What's new

YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

Jack Yaz

Part of the Furniture
I noticed an issue, perhaps this meant to be this way. When my WAN went down, etc., when it came back up, YazFi during startup issued this "YazFi: Forcing YazFi Guest WiFi clients to reauthenticate".

Now, from the logs it appears that all my wifi interfaces were impacted, not just those using my one YazFi Guest network. This caused my regular network to push all devices to AiMesh nodes. Not a big deal, but perhaps the script could only turn off and on (via wl radio off commands) those wifi interfaces being controlled by YazFi? Currently, the IFACELIST is every wifi interface.

Perhaps all need to be bounced to force people to go onto the Guest Wifi? Seems this command runs during startup, which happens when WAN drops and then connects. Figured out mine dropped this time due to my ISP pushing a software update to the modem.

Thanks.
It should already only be the guest interfaces. wlx.x are guests, while primary networks are typically eth5 eth6

I haven't seen this happen on my network, only guests are kicked
 

juched

Senior Member
It should already only be the guest interfaces. wlx.x are guests, while primary networks are typically eth5 eth6

I haven't seen this happen on my network, only guests are kicked
Running the command "echo "$(nvram get wl0_vifnames) $(nvram get wl1_vifnames) $(nvram get wl2_vifnames)" | awk '{$1=$1;print}'" on my RT-AX88U gives:

Code:
wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3
wl1.2 is the only one "enabled" in YazFi. wl0.1 is another guestnet, but not enabled in YazFi. I don't see eth6 or eth7 (main wifi) in that list, but from the logs I got:

Code:
Jul 10 02:24:52 Router YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
From looking at the MAC addresses, they were from my main 2.4 and 5Ghz networks. Odd.

Edit, I did an experiment. I ran:
wl -i wl0.1 radio off

and sure enough, on Wireless Log, 2.4Ghz is "turned off". All 2.4.

I am running .19 Alpha with the new AX88U drivers.
 

ugandy

Senior Member
It should already only be the guest interfaces. wlx.x are guests, while primary networks are typically eth5 eth6

I haven't seen this happen on my network, only guests are kicked
it happens to me too

Code:
Jul  6 21:56:03 RT-AX88U-8158 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA ac:bc:32:ac:30:a1 IEEE 802.11: disassociated
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA c8:69:cd:66:42:fa IEEE 802.11: disassociated
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 IEEE 802.11: disassociated
Jul  6 21:56:14 RT-AX88U-8158 networkmap: Error unlocking 7: 9 Bad file descriptor
Jul  6 21:56:14 RT-AX88U-8158 networkmap: Error unlocking 0: 9 Bad file descriptor
Jul  6 21:56:16 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 IEEE 802.11: associated
Jul  6 21:56:16 RT-AX88U-8158 kernel: CFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not set
Jul  6 21:56:17 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 RADIUS: starting accounting session C80F750DE294C689
Jul  6 21:56:17 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 WPA: pairwise key handshake completed (RSN)
Jul  6 21:56:19 RT-AX88U-8158 YazFi: YazFi v4.1.2 completed successfully
 

Jack Yaz

Part of the Furniture
Running the command "echo "$(nvram get wl0_vifnames) $(nvram get wl1_vifnames) $(nvram get wl2_vifnames)" | awk '{$1=$1;print}'" on my RT-AX88U gives:

Code:
wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3
wl1.2 is the only one "enabled" in YazFi. wl0.1 is another guestnet, but not enabled in YazFi. I don't see eth6 or eth7 (main wifi) in that list, but from the logs I got:

Code:
Jul 10 02:24:52 Router YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth6: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: eth7: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
Jul 10 02:24:52 Router hostapd: wl1.2: STA XX:XX:XX:XX:XX:XX IEEE 802.11: disassociated
From looking at the MAC addresses, they were from my main 2.4 and 5Ghz networks. Odd.

Edit, I did an experiment. I ran:
wl -i wl0.1 radio off

and sure enough, on Wireless Log, 2.4Ghz is "turned off". All 2.4.

I am running .19 Alpha with the new AX88U drivers.
very weird
the code is
Code:
    for IFACE in $IFACELIST; do
        wl -i "$IFACE" radio off >/dev/null 2>&1
    done
   
    sleep 10
   
    for IFACE in $IFACELIST; do
        wl -i "$IFACE" radio on >/dev/null 2>&1
    done
so eth7 shouldn't be affected. unless im misunderstanding wl!
 

juched

Senior Member
very weird
the code is
Code:
    for IFACE in $IFACELIST; do
        wl -i "$IFACE" radio off >/dev/null 2>&1
    done
  
    sleep 10
  
    for IFACE in $IFACELIST; do
        wl -i "$IFACE" radio on >/dev/null 2>&1
    done
so eth7 shouldn't be affected. unless im misunderstanding wl!
wl radio seems on the AX88U to take down the entire radio it is on. Not sure yet if there is a more precise wl command to just disable the guest network.
 

