Feature expansion of guest WiFi networks on AsusWRT-Merlin, including, but not limited to:
- Dedicated VPN WiFi networks
- Separate subnets for organisation of devices
- Restrict guests to only contact router for ICMP, DHCP, DNS, NTP and NetBIOS
- Allow guest networks to make use of pixelserv-tls (if installed)
- Allow guests to use a local DNS server
- Extend DNS Filter to guest networks
YazFi is free to use under the GNU General Public License version 3 (GPL 3.0).
Love the script and want to support future development? Any and all donations gratefully received!
 PayPal donation |
 |
|---|
You must be running firmware no older than:
- Asuswrt-Merlin 384.5
- john9527 fork 374.43_32D6j9527
You must be running firmware Merlin 384.15/384.13_4 or Fork 43E5 (or later) Asuswrt-Merlin
Using your preferred SSH client/terminal, copy and paste the following command, then press Enter:
/usr/sbin/curl -fsL --retry 3 "https://jackyaz.io/YazFi/master/install/YazFi.sh" -o /jffs/scripts/YazFi && chmod 0755 /jffs/scripts/YazFi && /jffs/scripts/YazFi installPlease then follow instructions shown on-screen. An explanation of the settings is provided in the FAQs
YazFi can be configured via the WebUI, in the Guest Network section.
To launch the YazFi menu after installation, use:
YazFiIf you do not have Entware installed, you will need to use the full path:
/jffs/scripts/YazFi
Please post about any issues and problems here: Asuswrt-Merlin AddOns on SNBForums
Enable YazFi for this Guest Network (true/false)
IP address/subnet to use for Guest Network
Start of DHCP pool (2-253)
End of DHCP pool (3-254)
DHCP Lease Time: 120 to 7776000 seconds (2 minutes to 90 days). Values can be entered in seconds (e.g. 86400s), minutes (e.g. 1440m), hours (e.g. 24h), days (e.g. 2d), or weeks (e.g. 2w). A single digit ZERO '0' or an upper-case letter 'I' indicates that an "infinite" lease time value will be applied.
IP address for primary DNS resolver
IP address for secondary DNS resolver
Should Guest Network DNS requests be forced/redirected to DNS1? (true/false) N.B. This setting is ignored if sending to VPN, and VPN Client's DNS configuration is Exclusive
Should Guest Network traffic be sent via VPN? (true/false)
The number of the VPN Client to send traffic through (1-5)
Should LAN/Guest Network traffic have unrestricted access to each other? (true/false) Cannot be enabled if _ONEWAYTOGUEST is enabled
Should LAN be able to initiate connections to Guest Network clients (but not the opposite)? (true/false) Cannot be enabled if _TWOWAYTOGUEST is enabled
Should Guest Network radio prevent clients from talking to each other? (true/false)
Yes. YazFi supports calling custom scripts after setting up the guest network. To use a user script, create your script file the appropriate directory with a .sh extension. e.g.
/jffs/addons/YazFi.d/userscripts.d/myscript.shRemember to make it executable with
chmod +x /jffs/addons/YazFi.d/userscripts.d/myscript.shAn example script to allow a guest on 2.4GHz guest 1 to talk to a specific IP address on the LAN:
#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o br0 -d 192.168.1.50 -j ACCEPTThe above will work if "One way" access to the guest enabled. With no access enabled, the script would be:
#!/bin/sh
iptables -I YazFiFORWARD -i wl0.1 -o br0 -d 192.168.1.50 -j ACCEPT
iptables -I YazFiFORWARD -i br0 -o wl0.1 -s 192.168.1.50 -j ACCEPTInstalls and updates for this addon are redirected via the Scarf Gateway by Scarf. This allows me to gather data on the number of new installations of my addons, how often users check for updates and more. This is purely for my use to actually see some usage data from my addons so that I can see the value provided by my continued work. It does not mean I am going to start charging to use my addons. My addons have been, are, and will always be completely free to use.
Please refer to Scarf's Privacy Policy for more information about the data that is collected and how it is processed.