YazFi YazFi v4.x

[Jack Yaz]

Will this affect my main 2.4Ghz SSID or only the guest SSID? Thanks!

itll affect main 2.4ghz while you find the right value, but you can put it back after. i have no idea if setting it manually for the guest ssid interface will work

 

[Serkan K.]

v4.2.1 is now available
Changelog:

• NEW: Allow client isolation for AX88U on 386 f/w and later
• NEW: Guest clients will traverse NAT if connecting to public IP service on self
• NEW: If VPN redirection is enabled, YazFi will set policy routing for the VPN client automatically
• NEW: Add firewall rules if NTP redirection is enabled (ntpMerlin only)
• FIXED: Apple devices should no longer keep adding a numerical suffix to their name
• FIXED: If invalid settings for an interface are detected this will no longer produce a hard failure
• CHANGED: Move DHCP configuration to dedicated file. YazFi contents are now appended by dnsmasq.postconf and not dnsmasq.conf.add
• CHANGED: Remove xt_comment module check. This check isn't needed in most firmware versions now

Jack, thank you for adding NTP redirection rules. I can now see devices on my guest network using ntpMerlin.

 

[paulmorabi]

Hi, I've noticed this mentioned before without a clear solution. I'm using latest YazFi on an RT-AX88U and am having issues with Apple devices adding numbers after the device name. Is there a confirmed fix or way to avoid this?

 

[bennor]

Hi, I've noticed this mentioned before without a clear solution. I'm using latest YazFi on an RT-AX88U and am having issues with Apple devices adding numbers after the device name. Is there a confirmed fix or way to avoid this?

Just to confirm, are you using the latest version of YazFi: v4.2.1? The change log (see Jack's post one page back) for v4.2.1 indicated that issue was apparently fixed. Basic troubleshooting, do a YazFi force update through the command line console (option: uf). Also try a router reboot after updating YazFi.

Edit: A manual option to try and address the issue was mentioned previously in another thread. See Jack's post in: host name already in use on macOS with YazFi

echo "sed -i '/^\[Server\]/a cache-entries-max=0' "'"$1" # '"YazFi" >> /jffs/scripts/avahi-daemon.postconf
service restart_mdns

 

[paulmorabi]

Just to confirm, are you using the latest version of YazFi: v4.2.1? The change log (see Jack's post one page back) for v4.2.1 indicated that issue was apparently fixed. Basic troubleshooting, do a YazFi force update through the command line console (option: uf). Also try a router reboot after updating YazFi.

Edit: A manual option to try and address the issue was mentioned previously in another thread. See Jack's post in: host name already in use on macOS with YazFi

echo "sed -i '/^\[Server\]/a cache-entries-max=0' "'"$1" # '"YazFi" >> /jffs/scripts/avahi-daemon.postconf
service restart_mdns

Thanks for the reply. I've updated to 4.2.1. It's only been a few moments so I'll monitor and post back if it's still occurring.

 

[paulmorabi]

Thanks for the reply. I've updated to 4.2.1. It's only been a few moments so I'll monitor and post back if it's still occurring.

After a few hours and 2 router reboots, it's definitely still occurring. Am definitely using the latest version (4.2.1). Is there anything else I should check?

 

[Jack Yaz]

After a few hours and 2 router reboots, it's definitely still occurring. Am definitely using the latest version (4.2.1). Is there anything else I should check?

have you tried restarting the offending devices?

 

[paulmorabi]

have you tried restarting the offending devices?

Yep, restarted all devices and even gave them new names and it keeps happening.

EDIT: It's been ~16 hours since I ran the above sed command and did the restart. So far, so good. Do I need to do this on each reboot, ASUSWRT update or plugin-in?

 

[angela_brite]

I happened to click the update button on the YazFi WebUI screen and it states a new version of 4.2.1-hotfix is available. What's included in this fix?

I checked GitHub and there's only a recent commit to master for something about replacing TravisCI with Github Actions, but there's no release or tags.

 

[bennor]

What's included in this fix?

Edit: Never mind. Its a hotfix.

