YazFi YazFi v4.x - continued

[Martinski]

...
Now to the actual problem: After setting up Yazfi I now should have the same list of networks as above. I made sure to keep as many settings the same as before, to make troubleshooting easier. Unfortunately, it seems that the 2.4GHz home LAN network is not working anymore. I do still see all 3 SSID's, but when connecting to this one it just doesn't connect. Also forgetting the network in my phone and reconneting does not work. I simply get an error stating "Could not connect to this network" after typing in the password.

The firmware used on the RT-AX68U router is Asusmerlin 388.1 and YazFi is version 4.4.3.

Another troubleshooting step would be to double-check the output of the following commands:

{
   brctl show
   grep -E "interface=(br|wl)[0-3].*|dhcp-range=." /tmp/etc/dnsmasq.conf
   echo
   IFNAMES="$(nvram get wl_ifnames; nvram get wl0_vifnames; nvram get wl1_vifnames; nvram get wl2_vifnames; nvram get wl3_vifnames)"
   for IFname in br0 $IFNAMES
   do ifconfig $IFname 2>/dev/null ; done
}

NOTE: Include the enclosing curly braces when copying/pasting into your terminal window.

The 2.4 GHz non-guest WLAN interface name should be 'eth5' in your RT-AX68U router, if I'm not mistaken.

 

[Bazingaa]

As a troubleshooting step, maybe try the following for 2.4Ghz network: Wireless > General > Protected Management Frames to Disable.
See the following post where this suggested change was mentioned:
https://www.snbforums.com/threads/3...med-to-be-fixed-in-386-9-0.84141/#post-829883

I tried all 3 options here:

Requiered, Capable and Disabled with auth setting WPA2-Personal.
All 3 did not work unfortunately.

Another troubleshooting step would be to double-check the output of the following commands:

{
   brctl show
   grep -E "interface=(br|wl)[0-3].*|dhcp-range=." /tmp/etc/dnsmasq.conf
   echo
   IFNAMES="$(nvram get wl_ifnames; nvram get wl0_vifnames; nvram get wl1_vifnames; nvram get wl2_vifnames; nvram get wl3_vifnames)"
   for IFname in br0 $IFNAMES
   do ifconfig $IFname 2>/dev/null ; done
}

NOTE: Include the enclosing curly braces when copying/pasting into your terminal window.

The 2.4 GHz non-guest WLAN interface name should be 'eth5' in your RT-AX68U router, if I'm not mistaken.

Thank you for your response!

I ran the command, this is the output:

bridge name    bridge id        STP enabled    interfaces
br0        8000.7c10cxxxxxxx    yes        eth1
                            eth2
                            eth3
                            eth4
                            eth5
                            eth6
                            wl0.2
interface=br0
dhcp-range=lan,192.168.50.2,192.168.50.254,255.255.255.0,86400s
interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
interface=wl0.2
dhcp-range=wl0.2,192.168.51.2,192.168.51.254,255.255.255.0,86400s

br0       Link encap:Ethernet  HWaddr  
          inet addr:192.168.50.1  Bcast:192.168.50.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:2365295 errors:0 dropped:103 overruns:0 frame:0
          TX packets:26413497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:379155286 (361.5 MiB)  TX bytes:37416152393 (34.8 GiB)

eth5      Link encap:Ethernet  HWaddr
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:4 overruns:0 frame:1670488
          TX packets:91995 errors:65 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:21169110 (20.1 MiB)
          Interrupt:47

eth6      Link encap:Ethernet  HWaddr  
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1095329 errors:0 dropped:4 overruns:0 frame:1084228
          TX packets:5975093 errors:2025 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:160777868 (153.3 MiB)  TX bytes:8825821737 (8.2 GiB)
          Interrupt:48

wl0.2     Link encap:Ethernet  HWaddr
          inet addr:192.168.51.1  Bcast:192.168.51.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:1033 errors:0 dropped:0 overruns:0 frame:1670488
          TX packets:2710 errors:21 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:188635 (184.2 KiB)  TX bytes:1809752 (1.7 MiB)

eth5 is there, but it has 0 RX packets.

 

[Martinski]

I do still see all 3 SSID's, but when connecting to this one it just doesn't connect. Also forgetting the network in my phone and reconneting does not work. I simply get an error stating "Could not connect to this network" after typing in the password.

Double-check that your 2.4GHz WLAN password in NVRAM is correct and has not been corrupted:

nvram show 2>/dev/null | grep -E "wl._wpa.*psk=."

Perhaps try changing the password to something "simpler" (e.g. alphanumeric chars only) just to eliminate that as a possible source of the problem (unlikely but I've occasionally seen odd issues like that before with some clients).

 

[Bazingaa]

Double-check that your 2.4GHz WLAN password in NVRAM is correct and has not been corrupted:

nvram show 2>/dev/null | grep -E "wl._wpa.*psk=."

Perhaps try changing the password to something "simpler" (e.g. alphanumeric chars only) just to eliminate that as a possible source of the problem (unlikely but I've occasionally seen odd issues like that before with some clients).

