YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

[Kingp1n]

Thanks ...yes I noticed the different client options now that you mentioned it. Last question, if i'm using VPN for guest 1 should I manually add the DNS 1 & 2 or leave blank...I read if I leave blank the script will automatically pull from the routers DNS but that would defeat the purpose of VPN so I should manually add the DNS numbers correct? Also it seems like guest networks keep losing connection...any ideas why this mighjtbe happening?[/QUOTE]

 

[Jack Yaz]

Thanks ...yes I noticed the different client options now that you mentioned it. Last question, if i'm using VPN for guest 1 should I manually add the DNS 1 & 2 or leave blank...I read if I leave blank the script will automatically pull from the routers DNS but that would defeat the purpose of VPN so I should manually add the DNS numbers correct? Also it seems like guest networks keep losing connection...any ideas why this mighjtbe happening?

[/QUOTE]
If you set the VPN client to Exclusive for Accept DNS Configuration then YazFi's setting becomes irrelevant

 

[InternetGuy3000]

First of all thanks a lot for YazFi! I really love it! I was playing with it half the day and I am amazed by what it can add in comfort to my VPN setup.

Now, I am just running into an issue. I am using YazFi on an Asus RT-AC86U with Merlin.
The VPN is showing towards the US, all devices feel good about "being" there. Streaming contents on phones and computers works perfectly.
As soon as I bring chromecast into the game, things are different. Although chromecast has an "US" location flag, it still figures out that it's a vpn, likely as it bypasses the DNS settings in the VPN connection by using its own google DNS (8.8.8.8 and 8.8.4.4) instead.

I have tried everything i could possibly find
- Changing WAN DNS settings to point to vpn dns and disable auto dns
- Static routing of the google dns towards different dns
- network service filters to block the complete range of 8.8.0.0/16 for all devices in LAN
- setting openvpn DNS to "strict"

Now what i don't understand:
Does YazFi somehow bypass settings i do for the "regular" network on the asus router?
Could it be that the guest network is kind of a fully unregulated space?

Thanks

 

[Jack Yaz]

First of all thanks a lot for YazFi! I really love it! I was playing with it half the day and I am amazed by what it can add in comfort to my VPN setup.

Now, I am just running into an issue. I am using YazFi on an Asus RT-AC86U with Merlin.
The VPN is showing towards the US, all devices feel good about "being" there. Streaming contents on phones and computers works perfectly.
As soon as I bring chromecast into the game, things are different. Although chromecast has an "US" location flag, it still figures out that it's a vpn, likely as it bypasses the DNS settings in the VPN connection by using its own google DNS (8.8.8.8 and 8.8.4.4) instead.

I have tried everything i could possibly find
- Changing WAN DNS settings to point to vpn dns and disable auto dns
- Static routing of the google dns towards different dns
- network service filters to block the complete range of 8.8.0.0/16 for all devices in LAN
- setting openvpn DNS to "strict"

Now what i don't understand:
Does YazFi somehow bypass settings i do for the "regular" network on the asus router?
Could it be that the guest network is kind of a fully unregulated space?

Thanks

Would be worth giving DNSFilter a go. I'm actually working to implement it for guest networks, as I think the Merlin implementation only functions on the primary subnet

 

[InternetGuy3000]

Would be worth giving DNSFilter a go. I'm actually working to implement it for guest networks, as I think the Merlin implementation only functions on the primary subnet

Thanks for your reply!
I indeed tried DNSFilter it gets bypassed as well, as it really seems to only work on the main network and not the guest networks.

But I figured out the issue: The Chromecast is such aggressively programmed that it bypassed the ASUS router in full and went over to the modem to connect from there ^^
So I found settings on my modem to block traffic that finally halted him a few minutes ago.

Next issue, luckily not related to YazFi, is that Chromecast displays and artificial "check your internet connection" error message (while sending background traffic ^^) as it realizes that Google DNS has been blocked. So I am stuck at a chromecast issue now instead

 

[Jack Yaz]

Thanks for your reply!
I indeed tried DNSFilter it gets bypassed as well, as it really seems to only work on the main network and not the guest networks.

But I figured out the issue: The Chromecast is such aggressively programmed that it bypassed the ASUS router in full and went over to the modem to connect from there ^^
So I found settings on my modem to block traffic that finally halted him a few minutes ago.

