YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[thelonelycoder]

After the latest update Yazfi is not listed in AMTM as installed anymore

I've pushed an amtm update to fix this, no version change.
Use u to update

 

[Jack Yaz]

I've pushed an amtm update to fix this, no version change.
Use u to update

Thanks. I jumped the gun with my update to be compliant!

 

[daedex]

So I got everything running beautifully, but it looks like neither the guest network, nor yazfi is replicating to the AiMesh node that I have. Do you guys know a way to make it replicate to the node?

 

[L&LD]

@daedex, it won't. Asus will have to enable that functionality in a future update.

 

[marelit]

Hi Jack,
I just updated YazFi today through amtm and saw that YazFi would not perform various actions, because of a lock file which was still present. I manually deleted said file in /tmp and thought the issue would be resolved. But again I got a red message which told me there was a lock file in place and in order to prevent duplicate runs the program would abort.
Then I had a look at the code on Github and saw that compared to the last version from 2 days ago you only had removed a call of the Clear_Lock function today (https://github.com/jackyaz/YazFi/commit/b20b005a8a19c2113ed433af32925ba30e061b5d).
I reverted back to the old version and everything is back to normal.
Would be great if you could have a look into this.
Thanks

 

[Jack Yaz]

Hi Jack,
I just updated YazFi today through amtm and saw that YazFi would not perform various actions, because of a lock file which was still present. I manually deleted said file in /tmp and thought the issue would be resolved. But again I got a red message which told me there was a lock file in place and in order to prevent duplicate runs the program would abort.
Then I had a look at the code on Github and saw that compared to the last version from 2 days ago you only had removed a call of the Clear_Lock function today (https://github.com/jackyaz/YazFi/commit/b20b005a8a19c2113ed433af32925ba30e061b5d).
I reverted back to the old version and everything is back to normal.
Would be great if you could have a look into this.
Thanks

Can you post the full error? The lock files should get removed after any actions. If a background task is running, then there will be a lock file. If it doesn't get removed for some reason, it will get purged as stale after 120s on subsequent action.

 

[Chris_J]

I was just about to post asking whether anyone else is experiencing the lock file error. Exactly the same issue here. Script says that the lock file has been purged, then when trying to edit the config, it starts all over again.

Jan 26 18:58:00 YazFi: Stale lock file found (>120 seconds old) - purging lock
Jan 26 18:58:09 YazFi: Stale lock file found (>120 seconds old) - purging lock
Jan 26 18:58:10 YazFi: Lock file found (age: 1 seconds) - stopping to prevent duplicate runs

 

[marelit]

So to reproduce the issue again I launched YazFi from amtm, hit u, the MD5 hash was different, so it said it would update. Then I think the script crashes since I see the amtm screen again. Now if I press 4 to go back into YazFi and then press 1 to apply YazFi settings, this pops up:

YazFi: Lock file found (age: 22 seconds) - stopping to prevent duplicate runs

The same happens when I try updating again, but showing connected clients on the other hand works fine.
If I exit YazFi with e and then go back into it with 4 I get the same message for a split second before the main menu appears.

 

[Jack Yaz]

So to reproduce the issue again I launched YazFi from amtm, hit u, the MD5 hash was different, so it said it would update. Then I think the script crashes since I see the amtm screen again. Now if I press 4 to go back into YazFi and then press 1 to apply YazFi settings, this pops up:

YazFi: Lock file found (age: 22 seconds) - stopping to prevent duplicate runs

The same happens when I try updating again, but showing connected clients on the other hand works fine.
If I exit YazFi with e and then go back into it with 4 I get the same message for a split second before the main menu appears.

In this case, updating restarts the firewall. YazFi places a lock file, and then waits 60 seconds for firewall setup to finish. It will then configure things and clear the lock. Long story short, wait 1-2mins after an update. IF you're seeing a lock file warning after 2mins, please check your syslog/post here

 

[Jack Yaz]

All with a lock file issue, please try updating using u (no version change)

You'll need to open YazFi, then either wait 2 minutes, or open a separate SSH session and run

rm /tmp/YazFi.lock

then use option u

Sorry for the inconvenience

 

[marelit]

In this case, updating restarts the firewall. YazFi places a lock file, and then waits 60 seconds for firewall setup to finish. It will then configure things and clear the lock. Long story short, wait 1-2mins after an update. IF you're seeing a lock file warning after 2mins, please check your syslog/post here

But even after I start YazFi freshly a lock file gets generated.

EDIT: 30 seconds to late

 

[Chris_J]

Manually removing the lock file in a separate session worked for me.

 

[daedex]

just to kind of document issues I have had in the hopes that it might help someone else, I kept having an issue where the guest wifi wouldnt stick to the new subnet where connecting to it would have the default 192.168.1.0 subnet on the network versus the one that was set in yazfi (192.168.3.0). This was done with an ax88u.

it ended up being an issue where

nvram get wl0.1_ap_isolate

wasnt sticking to 1 and it kept restarting the firewall in a continuous loop. I ended up having to do an nvram erase by holding the reset button while the router was on (moving forward ill call it the hard reset). For whatever reason wps + power on didnt fully do the nvram reset. Also, oddly enough

nvram erase

command didnt do squat either.

so:
wps button + power 30 seconds > after reboot, hard reset 30 seconds > format jffs partition > reboot x2 > hard reset > restore/initialize > setup/yazfi/etc and it finally worked.

