What's new

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Not in the current implementation. (it's on my list to consider, would require setting up bridges rather than individual interfaces. Not difficult, but then need to update eapd to let us authenticate
ok, i am very happy with the script as it is :)
client 2 screen added. Thanks for making this script, it has helped me a lot!
 

Attachments

  • VPN2.png
    VPN2.png
    110.7 KB · Views: 702
ok, i am very happy with the script as it is :)
client 2 screen added. Thanks for making this script, it has helped me a lot!
Ah...that's not right. Can you remove all rules for client 2 and then re-run YazFi please?

(and post updated screenshot after)
 
Ah...that's not right. Can you remove all rules for client 2 and then re-run YazFi please?

(and post updated screenshot after)

Updated screenshot att.
(client 1 rules still resets with script)
I have NOT changed the config file yet.
It does not seem to like my wl1.1 config very much :)
 

Attachments

  • client2 after reset.PNG
    client2 after reset.PNG
    179.5 KB · Views: 369
Updated screenshot att.
(client 1 rules still resets with script)
I have NOT changed the config file yet.
It does not seem to like my wl1.1 config very much :)
OK, that's progress, I think.

Can you send me the outputs of:

Code:
nvram get vpn_client2_clientlist
nvram get vpn_client2_clientlist1
nvram get vpn_client2_clientlist2
nvram get vpn_client2_clientlist3
nvram get vpn_client2_clientlist4
nvram get vpn_client2_clientlist5
 
Updated screenshot att.
(client 1 rules still resets with script)
I have NOT changed the config file yet.
It does not seem to like my wl1.1 config very much :)
Would you be willing to do a screenshare via Teamviewer so we can try to get to the bottom of this?
 
This was my set up (see attached) my policy rule #1 (set > WAN) always over rode your addition #2 (YazFi config > VPN)

Previously if I removed #1 I was unable to force my traffic back over your rule #2 until such time as I restarted YazFi.

Can you copy the line from firewall-start to openvpn-event and see if you can recreate your issue please?

Seems to solve the issue, though it takes a few seconds, nothing major. Its just YazFi normal start up time.

Personally I think I would still like the option to manually change edit /tweak the entries. The only reason I am stuck on this is that its so easy to divert traffic through the GUI, aka if I asked the mrs to do it while traveling. Rather than have her mess with a config file.

I am on the fence I could see huge benefits each way. Eh it want be the first time I have had to change my workflow. :p Do what you think is best.

Again just thinking out loud...
 

Attachments

  • Screen Shot 2018-06-03 at 15.57.13.png
    Screen Shot 2018-06-03 at 15.57.13.png
    60.2 KB · Views: 257
Last edited:
This was my set up (see attached) my policy rule #1 (set > WAN) always over rode your addition #2 (YazFi config > VPN)

Previously if I removed #1 I was unable to force my traffic back over your rule #2 until such time as I restarted YazFi.



Seems to solve the issue, though it takes a few seconds, nothing major. Its just YazFi normal start up time.

Personally I think I would still like the option to manually change edit /tweak the entries. The only reason I am stuck on this is that its so easy to divert traffic through the GUI, aka if I asked the mrs to do it while traveling. Rather than have her mess with a config file.

I am on the fence I could see huge benefits each way. Eh it want be the first time I have had to change my workflow. :p Do what you think is best.

Again just thinking out loud...
Now wouldn't you believe @.TT. issue was caused by the very function determining the name...how's that for coincidence!
 
This was my set up (see attached) my policy rule #1 (set > WAN) always over rode your addition #2 (YazFi config > VPN)

Previously if I removed #1 I was unable to force my traffic back over your rule #2 until such time as I restarted YazFi.

Seems to solve the issue, though it takes a few seconds, nothing major. Its just YazFi normal start up time.

Personally I think I would still like the option to manually change edit /tweak the entries. The only reason I am stuck on this is that its so easy to divert traffic through the GUI, aka if I asked the mrs to do it while traveling. Rather than have her mess with a config file.

I am on the fence I could see huge benefits each way. Eh it want be the first time I have had to change my workflow. :p Do what you think is best.

Again just thinking out loud...

So I wonder if it's prudent for me to add in openvpn-event support, for networks where "redirect" is true, to pick up on the missing routes. I run it internally without issue.

Question for all!: Do you currently use an openvpn-event script?

I could implement an "alias" setting, but im conscious of the number of settings already.

That's ignoring the "lan access", that I can't decide on the best approach. I'm leaning towards a "LAN access" file for each guest network, where users can specify IP, IP/CIDR, along with port support. I don't think it's feasible to bundle into the same config file without making it unwieldy.
 
Here is another for you.

