
4. Router IP and home DHCP scope are custom and could be contributing to the issue?

 

[Jack Yaz]

I'm new here, joined just for this issue....

I have Merlin 384.17 running on my AC86u router, and installed YazFi a few days ago to try and better control the guest network. Unfortunately I have run into a string of issues.....

I have AMTM 3.1.7 installed, and used it to install YazFi 4.0.3. I created my guest network through the webUI (enabled the Asus config then options for YazFi). When I connected a new device to the guest network, it obtained an IP in my home DHCP scope. Even though the device (and the router info) confirm a home network IP, the client was only able to ping the router and not other devices in my home network so isolation at least is working.

I deleted the config, tested again with the same result. I uninstalled and reinstalled YazFi, same result. I noticed when I applied the config through Putty, an error would display saying 192.168.0.2 (or whatever network I tried) is already in use on an interface, even though that subnet is not used in my network.

So a few hours of reading through this thread and testing has me here. I found #1053 and related on page 53, which concerned a router build with an IP address other than the expected x.x.x.1 - this is my case as well. Per the messages, I blanked out the _IPADDR= and the DHCP start/end lines and applied the config successfully (no errors) this time. I connected a device back to the guest wifi and it obtained the expected guest IP. Success I thought.....

I rebooted the client, it reconnected to guest and obtained a home network IP lease again. I renewed the DHCP lease with no change and waited about 15 minutes. The device still had the home network IP but as further above isolation seems to be working.

My home network is 10.10.12.x with a specifically defined DHCP scope. I have set the YazFi config to 10.10.13.x with the full .2-.254 scope and a narrower scope, plus left the default 192.169.0.2 info. The problem remains.

Any ideas that I haven't uncovered yet? Based on the success of others in this thread it seems like something I have incorrect, but not sure if that is due to the odd router IP address I have assigned, my home DHCP config, or something else. Thanks for any info you can provide!

Recap of issues:
1. Clients obtain DHCP lease from home scope and not DHCP.
2. YazFi config would fail to apply with network already in use, even though it was not defined.
3. Once network error resolved by blanking out config lines, DHCP leases still not working as expected.
4. Router IP and home DHCP scope are custom and could be contributing to the issue?

Where are you seeinf the incorrect IP? On the device itself? Or something like Network Map?

 

[WorkInProgress]

Where are you seeinf the incorrect IP? On the device itself? Or something like Network Map?

Both. I grabbed my second laptop which has been offline for weeks and connected it straight to the guest wifi (was not connected to the home network at all). The laptop pulled a home IP when connected to the guest wifi, but as noted isolation is working based on ping testing (only the router would ping which is expected per notes in this thread).

The laptop pulled the expected guest IP one time as I said, but then after a reboot obtained a home DHCP lease again.

The YazFi option to show connected devices shows the laptop with an empty IP address. The network map (listed in this thread as often incorrect) and wireless log both show the home IP assignment as well.

 

[Jack Yaz]

Both. I grabbed my second laptop which has been offline for weeks and connected it straight to the guest wifi (was not connected to the home network at all). The laptop pulled a home IP when connected to the guest wifi, but as noted isolation is working based on ping testing (only the router would ping which is expected per notes in this thread).

The laptop pulled the expected guest IP one time as I said, but then after a reboot obtained a home DHCP lease again.

The YazFi option to show connected devices shows the laptop with an empty IP address. The network map (listed in this thread as often incorrect) and wireless log both show the home IP assignment as well.

Sounds like something is going wrong with either dnsmasq or firewall. Can you use option d and send me the diagnostics please?

 

[Slawek P]

Sounds like something is going wrong with either dnsmasq or firewall. Can you use option d and send me the diagnostics please?

Jack can solve any YazFi problem, but I thought it is worth adding points from user perspective (as I was setting up for first time).

1. Enabled networks from Guest Network are exactly the same as enabled (Yes/No radio) on YazFi. So if one has two of six then the other one has exactly same.
2. I removed manually assigned IP from LAN / DHCP for devices I switched to guest networks.
3. Also watch out for the long DHCP lease time - a device might be appearing for some time in the main network
4. When investigating problems I was staring YazFi from command line rather than from AMTM menu (it was more clear to me what the issue is). And yes you should see device with this IP under guest network from YazFi.

