YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Jack Yaz

Part of the Furniture
Hi @Jack Yaz, thank you for your reply

I pasted some here :

Code:
Sep  5 10:26:18 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:26:18 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:26:19 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=387) called with 2 args: -start ppp0
Sep  5 10:26:20 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:26:21 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:26:21 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:26:22 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:26:50 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:27:11 RT-AC88U rc_service: amas_lib 25164:notify_rc restart_firewall
Sep  5 10:27:11 RT-AC88U custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep  5 10:27:37 RT-AC88U nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Sep  5 10:27:37 RT-AC88U custom_script: Running /jffs/scripts/nat-start
Sep  5 10:27:38 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:27:38 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:27:39 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=10561) called with 2 args: -start ppp0
Sep  5 10:27:39 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:27:41 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:27:41 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:27:42 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:28:10 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:29:41 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:29:52 RT-AC88U kernel: br0: received packet on eth1 with own address as source address
Sep  5 10:30:02 RT-AC88U YazFi: Lock file found (age: 21 seconds) - stopping to prevent duplicate runs
Sep  5 10:30:03 RT-AC88U (gen_ytadblock.sh): 17419 Number of yt adblocked domains: 1457
Sep  5 10:30:03 RT-AC88U ddns: Completed custom ddns update
Sep  5 10:30:11 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:30:21 RT-AC88U rc_service: amas_lib 11052:notify_rc restart_firewall
Sep  5 10:30:21 RT-AC88U custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep  5 10:30:22 RT-AC88U nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Sep  5 10:30:22 RT-AC88U custom_script: Running /jffs/scripts/nat-start
Sep  5 10:30:23 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:30:23 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:30:24 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=19048) called with 2 args: -start ppp0
Sep  5 10:30:26 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:30:26 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:30:27 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:31:56 RT-AC88U rc_service: amas_lib 11052:notify_rc restart_firewall
Sep  5 10:31:56 RT-AC88U custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep  5 10:31:58 RT-AC88U nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Sep  5 10:31:58 RT-AC88U custom_script: Running /jffs/scripts/nat-start
Sep  5 10:31:59 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:31:59 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:31:59 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30942) called with 2 args: -start ppp0
Sep  5 10:32:00 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:32:01 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:32:02 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:32:02 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:32:30 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:33:28 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:33:58 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:34:44 RT-AC88U rc_service: amas_lib 3804:notify_rc restart_firewall
Sep  5 10:34:44 RT-AC88U custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep  5 10:34:46 RT-AC88U nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Sep  5 10:34:46 RT-AC88U custom_script: Running /jffs/scripts/nat-start
Sep  5 10:34:47 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:34:47 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:34:48 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=4003) called with 2 args: -start ppp0
Sep  5 10:34:50 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:34:50 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:34:51 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:35:01 RT-AC88U (gen_ytadblock.sh): 5040 Number of yt adblocked domains: 1457
Sep  5 10:36:55 RT-AC88U rc_service: amas_lib 11052:notify_rc restart_firewall
Sep  5 10:36:55 RT-AC88U custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Sep  5 10:36:57 RT-AC88U nat: apply nat rules (/tmp/nat_rules_ppp0_eth0)
Sep  5 10:36:57 RT-AC88U custom_script: Running /jffs/scripts/nat-start
Sep  5 10:36:57 RT-AC88U custom_script: Running /jffs/scripts/firewall-start (args: ppp0)
Sep  5 10:36:57 RT-AC88U custom_script: Running /jffs/scripts/service-event-end (args: restart firewall)
Sep  5 10:36:58 RT-AC88U FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=16461) called with 2 args: -start ppp0
Sep  5 10:36:59 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:37:00 RT-AC88U FlexQoS: Applying iptables static rules
Sep  5 10:37:00 RT-AC88U FlexQoS: Applying iptables custom rules
Sep  5 10:37:01 RT-AC88U FlexQoS: No TC modifications necessary
Sep  5 10:37:29 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:37:57 RT-AC88U YazFi: Firewall restarted - sleeping 30s before running YazFi
Sep  5 10:38:27 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:40:01 RT-AC88U (gen_ytadblock.sh): 22307 Number of yt adblocked domains: 1457
Sep  5 10:40:02 RT-AC88U YazFi:  firewall rules not detected during persistence check, re-applying rules
Sep  5 10:40:02 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:40:03 RT-AC88U ddns: Completed custom ddns update
Sep  5 10:45:00 RT-AC88U (gen_ytadblock.sh): 25894 Number of yt adblocked domains: 1457
Sep  5 10:50:00 RT-AC88U (gen_ytadblock.sh): 28111 Number of yt adblocked domains: 1457
Sep  5 10:50:01 RT-AC88U YazFi:  firewall rules not detected during persistence check, re-applying rules
Sep  5 10:50:01 RT-AC88U YazFi: YazFi v4.1.4 starting up
Sep  5 10:50:03 RT-AC88U ddns: Completed custom ddns update
It's this:
Code:
Sep  5 10:27:11 RT-AC88U rc_service: amas_lib 25164:notify_rc restart_firewall
Do you use AiMesh at all?

