What's new

YazFi YazFi - enhanced AsusWRT-Merlin Guest WiFi inc. SSID <-> VPN Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You can see all wireless clients on the System Log - > Wireless Log page. If i can find out how that works I can implement something for YazFi hopefully
LOL, here I am poking around for a text file and it's on the GUI. 'doh!!

Seems like ipv6 is something of a black art ... right now it's giving the router's ipv6 address, which the clients on the guest network can't reach, I presume because the request is essentially coming from outside the firewall, and the firewall is dutifully blocking it. :) So guest network has no ipv6. Not a big deal, and certainly on the "nice to have" list, not on the "this is a bug" list.
 
LOL, here I am poking around for a text file and it's on the GUI. 'doh!!

Seems like ipv6 is something of a black art ... right now it's giving the router's ipv6 address, which the clients on the guest network can't reach, I presume because the request is essentially coming from outside the firewall, and the firewall is dutifully blocking it. :) So guest network has no ipv6. Not a big deal, and certainly on the "nice to have" list, not on the "this is a bug" list.
I don't have an IPv6 connection so can't work on support for it :(

If you can send me the outputs of your ip6tables (by PM) then I'm happy to try and see what rules are needed.
 
I suspect VPN Policy Routing takes precedence. You'd need to check your router's RPDB to be sure.
Code:
ip rule show

ip route show
Output looks like this:
Code:
admin@RT-AC66U_B1-3758:/tmp/home/root# ip rule show
0:   from all lookup local
10101:   from 192.168.3.0/24 lookup ovpnc1
32766:   from all lookup main
32767:   from all lookup default


admin@RT-AC66U_B1-3758:/tmp/home/root# ip route show
111.123.222.1 dev eth0  proto kernel  scope link
85.203.22.50 via 111.123.222.1 dev eth0
10.180.1.213 dev tun11  proto kernel  scope link  src 10.180.1.214
192.168.3.0/24 dev wl0.1  proto kernel  scope link  src 192.168.3.1
111.123.222.0/24 dev eth0  proto kernel  scope link  src 111.123.222.240
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
127.0.0.0/8 dev lo  scope link
default via 111.123.222.1 dev eth0

The IPs that I don't want to get routed via VPN are 111.123.222.100 and *.101. Thanks for taking time to look into this.
 
v2.1.1 is available

Changelog:

Test for shell compliance with ShellCheck (thanks @Adamm !)
Add status function to show connected guests, call via /jffs/scripts/YazFi status
To update:
Code:
/jffs/scripts/YazFi update

Can people please post feedback about this version, as complying with ShellCheck meant a lot of amendments.
YazFi has passed all my testing on my 87U, and if anything the script is more generic now, so there will hopefully be no problems!
 
Output looks like this:
Code:
admin@RT-AC66U_B1-3758:/tmp/home/root# ip rule show
0:   from all lookup local
10101:   from 192.168.3.0/24 lookup ovpnc1
32766:   from all lookup main
32767:   from all lookup default


admin@RT-AC66U_B1-3758:/tmp/home/root# ip route show
111.123.222.1 dev eth0  proto kernel  scope link
85.203.22.50 via 111.123.222.1 dev eth0
10.180.1.213 dev tun11  proto kernel  scope link  src 10.180.1.214
192.168.3.0/24 dev wl0.1  proto kernel  scope link  src 192.168.3.1
111.123.222.0/24 dev eth0  proto kernel  scope link  src 111.123.222.240
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
127.0.0.0/8 dev lo  scope link
default via 111.123.222.1 dev eth0

The IPs that I don't want to get routed via VPN are 111.123.222.100 and *.101. Thanks for taking time to look into this.
Looking at your routing I can't see why those IPs are being routed at all.
 
@Jack Yaz

A few things I tried
Code:
YazFi status
I just go back to my prompt with no type of feedback, like no clients connected, (which I had none while doing this) I thought that maybe it was not providing feedback.

I launched YazFi and got the start up notification then a warning
Code:
VPN Client 1 is not configured for Policy Routing

I don't know if it was YazFi or a crash of the router earlier in the week but all my routes were gone and my VPN was not ticked to auto start at login.I highly suspect the crash earlier in the week. I was trying to setup server 2 when my crash occurred. Thinking about it this would explain why my travel router was acting up... All non related to YazFi!

Code:
Last week, I gave up, troubleshooting my setup of server 2, due to feeling under the weather.

Once I re setup my policy routing, I received this when manually running YazFi. (Again no clients connected) yet! This would be my technical first run after the update.

Code:
YazFi: YazFi v2.1.1 starting up

YazFi: wl2.1 passed validation

YazFi: wl2.1 (SSID: ******** ) - VPN redirection enabled, sending all interface internet traffic over VPN Client 1

YazFi: VPN Client 1 client list has changed, restarting VPN Client 1

YazFi: YazFi v2.1.1 completed successfully

I re ran YazFi as I didnt expect to see the 'client list has changed' message. Upon re running YazFi I did not receive the message about the client list change.

Running the status command again (No devices connected) simply drops me back out at my prompt with no feedback.

Running the status command again (with connected device) shows the Mac address and device name along with IP. Traffic does flow across to the VPN connection.

Right now the only feedback I can suggest is tweak the lack of feedback when no devices are connected. Other than that thanks for nudging me to go checking things because my setup was down. o_O

Maybe feedback to suggest lack of routes during the status query ? Basically so I don't have to try and start YazFi to know there is an issue. Just some thoughts of mine.