 

[WorkInProgress]

I sent Jack the diags, will see what he finds in my config. I am only running 1 guest setup (enabled under the Asus guest page and set to Yes on YazFi).

I had a thought though while testing - do I need to create a route for the new subnet? I assumed that would be automatic if needed, but in the router under LAN > Route it is blank. Should I add the guest wifi subnet there with the gateway as my router since it is not the normal .1 IP?


ETA - just checked routes manually. I see the guest wifi subnet is created, gateway is set to * for the w10.1 interface.

 

[WorkInProgress]

I am testing a fix from Jack now, so far it looks good. I will reply tomorrow with an update. Thank you!

 

[WorkInProgress]

It has been over 24 hours now and testing with multiple devices continues to be successful! When connected to the guest network the expected IP is obtained, and the device is unable to communicate to the home network. Thank you again.

 

[Slawek P]

It has been over 24 hours now and testing with multiple devices continues to be successful! When connected to the guest network the expected IP is obtained, and the device is unable to communicate to the home network. Thank you again.

I observed exactly the same problem after reboot on a device that only connects to guest network - it appeared on DHCP for my main network, so I think it had first one IP assigned, before being re-assigned to guest network. What patch did you get - I can see a change in develop, perhaps that is the one? I am using YazFi v4.0.3 on RT-AX88U.

 

[Slawek P]

Observed a feature of YazFi - devices connected guest network, appear to no longer get IPv6 allocated
At least that's how it appears WebUI

 

[Jack Yaz]

Observed a feature of YazFi - devices connected guest network, appear to no longer get IPv6 allocated
At least that's how it appears WebUI

I don't have IPv6 on my network, so I'm unable to test what happens. I would assume it won't work as the firewall for IPv6 won't know what to do with the guest interface

 

[Slawek P]

I don't have IPv6 on my network, so I'm unable to test what happens. I would assume it won't work as the firewall for IPv6 won't know what to do with the guest interface

OK, I will investigate at some point

 

[Jack Yaz]

It has been over 24 hours now and testing with multiple devices continues to be successful! When connected to the guest network the expected IP is obtained, and the device is unable to communicate to the home network. Thank you again.

I'll push the release on the stable branch in that case! Thanks for testing

 

[Jack Yaz]

v4.0.4 is now available!
Changelog:

FIXED: Fix for ifconfig validation when LAN/router ends .2 (clash with broadcast address)
CHANGED: Turn radio off and on rather than de-auth
CHANGED: Change lease time to 24h

 

[SomeWhereOverTheRainBow]

v4.0.4 is now available!
Changelog:

FIXED: Fix for ifconfig validation when LAN/router ends .2 (clash with broadcast address)
CHANGED: Turn radio off and on rather than de-auth
CHANGED: Change lease time to 24h

Awesome man! You have been enhancing guest wifi since 2018. You are on Fire! And there is no limit. Great Work!

 

[Slawek P]

v4.0.4 is now available!
Changelog:

FIXED: Fix for ifconfig validation when LAN/router ends .2 (clash with broadcast address)
CHANGED: Turn radio off and on rather than de-auth
CHANGED: Change lease time to 24h

Yes, confirm it addressed the problem for me. Big thanks, it is a great tool.

Heads up on another issue/question, which I am going to actually post to unbound_manager forum.
I am running unbound for DNS and now left dnsmasq for DHCP only. My YazFi setup was forcing use of local DNS and that worked with dnsmasq enabled, but in the new setup it does not anymore.
I need some extra magic in unbound.conf.

 

[Jack Yaz]

Yes, confirm it addressed the problem for me. Big thanks, it is a great tool.

Heads up on another issue/question, which I am going to actually post to unbound_manager forum.
I am running unbound for DNS and now left dnsmasq for DHCP only. My YazFi setup was forcing use of local DNS and that worked with dnsmasq enabled, but in the new setup it does not anymore.
I need some extra magic in unbound.conf.

it should work with unbound, all YazFi does is redirect DNS traffic to an IP of your choosing.