YazFi YazFi v4.x

[micer45]

Thanks, I managed to find a backup I had made of the JFFS partition, I restored that and it had version 4.01 which works for what I need.

Looks like I need a new router, any recomendations

 

[Asusrouterlover]

Thanks, I managed to find a backup I had made of the JFFS partition, I restored that and it had version 4.01 which works for what I need.

Looks like I need a new router, any recomendations

RT-AX88U AX6000
best of the best

 

[micer45]

Thanks, should be here in the next couple of days

 

[Eric Lieb]

Is YazFI the reason why access intranet keeps getting enabled? I have 2 and 1 way to guest disabled in YazFi but on the main guest settings it keeps enabling intranet access.

 

[Jack Yaz]

Is YazFI the reason why access intranet keeps getting enabled? I have 2 and 1 way to guest disabled in YazFi but on the main guest settings it keeps enabling intranet access.

yes. asus makes some changes that conflict if access internet is disabled, YazFi installs its own rules that achieves the same

 

[Eric Lieb]

yes. asus makes some changes that conflict if access internet is disabled, YazFi installs its own rules that achieves the same

Thanks... just wanted to confirm that when I set 2 and 1 way to no it still disabled intranet access which is appears to.

 

[bennor]

Thanks... just wanted to confirm that when I set 2 and 1 way to no it still disabled intranet access which is appears to.

Also per Jacks' YazFi Github page...

• Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS
• Allow guest networks to make use of pixelserv-tls (if installed)
• Allow guests to use a local DNS server
• Extend DNS Filter to guest networks

While it is disabling intranet access, it still leaves a few pinholes for certain network services/traffic, as the above indicates. One can add additional pinholes for services or to contact specific intranet clients per the Custom Firewall Rules section on the GitHub page.

 

[chongnt]

Not sure here is the correct place to ask this. Is it possible to have yazfi client to use diversion alternate blocking list?
I am trying to have 192.168.6.0/24 to use alternate blocking list but it seems it still use the main blocking list.

admin@RT-AC86U-DBA8:/jffs/scripts# iptables -nvL DNSFILTER -t nat --line
Chain DNSFILTER (2 references)
num   pkts bytes target     prot opt in     out     source               destination        
1        0     0 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.6.1-192.168.6.254 to:192.168.1.253
2      133  9496 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.1.21-192.168.1.30 to:192.168.1.253
3      133  9123 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:192.168.1.1

Update: Got it working now. I was looking at the wrong table.

admin@RT-AC86U-DBA8:/jffs/Div_list# iptables -nvL YazFiDNSFILTER -t nat --line
Chain YazFiDNSFILTER (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1488 98919 DNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            source IP range 192.168.6.0-192.168.6.254 to:192.168.1.253

 

[JT Strickland]

I put a half dozen security cameras on guest network 2 (1 is not enabled), but I don't see them in the router's client list. Is this normal?

 

[Jack Yaz]

Yes, use the Wireless Log or YazFi page/CLI instead to see guest clients

 

[alan6854321]

Yes, use the Wireless Log or YazFi page/CLI instead to see guest clients

I use YazFi for all my Iot devices on guest network #2
I've noticed that the Wireless log often gets their IP address wrong, it shows their original IP address before YazFi re-allocates them.

E.g. A device will be using the address 192.168.3.168 and YazFi option #2 in SSH shows that address. But the Wireless log on the UI shows 192.168.1.244.

I think the devices connect to the router before YazFi starts and get the 192.168.1.244 type address, they then get thrown off by YazFi and reconnect with the 192.168.3.168 type addresses but the Wireless log doesn't get updated.

It seems to happen at random, about half of the are wrong and it's different devices affected each time.

Any ideas?

 

[bennor]

Any ideas?

See if the YazFi clients are correctly listed by issuing the command cat /var/lib/misc/dnsmasq.leases while connected via SSH to the router. If they are then create a batch file (if using Windows) using Plink to run that command with a click/double click.

Otherwise its likely a problem with the IoT device(s). I found that certain IoT devices, like Amazon's Echo's would connect to the wrong WiFi SSID if they were previously connected to it in the past. It was due to Amazon Echo's saving past WiFi logins. The solution was to access the Echo settings (via the Alexa app and online Amazon account) and delete all WiFi associations, then connect it only to the YazFi guest WiFi.

Example batch (.bat) file for WIndows:

plink.exe -batch -ssh -l <loginname> -pw <password> <routerIPaddress> cat /var/lib/misc/dnsmasq.leases

PAUSE

 

[alan6854321]

See if the YazFi clients are correctly listed by issuing the command cat /var/lib/misc/dnsmasq.leases while connected via SSH to the router.

That file contains the correct (192.168.3.168 type) addresses.
As does "Syslog -> DHCP Leases" from the UI.

It's just odd that the wireless log gets it wrong, especially as that's the usual screen people are directed to when they complain about the network map not showing all their clients.

 

[bennor]

That file contains the correct (192.168.3.168 type) addresses.
As does "Syslog -> DHCP Leases" from the UI.

It's just odd that the wireless log gets it wrong, especially as that's the usual screen people are directed to when they complain about the network map not showing all their clients.

