YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[wuyanxu]

So in this setup, is the camera required to contact mqtt on the lan?

Yes. The MQTT client (camera) initalises connection to MQTT broker. The broker is inside home LAN, camera is on YazFi isolated network with internet access.
(that's my understanding why this isn't working with ONEWAYTOGUEST)

 

[Jack Yaz]

Yes. The MQTT client (camera) initalises connection to MQTT broker. The broker is inside home LAN, camera is on YazFi isolated network with internet access.
(that's my understanding why this isn't working with ONEWAYTOGUEST)

I'll see what I can do. I'll see if i can implement it as a host/port to allow a guest network to connect to

 

[daedex]

Question- should STP be enabled if we are utilizing this feature on our network? I am attempting to understand whether this could possibly lead to a loopback. I dont have any other switches aside from an AIMesh Node.

 

[Grohmans]

Hi Gents,
Just set up this tool on my Asus-68 with 2 guest network. 2.4 (192.168.2.0) and 5 G (10.10.10.0) and both were running fine. I have one Chromecast connected to this 2.4 successfully. My phone and PC are on the LAN (192.168.0.0). However, I am not able to see this Chromecase either from my phone or PC. I thought by using this wl01_ONEWAYTOGUEST=true would help, but it did not. I also played around and set this wl01_TWOWAYTOGUEST=true but it did not work either. What can I do to make this work? Thanks very much.
Below is the settings on 2.4

wl01_ENABLED=true
wl01_IPADDR=192.168.2.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=192.168.2.1
wl01_DNS2=192.168.2.1
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=2
wl01_TWOWAYTOGUEST=false
wl01_ONEWAYTOGUEST=true
wl01_CLIENTISOLATION=true

 

[Jack Yaz]

Hi Gents,
Just set up this tool on my Asus-68 with 2 guest network. 2.4 (192.168.2.0) and 5 G (10.10.10.0) and both were running fine. I have one Chromecast connected to this 2.4 successfully. My phone and PC are on the LAN (192.168.0.0). However, I am not able to see this Chromecase either from my phone or PC. I thought by using this wl01_ONEWAYTOGUEST=true would help, but it did not. I also played around and set this wl01_TWOWAYTOGUEST=true but it did not work either. What can I do to make this work? Thanks very much.
Below is the settings on 2.4

wl01_ENABLED=true
wl01_IPADDR=192.168.2.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=192.168.2.1
wl01_DNS2=192.168.2.1
wl01_FORCEDNS=true
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=2
wl01_TWOWAYTOGUEST=false
wl01_ONEWAYTOGUEST=true
wl01_CLIENTISOLATION=true

TWOWAY should work. Can you re-enable it, run option 1 again? If still not working, use option d and PM me the diagnostics and passphrase please.

 

[Grohmans]

TWOWAY should work. Can you re-enable it, run option 1 again? If still not working, use option d and PM me the diagnostics and passphrase please.

Thanks Jack, Just tried it and no luck. I have the diagnostics and passphrase ready but I could not find the way to PM you.

 

[bennor]

wl01_CLIENTISOLATION=true

Try setting wl01_CLIENTISOLATION=false as a troubleshooting step.

 

[Grohmans]

Try setting wl01_CLIENTISOLATION=false as a troubleshooting step.

Already tried that and it did not work. Currently working with Jack on this and waiting to see if he has more options. Thanks

 

[jtbrown]

dnsmasq starts before the ebtable and iptable rules are loaded, so kicking them is done at the earliest opportunity (roughly 60s after firewall is started to allow it to finish setting up)

there was an implementation to fudge with blocking dhcp until yazfi started, but that would stop any devices (not just yazfi) contacting for dhcp

Hi, been reading through this thread for awhile to troubleshoot some issues I'm having with my YazFi guest network and several cameras I have around the house (connected via WiFi).

It seems that any time the router reboots the cameras are assigned an IP on the primary subnet (192.1.68.1.x) before the guest network is started. If I look in System Tools > DHCP Leases I can see that they have been assigned an IP with duration 24 hours. At this point the cameras cannot connect to the internet. If I reboot the cameras they'll take an IP on the new subnet (192.168.2.x) and everything will be fine.

In my troubleshooting I've done the following:
1. Assigned cameras a static IP per bennor's post, #944 in this thread

2. Changed the DHCP Lease time from 86400 seconds to 120 seconds, rebooted the router, waited for the cameras to have their incorrect DHCP lease expire (at which point they move from the 1.x subnet to the 2.x subnet and work properly), then change the DHCP lease time back to 86400 seconds.

I saw Jack's post (that I'm replying to) and am curious how to implement this? My network reboots at 0300 on Sunday mornings, so I'm okay with blocking all DHCP until everything is settled. I'm not sure if there are other ramifications of this method, so I can be easily talked out of it.

My other thought was to implement a script to automate the process I did in troubleshooting step 2. I don't know if it is possible to set the DHCP lease time on router reboot, then reset it back to the proper time once everything is settled. Any thoughts?

Thanks!

 

[Jack Yaz]

Hi, been reading through this thread for awhile to troubleshoot some issues I'm having with my YazFi guest network and several cameras I have around the house (connected via WiFi).

It seems that any time the router reboots the cameras are assigned an IP on the primary subnet (192.1.68.1.x) before the guest network is started. If I look in System Tools > DHCP Leases I can see that they have been assigned an IP with duration 24 hours. At this point the cameras cannot connect to the internet. If I reboot the cameras they'll take an IP on the new subnet (192.168.2.x) and everything will be fine.