Between each reset/reboot/ or any setting i changed, i waited a good 5-10 mins.

now it works great.

I am going to be working with my other ax88u node to test and see if the wps + power approach actually works to reset the nvram, because previously it didnt. Though, that could have been due to user error at that point because I was tired. currently I do not have my other ax88u set up in aimesh node yet since i have this working atm.


so just try multiple different ways to reset the nvram if you are having issues with settings not sticking, or if your guest wifi doesnt stick to the subnet you set in settings.

 

[Jack Yaz]

v3.3.0 is now available
Changelog:

Rename LANACCESS to TWOWAYTOGUEST
Added ONEWAYTOGUEST
Explicitly block WAN interface in firewall when redirecting to VPN

The new setting is documented here: https://github.com/jackyaz/YazFi#wl01_onewaytoguest
It will be automatically added to your conf file during YazFi's startup following the update (roughly 60s). Config file is copied and backed up in case setting insertion goes awry

 

[Chris_J]

Useful new feature, setting it up now. Cheers, Jack.

 

[nihon]

You are unbelievable responsive!
I reached out to Jack one week ago asking if this feature could possibly be added.

Thanks! Awesome!

Skickat från min SM-G973F via Tapatalk

 

[wuyanxu]

Is there any way to open up a single device (using its fixed IP) from LAN to a specific guest network?

eg. additional option: EXPOSETOGUEST: 192.168.1.8


Use-case:
I have all IoT devices on isolated a separate subnet using this wonderful plugin. But I would like to have my wired IoT hub (home assistant) talk to devices on the IoT network, while at the same time the hub is accessible on my home LAN.
The new ONEWAYTOGUEST option works great for controlling plugs and switches. But MQTT clients on guest network still cannot connect to the hub, because MQTT client initialise their connection to the broker.

Another use-case:
Expose chromecast and smart speakers, so guests can play media from guest network without access to file server and other home computers.

 

[nihon]

Is there any way to open up a single device (using its fixed IP) from LAN to a specific guest network?

eg. additional option: EXPOSETOGUEST: 192.168.1.8


Use-case:
I have all IoT devices on isolated a separate subnet using this wonderful plugin. But I would like to have my wired IoT hub (home assistant) talk to devices on the IoT network, while at the same time the hub is accessible on my home LAN.
The new ONEWAYTOGUEST option works great for controlling plugs and switches. But MQTT clients on guest network still cannot connect to the hub, because MQTT client initialise their connection to the broker.

Another use-case:
Expose chromecast and smart speakers, so guests can play media from guest network without access to file server and other home computers.

Like your request in general.

I have a sonoff bridge, that does mqtt to hassio for sending / receiving 433Mhz and convert it to mqtt. But since I flashed it with tasmota and portrisch fw I dont need the sonoff app / internet service. The bridge acts locally and I can just put it in my intranet and disable internet access to it.

Could you not just disable internet access for the mqtt devices and place them in the intranet? Possibly flash with a fw that allows you to control them locally to the hub only if they now have internet based fratures as well.

I have some cameras I do not trust. Those I have in the isolated guest network but my hub will now be able to access them thanks to the new feature, but my intranet will be safe since the cameras cannot access the LAN.

Regarding chromecast, don't they have guest access AP support built in (believe I read that somewhere but you need to enable it)

Skickat från min SM-G973F via Tapatalk

 

[wuyanxu]

Could you not just disable internet access for the mqtt devices and place them in the intranet? Possibly flash with a fw that allows you to control them locally to the hub only if they now have internet based fratures as well.

I have some cameras I do not trust. Those I have in the isolated guest network but my hub will now be able to access them thanks to the new feature, but my intranet will be safe since the cameras cannot access the LAN.

Regarding chromecast, don't they have guest access AP support built in (believe I read that somewhere but you need to enable it)

Skickat från min SM-G973F via Tapatalk

It's actually the camera that I'd like to use MQTT. Camera detects motion, it sends MQTT topic, which Home Assistant will then record the RSTP feed. Camera feed now works with YazFi thanks to the excellent new ONEWAYTOGUEST. But not MQTT.
I still want to use the camera cloud features because the free tier is still very useful, only downside is don't have any off-camera storage.

I didn't know about the Chromecast guest feature. Thanks for pointing that out!
But as far as I can see, nVidia Shield TV (or any Android TV) can't do guest mode unfortunately. One more (the other being can't be part of speaker group) reason I need to buy a Chromecast puck.

 

[Jack Yaz]

It's actually the camera that I'd like to use MQTT. Camera detects motion, it sends MQTT topic, which Home Assistant will then record the RSTP feed. Camera feed now works with YazFi thanks to the excellent new ONEWAYTOGUEST. But not MQTT.
I still want to use the camera cloud features because the free tier is still very useful, only downside is don't have any off-camera storage.

I didn't know about the Chromecast guest feature. Thanks for pointing that out!
But as far as I can see, nVidia Shield TV (or any Android TV) can't do guest mode unfortunately. One more (the other being can't be part of speaker group) reason I need to buy a Chromecast puck.

So in this setup, is the camera required to contact mqtt on the lan?