Diversion Diversion - the Router Ad-Blocker v4.2.x (see new thread for 4.3.x)

[rankok]

Does anybody else have issues to update Diversion?

 

[Safar]

Does anybody else have issues to update Diversion?

Absolutelly the same issue.

Added: https://diversion.ch/ is accessable via same router

 

[Twiglets]

Does anybody else have issues to update Diversion?

Ditto, I thought I was somehow being blocked by the diversion.ch site ???

I had Diversion 4.1.12 running fine on RT-AC56U and now I cannot install amtm to do a fresh install 'from scratch'. !!!

I have tried installing the 374.43 LTS firmware and got the same issues.

Got Diversion 4.2.0 installed and running on 2 routers with no problem.
Must be missing something obvious !!!

 

[PeterR]

Does anybody else have issues to update Diversion?

I can force update Diversion, maybe you need to update the entware ca-certificates package?

 

[Twiglets]

Ditto, I thought I was somehow being blocked by the diversion.ch site ???

I had Diversion 4.1.12 running fine on RT-AC56U and now I cannot install amtm to do a fresh install 'from scratch'. !!!

I have tried installing the 374.43 LTS firmware and got the same issues.

Got Diversion 4.2.0 installed and running on 2 routers with no problem.
Must be missing something obvious !!!

This is the verbose error messages I get if I try to download 'amtm' from diversion.ch !!!

admin@RT-AC56U:/tmp/home/root/test# curl -v -v -v -Os http://diversion.ch/amtm/amtm
* Trying 80.74.145.140...
* TCP_NODELAY set
* Connected to diversion.ch (80.74.145.140) port 80 (#0)
> GET /amtm/amtm HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Sun, 03 Oct 2021 16:09:00 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://diversion.ch/amtm/amtm
<

 

[dave14305]

This is the verbose error messages I get if I try to download 'amtm' from diversion.ch !!!

Run the same test with https://diversion.ch/amtm/amtm

curl -vvv https://diversion.ch/amtm/amtm -o /dev/null
*   Trying 80.74.145.140:443...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to diversion.ch (80.74.145.140) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4045 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=diversion.ch
*  start date: Aug  5 23:06:51 2021 GMT
*  expire date: Nov  3 23:06:49 2021 GMT
*  subjectAltName: host "diversion.ch" matched cert's "diversion.ch"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
} [5 bytes data]
> GET /amtm/amtm HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/7.76.1
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 03 Oct 2021 19:30:27 GMT
< Content-Type: text/plain
< Content-Length: 35187
< Connection: keep-alive
< Vary: Accept-Encoding
< Last-Modified: Sun, 11 Jul 2021 14:58:38 GMT
< Accept-Ranges: none
< Vary: Accept-Encoding
<
{ [16127 bytes data]
100 35187  100 35187    0     0  55587      0 --:--:-- --:--:-- --:--:-- 69677
* Connection #0 to host diversion.ch left intact

 

[MXM]

Run the same test with https://diversion.ch/amtm/amtm

I'm having the same problem on a RT-AC3200.... Unable to update Diversion at all....

admin@RT-AC3200:/tmp/home/root# curl -vvv https://diversion.ch/amtm/amtm -o /dev/null
* Trying 80.74.145.140:443...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to diversion.ch (80.74.145.140) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4038 bytes data]
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
} [2 bytes data]
* SSL certificate problem: certificate has expired
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

 

[Twiglets]

I'm having the same problem on a RT-AC3200.... Unable to update Diversion at all....

admin@RT-AC3200:/tmp/home/root# curl -vvv https://diversion.ch/amtm/amtm -o /dev/null
* Trying 80.74.145.140:443...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to diversion.ch (80.74.145.140) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4038 bytes data]
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
} [2 bytes data]
* SSL certificate problem: certificate has expired
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Ditto.

Mistyped the original commandline

Not sure what files I need to change & how/where !!!???

Solved:
http://www.snbforums.com/threads/ac87u-all-download-attempts-failed.75049/post-716574

 

[dave14305]

Ditto.

Mistyped the original commandline

Not sure what files I need to change & how/where !!!???

It all goes back to the Let's Encrypt root cert expiry. Normally, you could just install curl and ca-certificates from Entware but amtm won't look at Entware's curl. Or see if the AC87U fork has updated certs.

 

[Jack Yaz]

It all goes back to the Let's Encrypt root cert expiry. Normally, you could just install curl and ca-certificates from Entware but amtm won't look at Entware's curl. Or see if the AC87U fork has updated certs.

Completely wild idea but could you bind mount Entware's curl over the busybox version?

mount -o bind /opt/bin/curl /usr/sbin/curl

 

[BikeHelmet]

Completely wild idea but could you bind mount Entware's curl over the busybox version?

mount -o bind /opt/bin/curl /usr/sbin/curl

On my RT-AC3200 at least, there is no curl at that location. I am not sure where it is actually stored?