I checked the settings, but the password was indeed correct.

I also tried switching the password and SSID but both did help.

 

[threeeye]

Hi. Thanks for YazFi, hope this is the right place for feedback...

The Web UI has severe validation issues. If presets of DISABLED guest networks collide with existing networks (for example my lan is on 192.168.8.0 and there's a YazFi preset also using that IP it will not let me save the config. That wouldn't be a problem if I could just edit the conflicting disabled network - but it can't be edited since it's disabled, and since it doesn't exist I can't 'enable' (and afterwards disable) it just to edit the conflicting values.

Effectively the Web UI 4.4.3 is unusable for me :-( Fortunately everything works through SSH and editing the config manually - but I suggest only failing UI validation on ENABLED networks.

Thanks!

 

[bennor]

The Web UI has severe validation issues. If presets of DISABLED guest networks collide with existing networks (for example my lan is on 192.168.8.0 and there's a YazFi preset also using that IP it will not let me save the config. That wouldn't be a problem if I could just edit the conflicting disabled network - but it can't be edited since it's disabled, and since it doesn't exist I can't 'enable' (and afterwards disable) it just to edit the conflicting values.

Have you tried using the YazFi CLI (command line interface) to edit the YazFi Guest WiFi IP range so you can fix the conflict?

Connect to the router using an SSH client like Putty. Then launch YazFi (ex: /jffs/scripts/YazFi). Then from the YazFi CLI select option 3, select the editor you want to use to edit the YazFi configuration file. When finished with the edits/configuration, save the changes in the editor, apply the changes by selecting option 1 from the YazFi CLI. You need to ensure each of the approx 12 wlxx_IPADDR entries in the configuration file has a unique IP address.

For example if the main LAN IP address is 192.168.1.x one could setup YazFi IP's like this:
wl01_IPADDR=192.168.3.0
wl02_IPADDR=192.168.4.0
wl03_IPADDR=192.168.5.0
wl11_IPADDR=192.168.6.0
wl12_IPADDR=192.168.7.0
wl13_IPADDR=192.168.8.0
wl21_IPADDR=192.168.9.0
wl22_IPADDR=192.168.10.0
wl23_IPADDR=192.168.11.0
wl31_IPADDR=192.168.144.0
wl32_IPADDR=192.168.155.0
wl33_IPADDR=192.168.166.0

Example of the YazFi CLI screen:

Example of editing the YazFi configuration file using Nano launched from the YazFi CLI:

 

[threeeye]

Have you tried using the YazFi CLI (command line interface) to edit the YazFi Guest WiFi IP range so you can fix the conflict?

Hi - thanks for the detailed instructions, but as said, I am able to configure YazFi through SSH (i.e. the CLI) and am not missing out

My feedback is just to report a potential bug in the Web UI.

Cheers

 

[bennor]

My feedback is just to report a potential bug in the Web UI.

OK wasn't sure if "Fortunately everything works through SSH" meant to include correcting the IP conflict. Anyway the info will hopefully help others as this IP conflict occasionally comes up with users new to YazFi.

 

[Martinski]

If presets of DISABLED guest networks collide with existing networks (for example my lan is on 192.168.8.0 and there's a YazFi preset also using that IP it will not let me save the config.

I found the source of the problem in the JavaScript code and already have a fix.

I'll submit a GitHub PR to @Jack Yaz for review and approval to merge into his "develop" branch.

If you want an early test version to validate with your router setup, I can provide it. Just let me know.

 

[Martinski]

FYI,

@Jack Yaz has merged the changes for the fix into the YazFi 'develop' branch.

 

[lepa71]

Hi. I have yazfi uninstalled a couple months ago but I'm seeing this in my logs.

Mar 26 12:57:21 dnsmasq[30545]: asynchronous logging enabled, queue limit is 5 messages
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.102.2 -- 192.168.102.254, lease time 1d
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.101.2 -- 192.168.101.254, lease time 1d
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.50.2 -- 192.168.50.80, lease time 1d

Did I not uninstall it fully?

 

[Martinski]

Hi. I have yazfi uninstalled a couple months ago but I'm seeing this in my logs.

Mar 26 12:57:21 dnsmasq[30545]: asynchronous logging enabled, queue limit is 5 messages
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.102.2 -- 192.168.102.254, lease time 1d
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.101.2 -- 192.168.101.254, lease time 1d
Mar 26 12:57:21 dnsmasq-dhcp[30545]: DHCP, IP range 192.168.50.2 -- 192.168.50.80, lease time 1d

Those are normal/regular log messages coming from dnsmasq (IIRC, your log level would be at "debug" to get them), and they are completely unrelated to YazFi.

Any references to IP addresses "192.168.101.*" & "192.168.102.*" are due to the interfaces "br1" & "br2" being declared in the "/tmp/etc/dnsmasq.conf" file for the built-in 2.4GHz & 5GHz Guest Networks #1, respectively. You can see their settings by typing the following cmd in an SSH terminal window:

grep -E ".*.=br[1-2].*" /tmp/etc/dnsmasq.conf

Example:

interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1

Note that those system log msgs you see will be there regardless of whether those built-in Guest Networks are disabled or enabled.

