AB-Solution - The Ad Blocking Solution

[thelonelycoder]

When go to www.googleadservices.com

The page doesn't load its just blank and I don't see that cert invalid error.

That defaults to port 80, the http protocol.
Use https://www.googleadservices.com to test it. Mine is a solid green padlock, with the pixelserv-tls certificate from the router.

 

[thelonelycoder]

I'm trying to understand the blocking. I use my VPN to watch bicycle racing in Europe since it is not available here in the US. Many of the nasty popups are blocked, but every so often I get one that I try to add to the blacklist. About 4 out of 5 state they are already there like this -

But they still open a page and display the ad anyway.

What don't I understand?

AC68U 380.666_4 AB-Solutions 3.8.1 in Entware on a USB stick.

It would help if you post the url you watch the racing on.

 

[thelonelycoder]

I have never been a massive fan of ad blocking as it often broke things like cashback site tracking, I like the ability to whitelist so I am giving it a go.
The whole certificate thing was a bit of a faff but my laptop seems to be working ok now without kaspersky constantly whining about broken certificates.

Quidco isnt white or blacklisted but it still stalls when following a link due to the affiliate sites, is it a matter of adding each frozen domain to the whitelist?

Thanks.

Without having an account there, I'm unable to help in this particular case.
Some problems are expected with the brute force this ad-blocker works.
Try whitelisting one of the 'frozen' domains. But if that's a common ad provider it may have a negative impact on other websites as well.

 

[thelonelycoder]

I checked the thread and the google ad service issue still seems to be unresolved, I now get this following a google link

Your connection is not private

Attackers might be trying to steal your information from www.googleadservices.com (for example, passwords, messages or credit cards). NET::ERR_CERT_INVALID

Does anyone have a fix for this with pixelserv installed?

Thanks.

The only solution is to add the certificate to your browser for that domain.
Also, try reloading it, the first time you visit a https page, pixelserv-tls needs to create the certificate first. This is logged to the Syslog.

 

[GoNz0]

The only solution is to add the certificate to your browser for that domain.
Also, try reloading it, the first time you visit a https page, pixelserv-tls needs to create the certificate first. This is logged to the Syslog.

Yeah I watched the logs to see it had been created but still no joy, without pixelserv installed after a clean install of the router it can't see www.googleadservices.com at all and gives a DNS error, after that with pixelserv installed I get the above issue and seem to have no way to get to the site so I am not sure how I get the certificate for it?

Bit stumped now

 

[thelonelycoder]

You can't get to the site because it is blocked. Accept the certificate while the empty site loads, probably have to add it as an exception. This is browswer dependent.

 

[Butterfly Bones]

It would help if you post the url you watch the racing on.

Of course. This is the gateway if you will, then they link to the sites who carry the streams. Some days there are none, like today.

https://www.vipleague.se/sports/cycling.html

Thank you for the great application!

 

[GoNz0]

The only solution is to add the certificate to your browser for that domain.
Also, try reloading it, the first time you visit a https page, pixelserv-tls needs to create the certificate first. This is logged to the Syslog.

Still stumped, I managed to export the certificate from the page and import it into trusted root and intermediate cert auth both local machine and user and still the same, what am I missing?

*edit, seems I was missing the ca.crt, I imported that and my laptop at least is working.

With Kaspersky scanning secure connections it spat out the original error until I turned off the bit that blocks SSL 2.0 connections and now it works!

Outlook doesn't so I am giving up on kaspersky scanning secure connections, not like I use parental controls or safe money!


Damn, still the same issue on my phone though. I tried importing the ca.crt and it didn't help?

 

[Irken Skoodge]

I have the latest version with pixelserv and when I go to https://www.boston.com/ on my iPad or iPhone I get all ads blocked but on my pc and mac the ads are shown. Other ads are blocked on pc and mac but this site lets them in. Am I doing something wrong?

 

[apokrif]

What's your router's IP?
If it is 10.0.0.1, then your DHCP range should be set to:
10.0.0.2 to 10.0.0.250 and it will give you that option to use 10.0.0.254
Stick with what it suggests. It works best that way.

It was 10.0.0.2...10.0.0.254.
AFAIR, it didn’t suggest moving upper limit, but only lower one.
If it did, I’d do it.
I did move lower and pixelserv-tls got 10.0.0.2.
Could you tell, how do I move it to 10.0.0.254 instead, please?

BTW: I was wondering, if it’s easier to add DHCP reservation for pixelserv-tls instead of DHCP range change?

I don't think it works that way. Pixelserv listens on that ip/port, but doesn't pull an ip address from the DHCP server. AB-solution is just making sure nothing else responds on that IP.

I didn’t suggest to get an IP from DHCP. I suggest reserving it only, so it won’t be given to anything else.

 

[thelonelycoder]

I have the latest version with pixelserv and when I go to https://www.boston.com/ on my iPad or iPhone I get all ads blocked but on my pc and mac the ads are shown. Other ads are blocked on pc and mac but this site lets them in. Am I doing something wrong?

If the ads you see on that site are the only ones you see and no other ads are shown on other websites, then try hitting the reload button. This might be a caching issue.
However, if you see ads on other sites on your Mac or PC then check the DNS Server settings on these devices. They MUST point to your router's IP address.

 

[thelonelycoder]

It was 10.0.0.2...10.0.0.254.
AFAIR, it didn’t suggest moving upper limit, but only lower one.
If it did, I’d do it.
I did move lower and pixelserv-tls got 10.0.0.2.

I have to be brief with the explanatory text, there's only so much room without it getting cluttered.
Use your imagination. If you were to lower the upper limit, then AB can suggest to use it. If not then it can't.

