YazFi YazFi not routing guest through ISP

jsn2233

Occasional Visitor
Hey guys I hope this is the right sub-forum to post this. I have a RT-AC86U with latest merlin and I just SSH'd into my router and ran the command to install YazFi.

I'm quite new to routers and things like this and I was under the impression I could run guest networks through my normal ISP without VPN, is that possible? My non-guest traffic is ALL ran through a VPN.

I have a OpenVPN client that all of my traffic runs through. Whenever it is active, by default, my guest network's internet is disabled for some reason. You can connect to the guest but there's no internet.

Like I said I am still learning this so any help or push in the right direction will be great

The settings in YazFi, do I need to change something? It's Guest Network 2:

1668993070697.png




My VPN client rule:

1668993004392.png
 

Attachments

  • 1668992938618.png
    1668992938618.png
    41.6 KB · Views: 12

bennor

Very Senior Member
I was under the impression I could run guest networks through my normal ISP without VPN, is that possible? My non-guest traffic is ALL ran through a VPN.

I have a OpenVPN client that all of my traffic runs through.
You should probably start by looking at how you have configured the OpenVPN client if you are routing ALL traffic through it as you indicate.

The following discussion, particularly post #3, may have some pointers on how to proceed.
 

jsn2233

Occasional Visitor
You should probably start by looking at how you have configured the OpenVPN client if you are routing ALL traffic through it as you indicate.

The following discussion, particularly post #3, may have some pointers on how to proceed.

Thanks for that bennor. The thing is, it's so difficult for me to understand what that post actually means. I don't have much, if any experience with networking.

Yes. Once the client vpn is configured and up and running you can set 192.168.1.0/24 to TUN.
Where do you set this at? Is it in VPN director? Is that an IP?

Would I need to take the IP of one of the below guest networks and add it to something in the VPN client settings?

1669054096267.png


It's just confusing me to be honest.
 

Viktor Jaep

Very Senior Member
It's likely because your VPN Client is set to redirect all traffic through the VPN, but your Yazfi subnet is configured to not be allowed to use VPN to get out. So that's probably why you can connect to that Yazfi subnet, but not getting any internet... it's in limbo.

What @bennor was getting at is adding an entry into your VPN Director so that all 192.168.1.0/24 traffic will go through your VPN... Make sure your VPN client is then set to "Redirect Internet traffic through tunnel = VPN Director (Policy Rules)". That should then leave your 192.168.3.x subnet alone and allow it to just use your WAN to get out.
 

jsn2233

Occasional Visitor
It's likely because your VPN Client is set to redirect all traffic through the VPN, but your Yazfi subnet is configured to not be allowed to use VPN to get out. So that's probably why you can connect to that Yazfi subnet, but not getting any internet... it's in limbo.

What @bennor was getting at is adding an entry into your VPN Director so that all 192.168.1.0/24 traffic will go through your VPN... Make sure your VPN client is then set to "Redirect Internet traffic through tunnel = VPN Director (Policy Rules)". That should then leave your 192.168.3.x subnet alone and allow it to just use your WAN to get out.
That works, thanks bro!

So just so I understand this thing called a "subnet" is like parameter that helps you choose devices connected to that specific IP?

Thanks again
 

Viktor Jaep

Very Senior Member
That works, thanks bro!
Happy to help!

So just so I understand this thing called a "subnet" is like parameter that helps you choose devices connected to that specific IP?
A subnet is just a range of ip addresses inside of a larger network... so your 192.168.1.0/24 subnet just means, you have 192.168.1.1 - 192.168.1.254 available for use. On your Yazfi network, you have a 192.168.3.x (1-254) subnet available for use. As things get more and more complex, it gets trickier to get these subnets to talk to each other, or for communications to go between them, and that's where routing comes into play. ;)
 

jsn2233

Occasional Visitor
Happy to help!


A subnet is just a range of ip addresses inside of a larger network... so your 192.168.1.0/24 subnet just means, you have 192.168.1.1 - 192.168.1.254 available for use. On your Yazfi network, you have a 192.168.3.x (1-254) subnet available for use. As things get more and more complex, it gets trickier to get these subnets to talk to each other, or for communications to go between them, and that's where routing comes into play. ;)
Awesome! Will keep that in mind. Thanks once again! You don't know how much frustration you save people that are new to networking.

I am going to do some deep studying so I understand it more though!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top