1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

YazFi - enhanced AsusWRT-Merlin Guest WiFi Networks

Discussion in 'Asuswrt-Merlin' started by Jack Yaz, Apr 8, 2018.

  1. JaimeZX

    JaimeZX Regular Contributor

    Joined:
    Mar 10, 2018
    Messages:
    137
    I'll qualify that by saying the external HD I have as a Samba share on the router is accessible by any machine on the router if it has the correct password.
     
    daviworld likes this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    Yes...that's odd, because my samba share on the router (all 4) cannot even be reached for authentication! Perhaps we need to sort out a screensharing session so that we can see what's going on there.
     
    daviworld likes this.
  4. JaimeZX

    JaimeZX Regular Contributor

    Joined:
    Mar 10, 2018
    Messages:
    137
    Dunno. But I'm happy with it as-is! :D
     
    Jack Yaz likes this.
  5. Paulo Pereira

    Paulo Pereira New Around Here

    Joined:
    Mar 27, 2018
    Messages:
    3
    Hello everyone, does any way to yazfi work in AP Mode??? If not, is there a way to work arround??
    Tanhs in advance
     
  6. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    Unfortunately it wont work in AP mode
     
  7. mxyz

    mxyz New Around Here

    Joined:
    Dec 17, 2017
    Messages:
    2
    ^ +1 for this ^

    I've got two AC68Us; the main one in the house in router mode, the other in the garage in AP mode, connected via ethernet. Same SSID, moving between them now seems perfectly seamless.

    What I need is a separate guest network on the AP mode Router2. The guest network could be on Router1 also, if it's easier since its already doing the routing, but would still need to be on Router2.

    Router1 is where the phone line, and modem are so they cant be easily swapped. The two simple solutions that I'm trying to avoid are, plug in a third router or put them both in router mode.

    I've found some router only features, like VPN, work just fine in AP mode, set up by manually going to the page, start and stop the service with a script.
    It doesn't look like AiMesh repeats the main router's guest networks, that would be an ideal solution. When it was first released I tried it and it was a disaster, I'd give it anther chance if it did guest networks.

    I guess what I'm looking for is advice or direction before I start experimenting, screw things up, then put it back together the way it was.
     
  8. HuskyHerder

    HuskyHerder Regular Contributor

    Joined:
    May 12, 2017
    Messages:
    184
    It, AiMesh does not support Guest Network's... in my reading, that is. I am giving it a try currently.
     
  9. Grisu

    Grisu Very Senior Member

    Joined:
    Aug 28, 2014
    Messages:
    1,293
    probably with aimesh phase 2, some of next firmwares will support guest-WiFi on nodes.
     
    HuskyHerder likes this.
  10. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    Might be possible to do something with vlan tagging on the AP guest interfaces, but that goes beyond the current scope of YazFi
     
    HowIFix likes this.
  11. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    I'd like to but I don't have the free time to write a menu driven script at the moment
     
    HowIFix likes this.
  12. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    I know, I do want to make it easier to use, but the new job is taking it out of me :(

    I have got lan access working on my personal version, I need to make it robust and then i can add it to the main script :)
     
    daviworld, HuskyHerder and HowIFix like this.
  13. bobpaul

    bobpaul New Around Here

    Joined:
    Sep 14, 2018
    Messages:
    4
    I'm using IPv6 via HE's free tunnel broker as described on the Merlin Wiki. This gives me a /48 on the router, so in theory I should be able to set many /64 subnets. But as configured per the wiki, I get a /64 on my LAN.

    When I use YazFi with 1 guest WiFi on 192.168.250.x, my guests get IPv6 addresses from my LAN /64. I haven't tried other devices, but my Android 8 phone sees this and disconnects/reconnects from the guest network repeatedly. If I disable IPv6, all is fine.

    At a minimum YazFi should block guests from getting IPv6, but even better would be adding support for separate IPv6 subnets for users with a larger than /64 assignment on the router.
     
  14. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    If you're willing to lend a hand I can look into it, I don't have ipv6 currently so no way of giving it a proper run out. I'm assuming it's something with ip6tables, but that's a complete guess
     
  15. bobpaul

    bobpaul New Around Here

    Joined:
    Sep 14, 2018
    Messages:
    4
    Definitely willing to lend a hand. My ISP doesn't offer IPv6, either, which is why I'm using tunnel broker.
     
  16. bobpaul

    bobpaul New Around Here

    Joined:
    Sep 14, 2018
    Messages:
    4
    Hey, so I chatted with my ISP and they are currently experimenting with IPv6 and can enable it for customers on request. Unfortunately they are violating RFC6177 and only hand out /64 prefixes. I suspect this is common, but that means I can test things work with the router set to Native IPv6 without the possibility to subnet and a subnettable situation via my tunnel broker account. I'll try to take a closer look at what your script is doing this weekend and see if I can figure out the right commands to run afterwards to get things working as I think they should.
     
    Jack Yaz likes this.
  17. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    50
    Hi - have been using this script for many months and it has been perfect until now.
    Yesterday I changed up the VPN server on Client 1 and have had issues connecting with Client 2 since.
    I believe I may have something off with the policy rules for these clients, any help you can give will be much appreciated. I do not know anything about policy rules - any explanation on how they work and what they are doing along the way would also be great.

    I have my main network set to run on VPN Client 1 and this works. (192.168.2.1 in YazFi config)
    I have my 2.4 guest network set to run on VPN Client 1 and this works. (192.168.3.0 in YazFi config)
    I have my 5.0 guest network to run on VPN Client 2 and it does not work. (192.168.4.0 in YazFi config)

    When I connect to 5.0 guest network I am get no internet after a reboot and internet on Client 2 after running YazFi script in terminal:
    YazFi: wl1.1 (SSID: guest) - VPN redirection enabled, sending all interface internet traffic over VPN Client 2

    VPN Status in Asus shows Client 1 and Client 2 both properly connected to servers.
    I have confirmed that VPN server on Client 2 is working.

    Client 1 Policy Rules are set to:
    2.4GHz Guest 1 192.168.3.0/24 0.0.0.0 VPN
    Router 192.168.2.1 0.0.0.0 WAN
    All Other 192.168.2.1/24 0.0.0.0 VPN
    5.0Ghz Guest 1 192.168.4.0/24 0.0.0.0 VPN


    Client 2 Policy Rules are set to:
    5GHz1 Guest 1 192.168.4.0/24 0.0.0.0 VPN

    Do I need to set these manually or will the script now do this?
    Do I have it all correct?

    Thank you!
     
  18. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    This rule looks surplus to requirements:

    Code:
    5.0Ghz Guest 1 192.168.4.0/24 0.0.0.0 VPN
    The .0 isn't added by YazFi so was this manually added?
     
  19. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    50
    I did manually add, maybe I got it wrong?
    I take that to mean that the script will now add and set all required policy rules? (did not want to try this and and muck it up more)
     
    Jack Yaz likes this.
  20. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,239
    If running the last released version, then setting _REDIRECTALLTOVPN will handle the rules for guests. Let me know if not
     
  21. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    50
    Where/how do I do that? I am on latest version. Thanks.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!