In my troubleshooting I've done the following:
1. Assigned cameras a static IP per bennor's post, #944 in this thread

2. Changed the DHCP Lease time from 86400 seconds to 120 seconds, rebooted the router, waited for the cameras to have their incorrect DHCP lease expire (at which point they move from the 1.x subnet to the 2.x subnet and work properly), then change the DHCP lease time back to 86400 seconds.

I saw Jack's post (that I'm replying to) and am curious how to implement this? My network reboots at 0300 on Sunday mornings, so I'm okay with blocking all DHCP until everything is settled. I'm not sure if there are other ramifications of this method, so I can be easily talked out of it.

My other thought was to implement a script to automate the process I did in troubleshooting step 2. I don't know if it is possible to set the DHCP lease time on router reboot, then reset it back to the proper time once everything is settled. Any thoughts?

Thanks!

YazFi tells the wireless driver to deauth all connections, which should make the cameras reconnect and get a new ip. If you ping the cameras while YazFi is running, do you see it drop?

 

[jtbrown]

If I ping one of the cameras while they are properly addressed (i.e. on the 2.x subnet, and are connected to the internet), then run "1" I see them momentarily drop out.

If I reboot my router and get into the scenario where they have a 24hr DHCP lease on the wrong subnet (1.x) ping fails on both the 'assigned' IP (1.x) as well as the static one I set on 2.x subnet. If I go through troubleshooting process 2, I get back to a good state and can once again ping on the 2.x subnet address.

 

[Ola Malmstrom]

YazFi and Smartconnect??

I have a RT-AC3200. After some tweaking, I got Smartconnect to work the way I want it to. I have the same SSID and pw for all three SSIDs. The roaming works very well, both within the 3200 and when roaming to any of my 3 other APs.

The guest networks also work well (other SSID, other pw). I only use them on the 3200.

I got very pleased when I found out that I could now assign separate IP ranges to the guest networks through Yazfi.

It doesn't seem to work with Smartconnect. The config file was updated, the installation and startup seemed OK. There are 3 different guest subnets but only one SSID and one pw.

However when I search for attached clients in YazFi, the MAC addresses comes up but without the correct IP address. When checked on the WRT GUI, a new IP address from the original range has been assigned (.37 instead of .88). I left it overnight with no change.

Is it possible to use Yazfi and Smartconnect together in some way? I could for instance use only one frequency for the guest network. Is there any other way?

 

[zshell98]

Already tried that and it did not work. Currently working with Jack on this and waiting to see if he has more options. Thanks

HI, are you able to work it out? I have the same issue and looking for a solution.

 

[dapendragon]

Hi, I'm trying to do something similar to many others here I suspect:

I'd like to create an IoT network consisting of both wired and wifi connected devices. I'd like it to be isolated from my main network (that also consists of wired and wifi connected devices), BUT to be able to control devices like Apple TV and Chromecast I need one-way connectivity from the main network to the IoT network. I don't need separate VLANs - as long as the restrictions are enforced somehow, I'm happy.

Is this possible to configure with YazFi?

I have a AC-68U if it matters.

Thanks for any help or input!

 

[Grohmans]

HI, are you able to work it out? I have the same issue and looking for a solution.

No, did not have any progress yet; waiting to see if Jack has any suggestion. Thanks

 

[wuyanxu]

I'd like to create an IoT network consisting of both wired and wifi connected devices. I'd like it to be isolated from my main network (that also consists of wired and wifi connected devices), BUT to be able to control devices like Apple TV and Chromecast I need one-way connectivity from the main network to the IoT network. I don't need separate VLANs - as long as the restrictions are enforced somehow, I'm happy.

Is this possible to configure with YazFi?

Get all IoT devices onto wireless network then yes, it is possible. (not tried with Chromecast/Apple TV though)

YazFi started as guest wifi network enhancement. It only does its magic on the guest wifi networks provided by Asuswrt.

 

[dapendragon]

Get all IoT devices onto wireless network then yes, it is possible. (not tried with Chromecast/Apple TV though)

YazFi started as guest wifi network enhancement. It only does its magic on the guest wifi networks provided by Asuswrt.

Thanks, so no way to keep some IoT devices on wired connections then. Was hoping to achieve that to e.g. get better bandwidth for streaming video and such.

 

[JJay03]

Glad I found this! I was having issues with the most recent version of ASUS firmware on my rt-ac3100 and dhcp. I setup a local dhcp server but then my guest network was not getting an ip address. I used Merlin firmware and Yazfi for a guest scope and now all seems to be good.

I did not mess around with REDIRECTALLTOVPN. How does that work?
I am pretty savvy with networking but I do no know much about linux so trying to figure out some of these scripts was a pita! Thanks

 

[Jack Yaz]

v4.0.0 is now available
Changelog:

WebUI page to configure YazFi (requires Merlin 384.15)
Improvements to example/starting config file
Blanks are no longer permitted in the config file

You will need to run option u a second time after updating to download the new WebUI page. Config file will be backed up each run before being modified, so if something goes wrong when you first launch YazFi, please refer to the config.bak file in YazFi's directory in /jffs/addons to recover your settings

 

[Chris_J]

Nice surprise, Jack. Works great, thanks!