What's new

YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

madcheek

New Around Here
Try running the below one-liner, then apply settings in YazFi
Code:
touch /jffs/addons/YazFi.d/userscripts.d/AllowSMB.sh && chmod +x /jffs/addons/YazFi.d/userscripts.d/AllowSMB.sh && { echo '#!/bin/sh'; echo 'iptables -D YazFiINPUT -i wl0.1 -p tcp -m multiport --dports 139,445 -j ACCEPT'; echo 'iptables -D YazFiINPUT -i wl1.1 -p tcp -m multiport --dports 139,445 -j ACCEPT'; echo 'iptables -I YazFiINPUT -i wl0.1 -p tcp -m multiport --dports 139,445 -j ACCEPT'; echo 'iptables -I YazFiINPUT -i wl1.1 -p tcp -m multiport --dports 139,445 -j ACCEPT'; } >> /jffs/addons/YazFi.d/userscripts.d/AllowSMB.sh

Hi Sir, I tried this, copied the command then paste to ssh window. restarted the router, but still unable to see the smb drive connected to the router. I can ping the router though when I am connected to the guest ssid.

I also edited the Yazfi settings, enabled two way to guest, set the client isolation to false. and in the native Guest section, enabled intranet. Thanks for the help.. hope there's still a workaround.
 

mrkorky

New Around Here
I would like to have my standard SSID's not use VPN and then have my guest SSID's utilize the VPN. This would allow me to connect to the VPN ssid when I want to be behind the VPN. Is that possible with this script? I was thinking that when I enabled the VPN configuration that it would also switch my standard SSID's over to the VPN as well.
 

diyguy

Regular Contributor
question, can I just set this up to use guest network for my google mini/ smart home devices? they seem to be the most finicky and seperating them into their own SSID would be ideal, I don't need them to go through VPN or anything.
 

Phil Schaffer

Occasional Visitor
question, can I just set this up to use guest network for my google mini/ smart home devices? they seem to be the most finicky and seperating them into their own SSID would be ideal, I don't need them to go through VPN or anything.
Yes you can. I use it in a similar manner to put my IoT devices by themselves on a guest network that does not connect to my home network. I don't typically use a VPN either.
 

logicalmind

New Around Here
I tried to scan this thread and FAQ but could find anything. I really want to set this up to isolate my network. I have one router setup in wireless router mode. Then I have two other routers setup in AP mode (these are all RT-AC68U's running the same version of merlin 384.17). If I want to install Yazfi, do I need to install it on just the wireless router? Or the AP's as well?

EDIT: After some continued scouring I found this post that Yazfi doesn't support AP's. Though, this doesn't appear to be a Yazfi limitation. The guest networks on AP's are indistinguishable from normal LAN traffic to the main router, which is where the limitation lies.

EDIT AGAIN: For anyone looking to do a guest network across multiple devices, check out this thread.
 
Last edited:

Fmstrat

New Around Here
Correct. While VLAN support for LAN ports would be nice, it is messy when supporting lots of models that use different port configurations etc.
I'd just like to throw in that I would love to see this handle LAN ports as well. Especially on the newer models like the RT-AX88U where there is no robocfg.
 

Jack Yaz

Part of the Furniture
Hi Sir, I tried this, copied the command then paste to ssh window. restarted the router, but still unable to see the smb drive connected to the router. I can ping the router though when I am connected to the guest ssid.

I also edited the Yazfi settings, enabled two way to guest, set the client isolation to false. and in the native Guest section, enabled intranet. Thanks for the help.. hope there's still a workaround.
Can you try a port scan on the router from the guest ssid using nmap, to verify what ports are exposed please?
 