 

[Jack Yaz]

I happened to click the update button on the YazFi WebUI screen and it states a new version of 4.2.1-hotfix is available. What's included in this fix?

I checked GitHub and there's only a recent commit to master for something about replacing TravisCI with Github Actions, but there's no release or tags.

hotfix releases are minor and no version change. in this case, it was some script changes for github actions/shellcheck to pass

 

[Ydnaroo]

Hi. I've got an RT-AX86U running Merlin 386.2.6 with YazFi 4.2.1 just installed. I've set up a Guest 1 5G connection and setup YazFi with 'Redirect all to VPN'' to point to a VPN connection set to 'Exclusive' DNS. All seems to work when I connect using the Guest WiFi and a DNS Leak test shows that the VPN is working using the VPN supplied DNS. I've got a RPi with PiHole & Unbound running on the main router subnet. I've read at the top of the thread that there is a feature to 'Allow guests to use a local DNS server', is there a way to set the RPi DNS as the server for my Guest/YazFi connection? Andy

 

[Jack Yaz]

Hi. I've got an RT-AX86U running Merlin 386.2.6 with YazFi 4.2.1 just installed. I've set up a Guest 1 5G connection and setup YazFi with 'Redirect all to VPN'' to point to a VPN connection set to 'Exclusive' DNS. All seems to work when I connect using the Guest WiFi and a DNS Leak test shows that the VPN is working using the VPN supplied DNS. I've got a RPi with PiHole & Unbound running on the main router subnet. I've read at the top of the thread that there is a feature to 'Allow guests to use a local DNS server', is there a way to set the RPi DNS as the server for my Guest/YazFi connection? Andy

if you set the RPi IP as the Guest's DNS IP and enable YazFi's force dns, it should be OK

 

[Ydnaroo]

if you set the RPi IP as the Guest's DNS IP and enable YazFi's force dns, it should be OK

Thanks. Tried that but still showing VPN DNS. Should VPN still be set to exclusive for this to work?

 

[Jack Yaz]

Thanks. Tried that but still showing VPN DNS. Should VPN still be set to exclusive for this to work?

YazFi sets up dnsmasq to assign the specific DNS so it should be skipping the "exclusive" VPN dns. on the device, can you check what DNS address it has been given. try rebooting the device and then check PiHole to see if you see any queries coming through

 

[bennor]

Thanks. Tried that but still showing VPN DNS. Should VPN still be set to exclusive for this to work?

If using the Client VPN OpenVPN Client Settings, shouldn't one be setting the option Accept DNS Configuration to Disable if they want to use their local DNS servers? That way the Guest YazFi clients use the DNS from YazFi and not from the VPN Server on the other end of the tunnel? From the Tooltip for that option:

How should your router handle DNS servers pushed by the remote VPN server. Disabled = ignore them, Relaxed = Just add to list of known DNS, Strict - Add to list, but use all servers in order specified, Exclusive - use only these servers for all queries from clients routed through the tunnel.

 

[Ydnaroo]

YazFi sets up dnsmasq to assign the specific DNS so it should be skipping the "exclusive" VPN dns. on the device, can you check what DNS address it has been given. try rebooting the device and then check PiHole to see if you see any queries coming through

No, no joy after reboot. Still showing the VPN DNS in DNS Leaktest and nothing shown in PiHole logs and Ad blocking not working. Thanks for the suggestion.

 

[Ydnaroo]

If using the Client VPN OpenVPN Client Settings, shouldn't one be setting the option Accept DNS Configuration to Disable if they want to use their local DNS servers? That way the Guest YazFi clients use the DNS from YazFi and not from the VPN Server on the other end of the tunnel? From the Tooltip for that option:

I've tried Disabled, Relaxed and Strict and get no DNS at all. The tunnel is working as I can ping outside IPs but no DNS. Should I be rebooting each time I change a setting?

 

[Ydnaroo]

I seem to recall reading that the YazFi DNS settings are ignored if the VPN is set to Exclusive. Also, posts on the first page on this thread (13 Feb 21) seems to say that Force DNS implements DoT. I'm confused and way, way out of my depth.

 

[Jack Yaz]

I'll point one of my guests at a vpn and see if somethings changed