Could you tell, how do I move it to 10.0.0.254 instead, please?

In the ps menu, select '7. Reset pixelserv settings, change PS IP'. Then start the ps install again, only this time lower the upper DHCP limit.

I didn’t suggest to get an IP from DHCP. I suggest reserving it only, so it won’t be given to anything else.

That is exactly what the DHCP range limitation does.
It will not prevent other devices from using it if you manually assign an IP outside the DHCP range, but this is described in the help text.

 

[GoNz0]

Still stumped, I managed to export the certificate from the page and import it into trusted root and intermediate cert auth both local machine and user and still the same, what am I missing?

*edit, seems I was missing the ca.crt, I imported that and my laptop at least is working.

With Kaspersky scanning secure connections it spat out the original error until I turned off the bit that blocks SSL 2.0 connections and now it works!

Outlook doesn't so I am giving up on kaspersky scanning secure connections, not like I use parental controls or safe money!


Damn, still the same issue on my phone though. I tried importing the ca.crt and it didn't help?

Any advice before I give up on this?

 

[Xentrk]

It was 10.0.0.2...10.0.0.254.
AFAIR, it didn’t suggest moving upper limit, but only lower one.
If it did, I’d do it.
I did move lower and pixelserv-tls got 10.0.0.2.
Could you tell, how do I move it to 10.0.0.254 instead, please?

I didn’t suggest to get an IP from DHCP. I suggest reserving it only, so it won’t be given to anything else.

To add on to what @thelonelycoder said, the IP address pool on your LAN section of this wiki should be of some help in how to change the IP range as well as context in pixelserv config best practices for ASUS Merlin firmware.
https://github.com/kvic-z/pixelserv-tls/wiki/How-to-best-run-pixelserv-tls-on-Asuswrt-Merlin

 

[thelonelycoder]

To add on to what @thelonelycoder said, the IP address pool on your LAN section of this wiki should be of some help in how to change the IP range as well as context in pixelserv config best practices for ASUS Merlin firmware.
https://github.com/kvic-z/pixelserv-tls/wiki/How-to-best-run-pixelserv-tls-on-Asuswrt-Merlin

As you know, AB-Solution's install script follows to the dot @kvic's helpful advice and suggestions.

 

[thelonelycoder]

Any advice before I give up on this?

Clear browser cache if possible, force close browser app, reboot phone, have iOS/Android coder code a fix.
I never have a problem on my iOS/Android phones.
On Android, I use Firefox, on iOS iCAB Mobile.

 

[Beherit]

Clear browser cache if possible, force close browser app, reboot phone, have iOS/Android coder code a fix.
I never have a problem on my iOS/Android phones.
On Android, I use Firefox, on iOS iCAB Mobile.

I am pretty certain that this happens either because of a change in some obscure OS X/iOS security setting or anti-virus software with "net protection" that insists on doing an extra certificate check. Which, of course, fails, as the certificate is generated and self-signed by pixelserv.

I had similar errors as @GoNz0 with ESET NOD32 anti-virus on Windows. No matter how many times I imported the certificate (both into windows, the browser(s) and NOD32) or clicked "Always accept this certificate", I couldn't get it to work. In the end, disabling TLS certification check inside NOD32 "fixed" it.

 

[Beherit]

Yeah I watched the logs to see it had been created but still no joy, without pixelserv installed after a clean install of the router it can't see www.googleadservices.com at all and gives a DNS error, after that with pixelserv installed I get the above issue and seem to have no way to get to the site so I am not sure how I get the certificate for it?

Bit stumped now

If you're saying that you cannot access googleadservices.com from a router that's been factory reset and without AB-solution installed, then your problem has nothing to do with AB-Solution or pixelserv.

I'm guessing it's either some certificate cache in your browser, or more likely Kaspersky's certificate validation and/or net protection that filters every domain you access through their servers. You might wanna check your browser extensions too if you use any that block/validate/check/secure access in any way.

Net protection and security validations in anti-virus software is very sensitive and notorious for acting dodgy whenever network changes occur. I find it particularly headache inducing in combination with Windows 10 and WiFi. Trivial changes such as changing to a mobile connection or switching WiFi network forced me to reboot to gain back network access on my Win 10 laptop. In the end, I opted out and disabled net protection in NOD32.

 

[GoNz0]

If you're saying that you cannot access googleadservices.com from a router that's been factory reset and without AB-solution installed, then your problem has nothing to do with AB-Solution or pixelserv.

I'm guessing it's either some certificate cache in your browser, or more likely Kaspersky's certificate validation and/or net protection that filters every domain you access through their servers. You might wanna check your browser extensions too if you use any that block/validate/check/secure access in any way.

Net protection and security validations in anti-virus software is very sensitive and notorious for acting dodgy whenever network changes occur. I find it particularly headache inducing in combination with Windows 10 and WiFi. Trivial changes such as changing to a mobile connection or switching WiFi network forced me to reboot to gain back network access on my Win 10 laptop. In the end, I opted out and disabled net protection in NOD32.

My final issue after working around the others was android chrome browser still not being able to follow a google ad link, I had it working fine on my laptop.

 

[Beherit]

My final issue after working around the others was android chrome browser still not being able to follow a google ad link, I had it working fine on my laptop.

Try disabling Google's phishing and malware protection in the privacy settings.

If it doesn't help and you have more time to spare, try exporting the pixelserv certificate and importing it to your Android phone.

Instructions on how to export it: https://github.com/kvic-z/pixelserv-tls
And the easiest way I found to import it to Android devices: http://cadroid.bitfire.at