If you have static/reserved IP addresses for those YazFi Clients on the DHCP Server page, remove those entries and see if the issue persists with wireless log. YazFi has a different way of assigning static IP addresses to YazFi clients. See the following link for more information.
https://github.com/jackyaz/YazFi/wi...e-and-ARP-records#a-note-on-dhcp-reservations

 

[alan6854321]

If you have static/reserved IP addresses for those YazFi Clients on the DHCP Server page, remove those entries and see if the issue persists with wireless log.

No, none of the clients on the guest network have static or manual addresses.
I have a few manuals IPs on the main wifi network, but there's no problem with them.

I do have a set of entries in the dnsmasq.conf file that just assign a hostname to a MAC address, like the 'set hostname' section of 'A Note on DHCP Reservations' that you just referenced. But I've only just added them (Partly to help me sort this) and the problem existed before I added them.

 

[JT Strickland]

I use YazFi for all my Iot devices on guest network #2
I've noticed that the Wireless log often gets their IP address wrong, it shows their original IP address before YazFi re-allocates them.

E.g. A device will be using the address 192.168.3.168 and YazFi option #2 in SSH shows that address. But the Wireless log on the UI shows 192.168.1.244.

I think the devices connect to the router before YazFi starts and get the 192.168.1.244 type address, they then get thrown off by YazFi and reconnect with the 192.168.3.168 type addresses but the Wireless log doesn't get updated.

It seems to happen at random, about half of the are wrong and it's different devices affected each time.

Any ideas?

and are mine, no idea why.

 

[JT Strickland]

How can I change the IP on guest network 1? I am unable to edit it or the dns server.
GN1 shows DNS ask 192.168.2.1 for both, when the others show google (8.8.8.8 & 8.8.4.4)
Even with 1disabled, when I try to activate the 5 Ghz GN2, I get the message

192.168.2.1 Validation for some fields failed, shown below. Please correct invalid values and try again.

2.4GHz Guest Network 1 - IP Address - LAN IP conflict

My primary network's subnet is set to 192.168.2 because of potential confilct with isp router if I have to connect it. It seems locked in to that on GN1.
Might be easier to just change primary back to 192.168.1

 

[bennor]

How can I change the IP on guest network 1? I am unable to edit it or the dns server.
GN1 shows DNS ask 192.168.2.1 for both, when the others show google (8.8.8.8 & 8.8.4.4)
Even with 1disabled, when I try to activate the 5 Ghz GN2, I get the message

My primary network's subnet is set to 192.168.2 because of potential confilct with isp router if I have to connect it. It seems locked in to that on GN1.
Might be easier to just change primary back to 192.168.1

Could be that the router is locking Guest network 1 for the AIMesh. Apparently its a known issue with some setups that Asus is using guest network 1 for the AIMesh which forces users to use Guest network's 2 and 3.

Sometimes one may need to use the YazFi CLI (/jffs/scripts/YazFi option #3 - Edit YazFi Config) to modify the various settings including the IP address and DNS address's. Each of the guest networks in YazFi need their own unique IP address range.

Example IP address ranges for YazFi if the main LAN is 192.168.2.1.
2.4 GHz Guest Network 1: 192.168.3.0
2.4 GHz Guest Network 2: 192.168.4.0
2.4 GHz Guest Network 3: 192.168.5.0
5 GHz Guest Network 1: 192.168.6.0
5 GHz Guest Network 2: 192.168.7.0
5 GHz Guest Network 3: 192.168.8.0
5GHz - 2 Networks
Guest Network 1: 192.168.9.0
Guest Network 2: 192.168.10.0
Guest Network 3: 192.168.11.0

 

[JT Strickland]

Could be that the router is locking Guest network 1 for the AIMesh. Apparently its a known issue with some setups that Asus is using guest network 1 for the AIMesh which forces users to use Guest network's 2 and 3.

Sometimes one may need to use the YazFi CLI (/jffs/scripts/YazFi option #3 - Edit YazFi Config) to modify the various settings including the IP address and DNS address's. Each of the guest networks in YazFi need their own unique IP address range.

Example IP address ranges for YazFi if the main LAN is 192.168.2.1.
2.4 GHz Guest Network 1: 192.168.3.0
2.4 GHz Guest Network 2: 192.168.4.0
2.4 GHz Guest Network 3: 192.168.5.0
5 GHz Guest Network 1: 192.168.6.0
5 GHz Guest Network 2: 192.168.7.0
5 GHz Guest Network 3: 192.168.8.0
5GHz - 2 Networks
Guest Network 1: 192.168.9.0
Guest Network 2: 192.168.10.0
Guest Network 3: 192.168.11.0

Thanks, I didn't even think about the CLI, just couldn't modify it in the User interface on the router page. That may also be the basis for other issues I've been having, even though GN1 isn't activated.

EDIT: Yea, that did it for me with that issue, but my other bugs still need exterminating.

 

[paulmorabi]

Is it possible that YazFi can accept a ip6 address for the DNS fields? I’m using a smart dns service and they support multiple profiles but only the default profile is available by ip4 address.