When was the last time you did a factory reset?
 

rsur2000

Occasional Visitor
It's this:
Code:
Sep  5 10:27:11 RT-AC88U rc_service: amas_lib 25164:notify_rc restart_firewall
Do you use AiMesh at all?

When was the last time you did a factory reset?
Yes, I use AiMesh, there's one AiMesh node, it's an RT-AC68U, the main router is RT-AC88U

I did a factory reset in May2020
 

pl4tin

Occasional Visitor
Block a user from doing what?
To prevented to access the internet, I explaining, my little kid is very addicted on youtube, and sometimes I need to put it away from internet, and I would like to block him from time to time.
 

L&LD

Part of the Furniture
Put him on a guest network, turn it off when you want. Don't connect to the main networks with his client devices.
 

bennor

Regular Contributor
To prevented to access the internet, I explaining, my little kid is very addicted on youtube, and sometimes I need to put it away from internet, and I would like to block him from time to time.
Why not use the AI Protection Time Scheduling feature? It is found under AI Protection > Parental Controls > Time Scheduling.

Time Scheduling.png

Or see if you can block Youtube via the Web & Apps Filters option under AI Protection.

[AiProtection] How to set Parental Control?
https://www.asus.com/support/FAQ/1008720
 
Last edited:

fcliffiiiteen

New Around Here
subnet to non-router subnet, dns set to router ip. 2.4 and 5ghz have to be separate at the moment
Hello, I'm new to the forum but have been reviewing posts and following guidance since I've installed ASUSWRT-Merlin on my RT-AC86U; also seen some good guidance on the Yazfi installation and customization. My question is regarding configuration of custom guest subnet using Yazfi.

I need my IoT devices (e.g., ring, amazon, rachio) and guest devices to be connected to the 2.4GHz guest wifi on a different subnet. The router's primary subnet is set as 192.168.xx.xx; only 2.4GHz guest wifi is enabled and "Access Intranet" is set as Disabled. Guest Wifi SSID is different from primary 2.4GHz SSID.

The issue I have is that guest/IoT devices are turning up (Systems Log > Wireless Log) with the 192.168.xx.xx IP addresses and not the subnet range setup for those devices in Yazfi

Yazfi setup has the following config
wl01_ENABLED=true
wl01_IPADDR=172.16.xx.xx
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=1.1.1.1
wl01_DNS2=1.0.0.1
wl01_FORCEDNS=false
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=1
wl01_TWOWAYTOGUEST=false
wl01_ONEWAYTOGUEST=false
wl01_CLIENTISOLATION=false

Please let me know what config is setup incorrectly or not setup to achieve my need. Your assistance is greatly appreciated.

FC
 

bennor

Regular Contributor
wl01_IPADDR=172.16.xx.xx
What happens if you keep the guest IP subnet range in the 192.168.x.x range? Do the guest devices show up in the wifi log correctly on the guest network IP address range?

Example, main lan ip range: 192.168.1.x
Guest wl01_IPADDR=192.168.6.x
 

fcliffiiiteen

New Around Here
It's a mixed bag; some show up under 192.168.1.x (main) and others under 192.168.6.x; only pattern i see is ring devices are on guest 192.168.6.x while amazon devices and rachio are on 192.168.1.x (main) but both sets of IoT devices under the same guest SSID

More info: the DHCP leases screen shows all IoT (ring, amazon, rachio) devices are on the guest network and in the right subnet range; is this just an issue with the GUI screen for Wireless Log?
 
Last edited:

bennor

Regular Contributor
.... while amazon devices are on 192.168.1.x (true guest) ....
I've found that Amazon Alexa/Echo devices are a bit troublesome. If the Amazon devices have been previously connected to the main WiFi network and that information was saved to Amazon (saving the WiFi login is a feature somewhere in the Alexa app) then the device would connect (or fall back) to the main WiFi network over the guest network if there is any issue with the guest network. Its a royal pain in the butt, what I found I had to do was deregister the Amazon device, then go in to either the Amazon Alexa app or to the main Amazon website and have it delete saved WiFi log ins, then reregister the Amazon device and connect only to the guest (YazFi) WiFi network. Only then would it work 100% of the time to connect to the YazFi guest network.
 

fcliffiiiteen

New Around Here
Thanks; will check on the Alexa app to forget/reset network; just want to bring this up as well...