Scenario
1. 2.4 radio disabled in GUI, & YazFi config file setup as enabled.
2. 5G radio enabled in GUI, & YazFi config file setup as enabled

Starting YazFi.

You are presented with this (as expected)

Code:
YazFi: YazFi v2.2.2 starting up

YazFi: wl0.1 - Interface not enabled/configured in Web GUI (Guest Network menu)

YazFi: wl0.1 failed validation

YazFi: wl2.1 passed validation

After the above I am dumped out at my prompt with no indication if YazFi started or stopped etc.

Just a piece you may wish to tweak for more user feedback, in a future version. Its really self explanatory, IMHO one test failed, one passed, go back and look.. Could be useful to say misconfiguration, check your settings, YazFi startup aborted etc.
 
Here is another for you.

Scenario
1. 2.4 radio disabled in GUI, & YazFi config file setup as enabled.
2. 5G radio enabled in GUI, & YazFi config file setup as enabled

Starting YazFi.

You are presented with this (as expected)

Code:
YazFi: YazFi v2.2.2 starting up

YazFi: wl0.1 - Interface not enabled/configured in Web GUI (Guest Network menu)

YazFi: wl0.1 failed validation

YazFi: wl2.1 passed validation

After the above I am dumped out at my prompt with no indication if YazFi started or stopped etc.

Just a piece you may wish to tweak for more user feedback, in a future version.
I am certainly receptive to feedback about the user experience, it's one of my weakest skills!
 
Sorry was editing my post when you replied.

It could be useful to say "misconfiguration, check your settings, YazFi startup aborted" I don't know something along those lines. I am just trying to throw some spitballs.

I on the other hand have a fault with trying to give to much information, when its likely right in front of me to begin with. Ill err to your judgment.
 
Sorry was editing my post when you replied.

It could be useful to say "misconfiguration, check your settings, YazFi startup aborted" I don't know something along those lines. I am just trying to throw some spitballs.

I on the other hand have a fault with trying to give to much information, when its likely right in front of me to begin with. Ill err to your judgment.
No you're right a summary output/failure message would be useful. When you work on the script as I do, I fall into the trap of expecting an output, so when the script does or doesnt do something, then I think nothing more of it :( (which isnt helpful for users!)
 
Because the whole subnet 111.123.222.0/24 has a route to go via 111.123.222.240 (this is the ip on my wan interface without VPN).

I guess I want to change the ovpnc1 ruleset, so not only the source (192.168.3.0/24) is checked, but also the destination. Unfortunately I don't know how to add/modify this rule set.
Okay, found the solution myself. Didn't quite understand it before. ovpnc1 is the routing table, thus adding two entries:
Code:
ip route add 111.123.222.100 via 111.123.222.240 table ovpnc1
ip route add 111.123.222.101 via 111.123.222.240 table ovpnc1

and it's done.
 
Hi
I’m using the HGG firmware with my AC68U. I’m trying to install the script.
I’m configure only the first WiFi guest, the setting are this:
wl01_ENABLED=true
wl01_IPADDR=192.168.12.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=1.1.1.1
wl01_DNS2=1.0.0.1
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=
Start the script without problem, and if I execute the command YazFi status, I can see the MAC address of the connected device.
Everythink seem ok, but the device have always the ip of my lan and not of the subnet inserted in wl01_IPADDR.
If I do the command nvram show .... I don’t found my config.
Can you help me with the problem ?
Thanks
 
Hi
I’m using the HGG firmware with my AC68U. I’m trying to install the script.
I’m configure only the first WiFi guest, the setting are this:
wl01_ENABLED=true
wl01_IPADDR=192.168.12.0
wl01_DHCPSTART=2
wl01_DHCPEND=254
wl01_DNS1=1.1.1.1
wl01_DNS2=1.0.0.1
wl01_REDIRECTALLTOVPN=false
wl01_VPNCLIENTNUMBER=
Start the script without problem, and if I execute the command YazFi status, I can see the MAC address of the connected device.
Everythink seem ok, but the device have always the ip of my lan and not of the subnet inserted in wl01_IPADDR.
If I do the command nvram show .... I don’t found my config.
Can you help me with the problem ?
Thanks
For the device to show in status it has to be on the correct subnet. How are you determining the IP of the client?
 
For the device to show in status it has to be on the correct subnet. How are you determining the IP of the client?
I see on the device or on the list device of the router
 
I see on the device or on the list device of the router
Can you run
Code:
arp -a
and send the line for your MAC address? (you can omit the actual MAC if you prefer)

Can you also send me the outputs of
Code:
ebtables -L

ebtables -t broute -L
and the contents of
Code:
/jffs/configs/dnsmasq.conf.add
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top