Diversion Setup Questions

[merlin_user]

Hi all, I have a few questions after installing Diversion:

1) After installation, there was a message to install the ca.crt from the pixelserv server (192.168.2.2/ca.crt). Do I have to install pixelserv-tls ca.crt onto my devices (iOS, Android, PC) for the adblocking to work?

2) I have tested that adblocking works with my current WAN DNS config , however do I have to modify anything else like DNSFilter?

3) On my devices, do I have to manually set the DNS IP to my router (192.168.2.1) or pixelserv-tls server (192.168.2.2) or automatic? Is there any differences between setting it to router or pixelserv-tls?

4) Occasionally I get "Your connection is not private" NET::ERR_CERT_INVALID and expanding the information reveals that the issuer is Pixelserv CA, is that the default behaviour that shows that Diversion/pixelserv-tls is working?


Sorry for the long questions as I'm still pretty new to setting up these services!

 

[Treadler]

Hi all, I have a few questions after installing Diversion:

1) After installation, there was a message to install the ca.crt from the pixelserv server (192.168.2.2/ca.crt). Do I have to install pixelserv-tls ca.crt onto my devices (iOS, Android, PC) for the adblocking to work?

2) I have tested that adblocking works with my current WAN DNS config View attachment 20419 , however do I have to modify anything else like DNSFilter?

3) On my devices, do I have to manually set the DNS IP to my router (192.168.2.1) or pixelserv-tls server (192.168.2.2) or automatic? Is there any differences between setting it to router or pixelserv-tls?

4) Occasionally I get "Your connection is not private" NET::ERR_CERT_INVALID and expanding the information reveals that the issuer is Pixelserv CA, is that the default behaviour that shows that Diversion/pixelserv-tls is working?


Sorry for the long questions as I'm still pretty new to setting up these services!

Welcome to the forum!

Pixelserv set up here,
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

1. Yes, each & every client where possible.
2. I enable dns filtering. Set to ‘router’. Make all the custom fields blank/empty, then ‘apply’.
3. Re your clients, leave at ‘auto’ & they should home in on the router without further input.
4. Perform the pixelserv set up exactly as above, I think that will fix.

 

[heysoundude]

Install your certificate on all connected devices. That’s when the magic will start.

(Which reminds me, I have recently added a new machine to mine and have to do the same, so thank you!)


Sent from my iPhone using Tapatalk

 

[merlin_user]

Thank you @Treadler and @heysoundude for the prompt reply! So I upgraded pixelserv-tls to v2.3.0 and reimported the certificates and now I am not getting the certificate error anymore (which I presume pixelserv-tls is working!)

Side question:
I want to use Cloudflare DNS over TLS, however going to https://1.1.1.1/help shows that I'm not using 1.1.1.1 even though my router is set up accordingly. Am I setting something wrongly?

WAN DNS Setting:

DNSFilter Setting:

 

[Treadler]

Thank you @Treadler and @heysoundude for the prompt reply! So I upgraded pixelserv-tls to v2.3.0 and reimported the certificates and now I am not getting the certificate error anymore (which I presume pixelserv-tls is working!)

Side question:
I want to use Cloudflare DNS over TLS, however going to https://1.1.1.1/help shows that I'm not using 1.1.1.1 even though my router is set up accordingly. Am I setting something wrongly?

WAN DNS Setting:
View attachment 20420
DNSFilter Setting:
View attachment 20421

1. Under dns filter, the ‘custom user defined dns’ fields should be empty/blank.

2. Known issue, that site doesn’t work right if you have dnssec enabled.

 

[dave14305]

1. Under dns filter, the ‘custom user defined dns’ fields should be empty/blank.

That’s really a myth. If no one chooses Custom 1, 2 or 3 from the drop down then it doesn’t matter if they are populated or not. The important thing when using Router mode is to make sure LAN DHCP DNS server 1 is blank.

 

[merlin_user]

That’s really a myth. If no one chooses Custom 1, 2 or 3 from the drop down then it doesn’t matter if they are populated or not. The important thing when using Router mode is to make sure LAN DHCP DNS server 1 is blank.

I see... so I experimented with:

LAN - DHCP Server:
DNS Server 1 and Server 2: empty

DNSFilter:
- Global Filter Mode: Router
- Custom (user-defined) DNS 1/2/3: empty

WAN:
- DNS Server1: 1.1.1.1
- DNS Server2: 1.0.0.1
- Enable DNSSEC support: No

And tested against https://1.1.1.1/help and it finally detected that I am using 1.1.1.1, so I re-enabled DNSSEC.

So I guess my set-up is as follows?

- Any local device's DNS request will be made to Diversion
- Diversion will then forward the request to 1.1.1.1 (over DoT) if it's not cached locally
OR Diversion will block the request by serving pixelserv's blank page

 

[dave14305]

- Any local device's DNS request will be made to Diversion
- Diversion will then forward the request to 1.1.1.1 (over DoT) if it's not cached locally
OR Diversion will block the request by serving pixelserv's blank page

Technically, it's dnsmasq on the router (enhanced by Diversion) that's accepting the DNS requests and forwarding them. But it looks good to me! Live ad-free!