More info: the DHCP leases screen shows all IoT (ring, amazon, rachio) devices are on the guest network and in the right subnet range; is this just an issue with the GUI screen for Wireless Log?
 

bennor

Regular Contributor
More info: the DHCP leases screen shows all IoT (ring, amazon, rachio) devices are on the guest network and in the right subnet range; is this just an issue with the GUI screen for Wireless Log?
One can use SSH and run YazFi, where you can check what devices are being assigned under YazFi.

For what ever reason only screen in the Asus-Merlin GUI interface (on my RT-AC68U) that shows the correct YazFi connected clients is the System Log > Wireless Log page. The Asus-Merlin Network Map for what ever reason doesn't show it correctly and pulls the information I think from the NVRAM values rather than from the current actual addresses. If I remember right there has been past disucssion in this thread about the Asus-Merlin Network Map page not properly polling the info for the WiFi clients on the YazFi script.
 

fcliffiiiteen

New Around Here
SSH'd in and ran YazFi - all IoT devices I intended to be on guest n/w under the different subnet are on it; like you said webgui screens may not be polling or updating as necessary; thanks again
 

datan

New Around Here
how do I allow the clients on the guest network to access the router's admin page? I'm basically using YazFi to create different subnets rather than it being a real "guest" network. thanks!

ok I directly edited the iptables to allow tcp connections. is there a better way to do this?
 
Last edited:

Jack Yaz

Part of the Furniture
how do I allow the clients on the guest network to access the router's admin page? I'm basically using YazFi to create different subnets rather than it being a real "guest" network. thanks!

ok I directly edited the iptables to allow tcp connections. is there a better way to do this?
IIRC YazFi blocks all non-essential access by default. You can add your own script which will be run by YazFi after it has done its thing by saving your script with a .sh extension in /jffs/addons/YazFi/userscripts.d
 

ragerys

New Around Here
I've set up Guest network to different subnet. But device that connected to guest network don't show up on NetworkMap-Client list and AdaptiveQOS-Bandwidth monitor menu. Is this intended? how can I make the guest client show up there so then I can monitor their usage properly? Thank you.

Edit: It seems asus hardcoded Networkmap to /24 subnet of the Lan IP address. is there any work around this?
 
Last edited:

bennor

Regular Contributor
Edit: It seems asus hardcoded Networkmap to /24 subnet of the Lan IP address. is there any work around this?
The Network Map not showing the YazFi clients is an issue. There's been a few comments about it earlier in the thread. The solution is to not use the Network Map. Instead use the System Log > Wireless Log. That page shows the correct IP assignments. Or use SSH to access the router and run the YazFi program and view the YazFi guest client assignments that way.

Edit to add: Oh and forgot to add. Another way is to run a batch file (via SSH) that issues the following command:
Code:
cat /var/lib/misc/dnsmasq.leases
I have a shortcut on my desktop to a .bat file that will trigger that command via plink (comes with Putty). Makes it easy to see what IP addresses are at any given moment.
 
Last edited:

ragerys

New Around Here
The Network Map not showing the YazFi clients is an issue. There's been a few comments about it earlier in the thread. The solution is to not use the Network Map. Instead use the System Log > Wireless Log. That page shows the correct IP assignments. Or use SSH to access the router and run the YazFi program and view the YazFi guest client assignments that way.

Edit to add: Oh and forgot to add. Another way is to run a batch file (via SSH) that issues the following command:
Code:
cat /var/lib/misc/dnsmasq.leases
I have a shortcut on my desktop to a .bat file that will trigger that command via plink (comes with Putty). Makes it easy to see what IP addresses are at any given moment.
Thank you. Actually I'm prefer to see the devices show up in the networkmap and traffic analysis, you know, nice gui and easy access. So I've done a little experiment.
From what I understand (which is not much), Asus hardcoded networkmap to /24 of router ip address. Thats why I've tried to make the guest network DHCP range inside this hardcoded /24 subnet.
First thing I've done is setting my Lan subnet to 10.0.0.1/25 (which is covering 10.0.0.0-128). Then I allocate the guest network on the rest of the IP pool, here I set it at 10.0.0.192/27 (10.0.0.192-224). I've managed to do it, the connected devices shows up on the network maps. But the problem is they can't access the internet. Then I don't know what things to configure anymore so I gave up.
Do you have any idea why the guest network can't access the internet?
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top