I'd like to get updated, so once someone has a simple command, let me know and I'll punch it into my router.

 

[thelonelycoder]

Sorting the Whitelist causes the operation to crash within diversion, with the following message:

Sort the file now? [1=Yes e=Exit] 1
awk: cmd. line:1: Unexpected end of string


After which the whitelist is completely wiped (0 entries).

Any ideas?
(obviously I just restored the whitelist from backups, just pointing this out in case it's an obvious bug)

Seeing the same error when sorting wc_blacklist.

Sort the file now? [1=Yes e=Exit] 1
awk: cmd. line:1: Unexpected end of string


After which the wc_blacklist is completely wiped also.

Confirmed, a misplaced piece of code made it there which affects the wildcard and whitelist when sorting.
Fix will be out soon.

 

[thelonelycoder]

A hotfix for Diversion 4.2.0 has been uploaded, no version change.

This fixes the file sorting error in el. Thanks for reporting.

Use u to update Diversion, or use the WebUI update function.

 

[thelonelycoder]

On another positive note: My supposedly dead RT-AC87U sprung back to live today, trying to recreate @rankok 's woes with the expired cert.
So, thanks @rankok for encouraging me to try the ASUS Restoration tool one more time on that old router.

 

[thelonelycoder]

Does anybody else have issues to update Diversion?

I can confirm your error with the RT-AC87U with the old Firmware 384.13_8. Generally, that applies to all old firmware that uses expired root CA's. Unfortunately, there's nothing I can do in amtm or Diversion to circumvent that as both need to download files first to act.

 

[Twiglets]

I can confirm your error with the RT-AC87U with the old Firmware 384.13_8. Generally, that applies to all old firmware that uses expired root CA's. Unfortunately, there's nothing I can do in amtm or Diversion to circumvent that as both need to download files first to act.

Solved:
http://www.snbforums.com/threads/ac87u-all-download-attempts-failed.75049/post-716574

Setting the .curlrc file in the $HOME directory to 'insecure' works !!!
I had the same issue with RT-AC56U running 384.6 firmware.

At least it will allow you to install updates !!!

 

[fweh298hf32lk]

I cannnot enable the youtube blocking feature, keep seeing "YouTube IP is not valid"
I tried resetting Dnsmasq log files and watch some youtube clips to no avail

 

[Diamond67]

A hotfix for Diversion 4.2.0 has been uploaded, no version change.

edit: Problem (described below) solved. After cold boot, option 1 (= Diversion) was missing and I could (re)install Diversion from i-menu. Settings were automatically restored from backup. All is fine now (see message #45).

Something went wrong when I tried to normally install the update using amtm. Diversion did not update.

Now, afterwards, after rebooting the router a couple of times, amtm still shows that update is available

 1  open     Diversion     v4.2.0  -> min upd

But when I choose 1, to open Diversion menu, it just "refreshes" the amtm page and won't go into Diversion menu at all.

When I go to Merlin GUI LAN - Diversion tab, it also shows that an update is available. But when I try to install the update it shows

Diversion update	Diversion update 0% Reload page

And nothing happens. Until I reboot. But the update fails again. And again.

Seems that my Diversion is somehow broken now. How can I fix it? By reinstalling? Best way to uninstall and reinstall Diversion so that my settings are restored from backup as normally?

 

[HorseCalledHorse]

Something went wrong when I tried to normally install the update using amtm. Diversion did not update.

Now, afterwards, after rebooting the router a couple of times, amtm still shows that update is available

Seems that my Diversion is somehow broken now. How can I fix it? By reinstalling? Best way to uninstall and reinstall Diversion so that my settings are restored from backup as normally?

Same issue hereon my RT-AC86U. Now getting these errors:

/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
Diversion 4.2.0                  by thelonelycoder

RT-AC86U (aarch64) FW-386.3 @ 192.168.0.1 IPv6

90,966  blocked domains by  0  hosts file(s)
hosts list empty, blocking list update will not run
2.004M t  10,907 w  2,929 n ads since Oct 02 17:20

Also see this:

Done  Added missing swap file entry to /jffs/scripts/post-mount

Result being my Diversion is, to use the technical term, borked.

 

[Diamond67]

Same issue here. Now getting these errors:

/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
Diversion 4.2.0                  by thelonelycoder

RT-AC86U (aarch64) FW-386.3 @ 192.168.0.1 IPv6

90,966  blocked domains by  0  hosts file(s)
hosts list empty, blocking list update will not run
2.004M t  10,907 w  2,929 n ads since Oct 02 17:20

Also see this:

Done  Added missing swap file entry to /jffs/scripts/post-mount

Result being my Diversion is, to use the technical term, borked.

I unplugged my router and left home. So, I cannot check the log files at the moment. But yes, borked it is. I mean my Diversion.

I decided not to try and fix the problem because I don't know what the problem is. I hope somebody more experienced person knows what I should do.