 

[lepa71]

Those are normal/regular log messages coming from dnsmasq (IIRC, your log level would be at "debug" to get them), and they are completely unrelated to YazFi.

Any references to IP addresses "192.168.101.*" & "192.168.102.*" are due to the interfaces "br1" & "br2" being declared in the "/tmp/etc/dnsmasq.conf" file for the built-in 2.4GHz & 5GHz Guest Networks #1, respectively. You can see their settings by typing the following cmd in an SSH terminal window:

grep -E ".*.=br[1-2].*" /tmp/etc/dnsmasq.conf

Example:

interface=br1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0,86400s
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0,86400s
dhcp-option=br2,3,192.168.102.1

Note that those system log msgs you see will be there regardless of whether those built-in Guest Networks are disabled or enabled.

192.168.101.x and 102.x is not my subnet. I have 192.168.50.x. Those 101 and 102 were the ones Yazfi created when I had it installed.
Am I missing something?

 

[Jack Yaz]

192.168.101.x and 102.x is not my subnet. I have 192.168.50.x. Those 101 and 102 were the ones Yazfi created when I had it installed.
Am I missing something?

YazFi doesn't create bridges. These are the ones created by Asus as discussed. Usually only if you have disabled intranet access for a guest network. Nothing to do with YazFi.

 

[bennor]

192.168.101.x and 102.x is not my subnet. I have 192.168.50.x. Those 101 and 102 were the ones Yazfi created when I had it installed.
Am I missing something?

Those entries are not created by YazFi as RMerlin indicates. On a RT-AC68U running Asus stock firmware 3.0.0.4.386_51255 and which has never had YazFi installed....

In fact Guest WiF has never even been enabled on that RT-AC68U router.

 

[lepa71]

Sorry for the confusion.
It is somewhat interesting. Without yazfi the subnet for the guest network is the same as the router, but it seems that internally it is different. Am I reading it correctly? If yes, then why does asus make the guest network the same?

 

[alex3305]

First of all thanks for YazFi. I love that we can have relatively easy VLAN management on these devices. ASUS should IMHO just support this, like they do on their 'PRO' models. Anyway. The last couple of days I was looking into using a VLAN for my IoT devices on 2.4GHz. However I wanted to use DHCP reservations as much as possible. So I found this excellent post by @bennor and the manual on GitHub. However I decided to manage my setup a little differently.

Instead of the suggested script, which already existed on my install, I opted to do just add a new text file in /jffs/addons/YazFi.d/dhcp-reservations with the following contents:

### Start Guest network static DHCP reservations
dhcp-host=11:B2:B1:30:1D:88,my-iot-device,192.168.10.10
dhcp-host=15:E1:B9:F9:5F:4D,my-iot-device,192.168.10.11
dhcp-host=30:AA:4B:3B:5D:AB,my-iot-device,192.168.10.12
### End Guest network static DHCP reservations

After that I also modified my /jffs/scripts/dnsmasq.postconf like this:

#!/bin/sh

cat /jffs/addons/YazFi.d/.dnsmasq >> /etc/dnsmasq.conf # YazFi
cat /jffs/addons/YazFi.d/dhcp-reservations >> /etc/dnsmasq.conf # Custom Reservation

Testing with service restart_dnsmasq and a cat /etc/dnsmasq.conf this seems to work wonderfully.

I also than preceded to setup my AdGuard Home install so I can also leverage the set hostname with this ARPA record in the Private Reverse DNS field:

[/168.192.in-addr.arpa/]192.168.1.1

and finally setting the upstream DNS servers so I can actually reach the devices:

[//]192.168.1.1
[/local/]192.168.1.1
[/lan/]192.168.1.1

I'm really pleased how it turned out and wanted to share it with you guys for future reference. And thanks again for @bennor and of course @Jack Yaz for all the work and effort put into this.

 

[oOMrYairOo]

@Jack Yaz it would be nice if you can add Wireguard support to the next update, now the only way to route guest ssid is to openvpn clients and not Wireguard clients, thanks

 

[Wako]

I have wired Zigbee hubs I would like to isolate as if they were connected to one of my YazFi guest network. Is is possible to add a list of LAN ports for each YazFi guest networks and make these LAN ports act like they are connected to one of these guest networks ? That also mean using the same IP range as the guest network the LAN is associated with.

 

[bennor]

Is is possible to add a list of LAN ports for each YazFi guest networks and make these LAN ports act like they are connected to one of these guest networks ? That also mean using the same IP range as the guest network the LAN is associated with.

Currently YazFi is for Guest WiFi network only. Do a search through the Asus-Merlin subforum for VLAN for discussion on isolating specific LAN ports to separate VLAN's.

Or see the VLAN supported Asus routers that have the VLAN beta firmware. See the following link for more information:
[Wireless Router] What is VLAN and how to setup?