BTW, its coming along nicely, thanks for all your hard work!!!
 
Last edited:
v2.1.1 is available
Can people please post feedback about this version, as complying with ShellCheck meant a lot of amendments.
YazFi has passed all my testing on my 87U, and if anything the script is more generic now, so there will hopefully be no problems!
Works here. AC86U, Merlin 384.5.
 
On AC86U and status test:
YazFi: Welcome to YazFi v2.0.0, a script by JackYaz
YazFi: New version of YazFi available - updating to v2.1.1
YazFi: YazFi successfully updated - restarting firewall to apply update

@AC86U:/jffs/scripts# ./YazFi status
XX:XX:XX:XX:XX:XX iPh7.rbh (192.168.241.97)

Thank you for the update!
 
Here is the output from starting YazFi:
@AC86U:/jffs/scripts# ./YazFi
YazFi: YazFi v2.1.1 starting up
YazFi: wl0.1 passed validation
YazFi: wl0.2 passed validation
YazFi: wl21_ENABLED is blank, setting to false
YazFi: wl22_ENABLED is blank, setting to false
YazFi: wl23_ENABLED is blank, setting to false
YazFi: wl0.1 (SSID: xxxxxx) - sending all interface internet traffic over WAN interface
YazFi: wl0.2 (SSID: xxxxxx) - VPN redirection enabled, sending all interface internet traffic over VPN Client 2
YazFi: YazFi v2.1.1 completed successfully
 
Here is the output from starting YazFi:
If that's the first run with the newer config file then that's fine. You shouldn't see the "setting to false" on subsequent runs (unless you've edited the config and left an "enabled" setting blank)
 
@Jack Yaz

A few things I tried
Code:
YazFi status
I just go back to my prompt with no type of feedback, like no clients connected, (which I had none while doing this) I thought that maybe it was not providing feedback.

I launched YazFi and got the start up notification then a warning
Code:
VPN Client 1 is not configured for Policy Routing

I don't know if it was YazFi or a crash of the router earlier in the week but all my routes were gone and my VPN was not ticked to auto start at login.I highly suspect the crash earlier in the week. I was trying to setup server 2 when my crash occurred. Thinking about it this would explain why my travel router was acting up... All non related to YazFi!

Code:
Last week, I gave up, troubleshooting my setup of server 2, due to feeling under the weather.

Once I re setup my policy routing, I received this when manually running YazFi. (Again no clients connected) yet! This would be my technical first run after the update.

Code:
YazFi: YazFi v2.1.1 starting up

YazFi: wl2.1 passed validation

YazFi: wl2.1 (SSID: ******** ) - VPN redirection enabled, sending all interface internet traffic over VPN Client 1

YazFi: VPN Client 1 client list has changed, restarting VPN Client 1

YazFi: YazFi v2.1.1 completed successfully

I re ran YazFi as I didnt expect to see the 'client list has changed' message. Upon re running YazFi I did not receive the message about the client list change.

Running the status command again (No devices connected) simply drops me back out at my prompt with no feedback.

Running the status command again (with connected device) shows the Mac address and device name along with IP. Traffic does flow across to the VPN connection.

Right now the only feedback I can suggest is tweak the lack of feedback when no devices are connected. Other than that thanks for nudging me to go checking things because my setup was down. o_O

Maybe feedback to suggest lack of routes during the status query ? Basically so I don't have to try and start YazFi to know there is an issue. Just some thoughts of mine.

BTW, its coming along nicely, thanks for all your hard work!!!
Thanks for the feedback on the status. I'll certainly add an output for no clients, and I intendon having it print the clients in sections for each SSID. I just needed to make sure that clients got returned for others, since my 87U is frankly the weirdest Asus router out there at the moment!

Not sure what you mean about lack of routes?
 
If that's the first run with the newer config file then that's fine. You shouldn't see the "setting to false" on subsequent runs (unless you've edited the config and left an "enabled" setting blank)
My apologies, I was still using the old config file, updated now.
 
Not sure what you mean about lack of routes?

a notification of the missing policies from the routing table. Or though I was talking about it. Hope I am making sense now. Eh maybe I should just pull the cover up and forget about this for a day or three. Well if I’m still not making sense.
 
a notification of the missing policies from the routing table. Or though I was talking about it. Hope I am making sense now. Eh maybe I should just pull the cover up and forget about this for a day or three. Well if I’m still not making sense.
I suppose this is something that would get mopped up by scheduled YazFi, as it would pick up on things not being right (as it did when you manually ran it). Other than manually setting Policy Routing, did you need to do anything else? (I could script in the policy routing change as part of YazFi, for example)
 
Nah, was just something the crash messed up, (routing) everything else was present and working 100%.
If a scheduled running of YazFi will accomplish my goal, that should fit the bill nicely for me. Thanks.
 
Well done @Jack Yaz

Works really well and provides feedback with no clients connected , and also with clients connected. :)

Edit: clarification
 
Last edited:
Looking at your routing I can't see why those IPs are being routed at all.
Because the whole subnet 111.123.222.0/24 has a route to go via 111.123.222.240 (this is the ip on my wan interface without VPN).

I guess I want to change the ovpnc1 ruleset, so not only the source (192.168.3.0/24) is checked, but also the destination. Unfortunately I don't know how to add/modify this rule set.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top