YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

AntonK

Senior Member
Hi,

What is best practice with the DNS fields in YazFi for guest networks. I'm not using the VPN feature. Do I need to put anything in the DNS Server fields? Attached are my current YazFi settings, and my WAN DNS settings.

Thanks,
Anton
YazFi Settings.jpgWan DNS Settings.jpg
 

bennor

Regular Contributor
Do I need to put anything in the DNS Server fields?
Yes you will typically need to fill in the DNS fields with what ever DNS servers you plan on using depending on the ASUS router's options. That could be the DNS servers used by your broadband provider. That could be public DNS servers like those listed in the following link: https://www.lifewire.com/free-and-public-dns-servers-2626062 Or if one is using their own DNS servers (like Pi-Hole or similar) one would input the IP addresses in the required fields. In some cases, depending on the ASUS router settings, the router may configured for passing DNS requests to the next upstream device rather than use user input DNS server values.

Currently (at least on my ASUS router) one has to fill out both DNS fields for YazFi. One can duplicate one DNS server to both YazFi fields or use two different DNS servers.

You generally need DNS entries as that is how network clients resolve web addresses. For YazFi (in my usage) the script will fail to validate if a DNS server isn't used.
 

AntonK

Senior Member
Yes you will typically need to fill in the DNS fields with what ever DNS servers you plan on using depending on the ASUS router's options. That could be the DNS servers used by your broadband provider. That could be public DNS servers like those listed in the following link: https://www.lifewire.com/free-and-public-dns-servers-2626062 Or if one is using their own DNS servers (like Pi-Hole or similar) one would input the IP addresses in the required fields. In some cases, depending on the ASUS router settings, the router may configured for passing DNS requests to the next upstream device rather than use user input DNS server values.

Currently (at least on my ASUS router) one has to fill out both DNS fields for YazFi. One can duplicate one DNS server to both YazFi fields or use two different DNS servers.

You generally need DNS entries as that is how network clients resolve web addresses. For YazFi (in my usage) the script will fail to validate if a DNS server isn't used.
Thanks!
 

box4m

Occasional Visitor
Hello all,

All i would like to use this excellent script for is to have devices on seperate subnets, like many of you im guessing.
I have a setup that i want to keep using with x3mrouting and the router setup as a vpn client for some devices etc.

My question is, can i just install this and it wont interfear with things like x3mrouting or routingtables etc? Like i said all i want is more subnets.

Thank you!

edit: an example of what i dont want changed/messed up (or i probably am not savvy enough to fix it), im using x3mrouting to direct traffic to amazon/netflix to WAN instead of using the VPN so "VPN-blocks" dont happend.
Looking quickly through a setting called "Redirect all to VPN" in YazFi, im thinking this might interfear with eachother?

edit #2: is it possible to block internet access from just one client in a specific guest wlan with this?
 
Last edited:

Jack Yaz

Part of the Furniture
Hello all,

All i would like to use this excellent script for is to have devices on seperate subnets, like many of you im guessing.
I have a setup that i want to keep using with x3mrouting and the router setup as a vpn client for some devices etc.

My question is, can i just install this and it wont interfear with things like x3mrouting or routingtables etc? Like i said all i want is more subnets.

Thank you!

edit: an example of what i dont want changed/messed up (or i probably am not savvy enough to fix it), im using x3mrouting to direct traffic to amazon/netflix to WAN instead of using the VPN so "VPN-blocks" dont happend.
Looking quickly through a setting called "Redirect all to VPN" in YazFi, im thinking this might interfear with eachother?

edit #2: is it possible to block internet access from just one client in a specific guest wlan with this?
if you leave redirect to VPN off, x3mrouting should still work.
 

Jack Yaz

Part of the Furniture
Ok, but then all traffic that isnt amazon/netflix will also go to WAN
ah right. in that case, turn on redirect to VPN. you may need to ensure x3mrouting entries in the policy routing table are higher than YazFi's entry (I'm not sure, its been a while since I worked with the routing priorities)
 

szimat

Occasional Visitor
I have switched to Pihole, running Merling on AC66U_B1.
I use cloudflared on Pihole as upstream DNS to get DoH. In Asus LAN DNS I have set the DNS server to the Pihole address.
And I have DNS Filtering enabled for Pihole (set to No Filtering) -> this is the only way to have Pihole working. And everything is working perfectly fine. Except Guest Wifi.
I don't have internet access on Guest wifi for some reason. Installed YazFi, tried to configure, but doesn't work.
I have listen on all interfaces set in Pihole DNS config.
Any ideas how can I make this work? I really need Guest wifi. Thanks!