Next issue, luckily not related to YazFi, is that Chromecast displays and artificial "check your internet connection" error message (while sending background traffic ^^) as it realizes that Google DNS has been blocked. So I am stuck at a chromecast issue now instead

If you like, I'll tidy up the testing branch that has a provisional dnsfilter for guests developed, to see if it helps in this situation.
I'll send you a PM when it's ready to download

 

[orion44]

I'm not sure if this is expected or not, but I recently restarted by router via the GUI and YazFi did not start automatically. When I attempted to connect to the guest WIFI configured for YazFi, no IP was assigned via DHCP. The device assigned itself an APIPA address and that was about it.

I restarted (or perhaps just started) YazFi via:

admin@RT-AC5300-F8D0:/tmp/home/root# /jffs/scripts/YazFi
YazFi: YazFi v2.2.4 starting up

YazFi: wl0.1 passed validation

YazFi: wl0.1 (SSID: LAB) - VPN redirection enabled, sending all interface internet traffic over VPN Client 1

YazFi: YazFi v2.2.4 completed successfully

And everything worked fine after that. Is YazFi expected to autostart after restarting the router or is this manual intervention expected? To note, I'm running the latest Merlin version 384.8_2.

 

[Jack Yaz]

I'm not sure if this is expected or not, but I recently restarted by router via the GUI and YazFi did not start automatically. When I attempted to connect to the guest WIFI configured for YazFi, no IP was assigned via DHCP. The device assigned itself an APIPA address and that was about it.

I restarted (or perhaps just started) YazFi via:



And everything worked fine after that. Is YazFi expected to autostart after restarting the router or is this manual intervention expected? To note, I'm running the latest Merlin version 384.8_2.

Please can you check the contents of /jffs/scripts/firewall-start ?

 

[orion44]

Please can you check the contents of /jffs/scripts/firewall-start ?

 

[Jack Yaz]

View attachment 15569

OK great. Does your syslog from boot show firewall-start was called?

 

[orion44]

OK great. Does your syslog from boot show firewall-start was called?

Yes, but I'm not entirely sure these timestamps are from rebooting the entire system.

 

[Jack Yaz]

Yes, but I'm not entirely sure these timestamps are from rebooting the entire system.
View attachment 15570

Hm. Just to confirm, does manually running firewall-start trigger YazFi correctly?

 

[Jack Yaz]

Yes, but I'm not entirely sure these timestamps are from rebooting the entire system.
View attachment 15570

https://www.snbforums.com/threads/y...guest-wifi-networks.45924/page-14#post-443003

This might be worth trying in your environment. If it does, I'll look into incorporating it into YazFi officially

 

[orion44]

Yes and YES! I didn't see that post - it's exactly my issue.

 

[infra_red_dude]

Thanks a lot for YazFi! This is a great addition to Merlin. I'd even go this far saying ASUS should integrate it in to their official firmware.

I have one request: Would it be possible to add "device isolation" as a feature for YazFi networks? IoT devices are usually one of the client set of guest network and YazFi isolating them on a separate subnet is perfect. Having an option to stop them from talking each other would be great!

Thanks again for all the hard work

 

[.TT.]

Hi
Another happy user checking in
Curios to know if you have made any progress on the remaining upcoming feature.
I would love to allow access to my speakers and chromecasts from guest ssid.

Thanks again!

 

[Jack Yaz]

Thanks a lot for YazFi! This is a great addition to Merlin. I'd even go this far saying ASUS should integrate it in to their official firmware.

I have one request: Would it be possible to add "device isolation" as a feature for YazFi networks? IoT devices are usually one of the client set of guest network and YazFi isolating them on a separate subnet is perfect. Having an option to stop them from talking each other would be great!

Thanks again for all the hard work

This should already happen - are you able to ping between 2 devices on the guest?

 

[Jack Yaz]

Hi
Another happy user checking in
Curios to know if you have made any progress on the remaining upcoming feature.
I would love to allow access to my speakers and chromecasts from guest ssid.

Thanks again!

Guest DNSFilter is next up (need to finalise the code), and will also bring a config file update including settings for LAN access (though they're not enabled yet!)

 

[TheUntouchable]

Hi Jack Yaz,

just a silly quick question: Does the script really not work on an AC88U or hasn't anyone tested it on this device yet?

I really want to use it for my ip webcam and things like that to get these devices out of my LAN.

Thank you in advance!

 

[Jack Yaz]

Hi Jack Yaz,

just a silly quick question: Does the script really not work on an AC88U or hasn't anyone tested it on this device yet?

I really want to use it for my ip webcam and things like that to get these devices out of my LAN.

Thank you in advance!

No reason it won't work! Either not tested, or it has been and I neglected to update the list