Jack Yaz

Part of the Furniture
v4.1.2 is now available
Changelog:
Code:
IMPROVED: WebUI validation
Disable fields if guest disabled in firmware
Disable fields if not enabled in YazFi
Disable VPN number if not redirecting
CHANGED: 0.0.0.0 not needed in line with VPN policy routing nvram changes in 384.18 / 384.13_10
 

Wisiwyg

Regular Contributor
Upgraded to v4.1.2 alongside a fresh wipe and install of Merlin 384.18. Web UI tab not showing, due to this? Note from Post #1:

WebUI page for YazFi

You must be running firmware no older than:
TIA
 

Jack Yaz

Part of the Furniture
Upgraded to v4.1.2 alongside a fresh wipe and install of Merlin 384.18. Web UI tab not showing, due to this? Note from Post #1:

WebUI page for YazFi

You must be running firmware no older than:
TIA
Do you get any errors if you run
Code:
YazFi startup
 

Wisiwyg

Regular Contributor
Thank you all for the replies. An uninstall, reinstall and reboot cleared it. Now have the YazFi GUI on 384.18.
 

Quietsy

New Around Here
I tried to install YazFi on RT-N66U, but xt_comment was missing (running the latest john's LTS).
I got it working by removing the lines related to xt_comment, is there a better way to do it? (everything seems to be working fine)

Code:
modprobe xt_comment

 -m comment --comment "$(Get_Guest_Name "$2")"


if ! modprobe xt_comment 2>/dev/null; then
    Print_Output "true" "Router does not support xt_comment module for iptables. Is a newer firmware available?" "$ERR"
    CHECKSFAILED="true"
fi
 

joe68000

Regular Contributor
hello,

I've been seeing this in my logs for a while now... any ideas as to how to fix?

Code:
Jul  9 22:48:39 RT-AC5300 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  9 22:48:50 RT-AC5300 syslog: Error unlocking 6: 9 Bad file descriptor
Jul  9 22:48:50 RT-AC5300 syslog: Error unlocking 0: 9 Bad file descriptor
Jul  9 22:48:55 RT-AC5300 YazFi: YazFi v4.1.2 completed successfully
 

Jack Yaz

Part of the Furniture
hello,

I've been seeing this in my logs for a while now... any ideas as to how to fix?

Code:
Jul  9 22:48:39 RT-AC5300 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  9 22:48:50 RT-AC5300 syslog: Error unlocking 6: 9 Bad file descriptor
Jul  9 22:48:50 RT-AC5300 syslog: Error unlocking 0: 9 Bad file descriptor
Jul  9 22:48:55 RT-AC5300 YazFi: YazFi v4.1.2 completed successfully
It's normal where networkmap gets restarted. Nothing to worry about!
 

Jack Yaz

Part of the Furniture
I tried to install YazFi on RT-N66U, but xt_comment was missing (running the latest john's LTS).
I got it working by removing the lines related to xt_comment, is there a better way to do it? (everything seems to be working fine)

Code:
modprobe xt_comment

 -m comment --comment "$(Get_Guest_Name "$2")"


if ! modprobe xt_comment 2>/dev/null; then
    Print_Output "true" "Router does not support xt_comment module for iptables. Is a newer firmware available?" "$ERR"
    CHECKSFAILED="true"
fi
i think the comment was so the script knew which rule(s) to delete if a yazfi network changes which vpn client is configured, i.e. was using 1 but moves to 2
 

Quietsy

New Around Here
i think the comment was so the script knew which rule(s) to delete if a yazfi network changes which vpn client is configured, i.e. was using 1 but moves to 2
Luckily I don't use that feature, hopefully this helps anyone else on the RT-N66U having issues.
Thanks for the awesome work!
 

joe68000

Regular Contributor

juched

Senior Member
I noticed an issue, perhaps this meant to be this way. When my WAN went down, etc., when it came back up, YazFi during startup issued this "YazFi: Forcing YazFi Guest WiFi clients to reauthenticate".

Now, from the logs it appears that all my wifi interfaces were impacted, not just those using my one YazFi Guest network. This caused my regular network to push all devices to AiMesh nodes. Not a big deal, but perhaps the script could only turn off and on (via wl radio off commands) those wifi interfaces being controlled by YazFi? Currently, the IFACELIST is every wifi interface.

Perhaps all need to be bounced to force people to go onto the Guest Wifi? Seems this command runs during startup, which happens when WAN drops and then connects. Figured out mine dropped this time due to my ISP pushing a software update to the modem.

Thanks.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top