Jack Yaz

Part of the Furniture
wl radio seems on the AX88U to take down the entire radio it is on. Not sure yet if there is a more precise wl command to just disable the guest network.
I originally used disassoc (or deauth, I'm not sure which), but that didn't prove 100% effective
 

juched

Senior Member
I originally used disassoc (or deauth, I'm not sure which), but that didn't prove 100% effective
Yes, I know that disassoc/deauth isn't solid as a command. Another idea may be to "rename" the access point for 10 seconds, and then rename it back.
 

Jack Yaz

Part of the Furniture
Yes, I know that disassoc/deauth isn't solid as a command. Another idea may be to "rename" the access point for 10 seconds, and then rename it back.
I think the wireless service needs restarting if doing that via nvram, and if wl supports it it might provide the same problem
 

juched

Senior Member
I think the wireless service needs restarting if doing that via nvram, and if wl supports it it might provide the same problem
Yes, appears to be the case.
I think the wireless service needs restarting if doing that via nvram, and if wl supports it it might provide the same problem
Good point. Guess any firewall rule restart will kick all devices and they will rejoin. it sorta messes up the balance achieved by AiMesh, but I don't see another way.
 

maghuro

Very Senior Member
Hi Jack
Why is it mandatory to have both DNS filled?
As a bypass, I put the same DNS both in DNS 1 and DNS 2 :)
 

bennor

Regular Contributor
@Jack Yaz
This may have already been discussed, but one thing I'm finding is that when DNS 1 is down (not accessable) even though there is a second (different) DNS 2 value input the guest clients on YazFi complain that there isn't an internet connection. Once DNS 1 comes back online YazFi guest devices can once again access the internet. Its almost like unless there is a DNS 1 active clients won't connect to the WiFi and report no internet access. Almost like there isn't a rollover to DNS 2 in the scripting when DNS 1 is down.

Been searching through the thread looking for the answer or explanation, if there is one, but so far finding one has eluded me. :)
 

Jack Yaz

Part of the Furniture
@Jack Yaz
This may have already been discussed, but one thing I'm finding is that when DNS 1 is down (not accessable) even though there is a second (different) DNS 2 value input the guest clients on YazFi complain that there isn't an internet connection. Once DNS 1 comes back online YazFi guest devices can once again access the internet. Its almost like unless there is a DNS 1 active clients won't connect to the WiFi and report no internet access. Almost like there isn't a rollover to DNS 2 in the scripting when DNS 1 is down.

Been searching through the thread looking for the answer or explanation, if there is one, but so far finding one has eluded me. :)
do you have force dns enabled? if so it forces to dns1
 

Jack Yaz

Part of the Furniture
Ah yes. Thanks that would explain it. Had DNS 1 (a Pihole) go down and was pulling my hair out trying to figure out why things were not rolling over to DNS 2. LOL

Thanks.
rollover would be tricky, but not impossible. you;d need something running regularly to check if dns1 resolves or not, then fiddle the iptables rules
 

bennor

Regular Contributor
rollover would be tricky, but not impossible. you;d need something running regularly to check if dns1 resolves or not, then fiddle the iptables rules
Understood. More I think about it, I would think using the Force DNS option would appear to negate the need for a DNS 2 entry, if I understand how things operate correctly. Which sort of leads back to maghuro's question made earlier today about being required to enter a value in the DNS 2 field (even if its copying in DNS 1's value to it). If one doesn't need DNS 2 field, is there a reason why it cannot be left blank?
 

Guillermo Gomez

New Around Here
Same here. I'm also on AX88U and my non-guest wifi clients are disconnected and connect again.

it happens to me too

Code:
Jul  6 21:56:03 RT-AX88U-8158 YazFi: Forcing YazFi Guest WiFi clients to reauthenticate
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA ac:bc:32:ac:30:a1 IEEE 802.11: disassociated
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA c8:69:cd:66:42:fa IEEE 802.11: disassociated
Jul  6 21:56:03 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 IEEE 802.11: disassociated
Jul  6 21:56:14 RT-AX88U-8158 networkmap: Error unlocking 7: 9 Bad file descriptor
Jul  6 21:56:14 RT-AX88U-8158 networkmap: Error unlocking 0: 9 Bad file descriptor
Jul  6 21:56:16 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 IEEE 802.11: associated
Jul  6 21:56:16 RT-AX88U-8158 kernel: CFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not set
Jul  6 21:56:17 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 RADIUS: starting accounting session C80F750DE294C689
Jul  6 21:56:17 RT-AX88U-8158 hostapd: eth7: STA 3c:f0:11:3e:73:03 WPA: pairwise key handshake completed (RSN)
Jul  6 21:56:19 RT-AX88U-8158 YazFi: YazFi v4.1.2
[QUOTE="juched, post: 601631, member: 56808"]wl radio seems on the AX88U to take down the entire radio it is on.  Not sure yet if there is a more precise wl command to just disable the guest network.[/QUOTE]
 

Jack Yaz

Part of the Furniture
Same here. I'm also on AX88U and my non-guest wifi clients are disconnected and connect again.
This seems like a bug in wl to me! I'll search around online and see if there's a better way to do what we need
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top