EDIT: I managed to fix this by setting Wifi Guest DNS to Cloudflare and not Pihole. Now it is working fine. Strange, why can't I set it to use Pihole as DNS?
 
Last edited:

Jack Yaz

Part of the Furniture
I have switched to Pihole, running Merling on AC66U_B1.
I use cloudflared on Pihole as upstream DNS to get DoH. In Asus LAN DNS I have set the DNS server to the Pihole address.
And I have DNS Filtering enabled for Pihole (set to No Filtering) -> this is the only way to have Pihole working. And everything is working perfectly fine. Except Guest Wifi.
I don't have internet access on Guest wifi for some reason. Installed YazFi, tried to configure, but doesn't work.

I have listen on all interfaces set in Pihole DNS config.

Any ideas how can I make this work? I really need Guest wifi. Thanks!
Please share your settings for YazFi
 

bennor

Regular Contributor
This is the settings now. Can I try to use Pihole DNS (192.168.1.10) instead of CF?
If you have more than one Pi-Hole running don't use Force DNS. When that option is enabled if DNS 1 goes down, devices may not be able to gain internet access even though you are using a second DNS entry in the settings. See the reply to a post I made about that very issue a couple of weeks ago.

If you have only one Pi-Hole, then duplicate its IP to the DNS 2 field, you can leave Force DNS enabled i that instance.

And there is no need for enabling One Way to Guest unless you need it. Pi-Hole will work fine without that feature enabled.
 

Quietsy

New Around Here
I had a strange issue last night, at around 02:10:00 the wan and wifi stopped working, the router was still working fine without wan and wifi until I restarted it and everything went back to normal.
It might not be related to YazFi but that's the last major change I did to my router, any idea what could have caused this or how could I gather more information?
https://pastebin.com/MH4vJdmK
 

L&LD

Part of the Furniture
@Quietsy, what router are you talking about? What firmware? When did you add/update YazFi on your router? From which version?

Did you try seeing what's in the logs?

 

Jack Yaz

Part of the Furniture
I had a strange issue last night, at around 02:10:00 the wan and wifi stopped working, the router was still working fine without wan and wifi until I restarted it and everything went back to normal.
It might not be related to YazFi but that's the last major change I did to my router, any idea what could have caused this or how could I gather more information?
https://pastebin.com/MH4vJdmK
NTP tried to update and failed
Code:
Aug  3 02:09:58 ntp: start NTP update 
Aug  3 02:11:03 connmon: Waiting for NTP to sync...
Aug  3 02:12:03 ntp: NTP update failed after 5 attempts
Aug  3 02:14:33 ntp: NTP update failed after 5 attempts
 

Quietsy

New Around Here
I have an N66u running john's LTS 374.43_43E6j9527, installed YafZi a couple of weeks ago.
I wonder if the NTP update failure caused the problem, or did the problem cause the NTP update to fail.
I've changed the NTP server to cloudflare and see if the problem occurs again.

Thanks for the help!
 

maghuro

Senior Member
Latest beta 1.
My vpn client restarted for some reason, maybe mismatching keys. Not a problem.
Yazfi sent a log message detecting it and that it'll start after 15 seconds. Yazfi didn't start.
I have to manually (re)start it as soon as I noticed.

No logs on that just the YazFi info that it'll restart...
 

Jack Yaz

Part of the Furniture
Latest beta 1.
My vpn client restarted for some reason, maybe mismatching keys. Not a problem.
Yazfi sent a log message detecting it and that it'll start after 15 seconds. Yazfi didn't start.
I have to manually (re)start it as soon as I noticed.

No logs on that just the YazFi info that it'll restart...
is it reproducable?
 

maghuro

Senior Member
is it reproducable?
I'm trying (forcing an ip update on my LTE modem, so the vpn client in router goes down).
Vpn client restarts, yazfi issues the 15 seconds sleep message, but then it starts working normally....
Something odd happened I'll keep you updated once or if it happens again
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top