Menu Close

Allow Guest WiFi to use Pi-hole on Asuswrt-Merlin

I enabled the Guest WiFi on my Asuswrt-Merlin router, so that some of my IoT devices could be separated from my network. What I soon discovered was that I could not get an internet connection on the Guest WiFi because the DNS server on my LAN is an internal address pointing to my Pi-hole, and the Guest WiFi was preventing access to my LAN.

After some research I found a project on GitHub called YazFi which would allow the Guest Wifi to communicate with the router to allow (among other things) access to my internal DNS server.

Getting up and running with YazFi is very, very straight forward. The setup instructions are on but I’ll provide a quick summary below.


You will need a router running Asuswrt-Merlin firmware and SSH access to the router. For more information on Asuswrt-Merlin, see
  1. Log into the router’s GUI and create a new Guest WiFi network, with an SSID and a passphrase.
  2. Open an SSH session to your router, then copy/paste the following command and press Enter:

  1. This will install YazFi. Once it it’s installed, press Enter.
  2. In the console, type in YazFi to launch the application.
  3. In the menu, type in 3. Edit YazFi config then press Enter. You will be asked to select an editor – for simplicity use nano.
  4. In the editor, edit the options for each Guest WiFi you have setup. In my case, I only have one so I will be modifying the wl01 section. Below is what my config file looks. Note that you will need to reference the Explanation of YazFi settings section to modify this for your network, but the important part here was that I change the DNS, both DNS1 and DNS2 to point to my internal Pi-hole which is on

  1. Once you have made your changes, hit CTRL + X. You will be asked to save your script.
  2. Back at the main menu type 1 then press Enter to apply the YazFi configuration.

The application will now launch and apply your settings. Once it’s ready, you should now be able to connect your Guest Wifi to the internet and have it pass through your Pi-hole so that it can also block ads.

And yes, YazFi will automatically launch on a router reboot.


Edit: There is one setting in that needs to be adjusted in Pi-hole as mentioned by SpasilliumNexus in the comments below for this to work correctly. I had already set this option in my Pi-hole, so I missed it in this guide.

  1. Log into your Pi-hole and click on Settings, then click on the DNS tab at the top.
  2. Change the option in Interface listening behavior to Listen on all interfaces, permit all origins.
  3. Click on Save at the bottom.


Posted in ASUS, Asuswrt-Merlin, Pi-hole


  1. SpasilliumNexus

    For my setup, an Asus RT-AX88U, with Pihole set up as a DNS server, I had to switch my interface listening behavior in Pihole to “Listen on all interfaces, permit all origins” in order for my guest networks to connect to the internet.

    • Nick

      Thanks for the tip. Looks like my Pi-hole was already set this way, which is why it wasn’t mentioned in the guide. I’ll update the post to reflect this.

  2. Cynic

    @spasilliumnexus – thank you! I was banging my head against this issue for hours before reading your reply here. Setting pi-hole to “Listen on all interfaces, permit all origins” finally got the internet working on my guest wifi subnets, too.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.