What's new

Diversion Diversion - the Router Ad-Blocker v4.2.x (see new thread for 4.3.x)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can you please help me with configuration?
I do not want to use Diversion for all device, only for TV etc. to stop it from calling home, however it is blocking ads on all the devices.

Ideally I would still like to use router for DNS as I do have some dns(? - firewall url filter) blocking set up, but that is different from diversion.

This is config I see on pc

N6Apx2r.png



This is my DHCP config - only devices I want to use diversion on have DNS server set
1OJbx6u.png



This is my diversion settings
LFwUglz.png



I have used diversion long time ago and it worked like that, but this time I guess I configured something wrong after updating router.

Thank you
 
Last edited:
Help solve the problem RT-N66U B1 cannot update Diversion and amtm
View attachment 37251
You are using a very outdated and insecure firmware on this router. That model is no longer in the supported Asuswrt-Merlin model list and will no longer be updated.
Due to the expiration of the built in Root CA certificates that this firmware comes with, the curl command cannot securely complete the required commands.

There is a discussion here with a workaround to run the curl command in insecure mode on this firmware or look into using John‘s fork of Asuswrt-Merlin.
 
Can you please help me with configuration?
I do not want to use Diversion for all device, only for TV etc. to stop it from calling home, however it is blocking ads on all the devices.

Ideally I would still like to use router for DNS as I do have some dns(? - firewall url filter) blocking set up, but that is different from diversion.

This is config I see on pc

N6Apx2r.png



This is my DHCP config - only devices I want to use diversion on have DNS server set
1OJbx6u.png



This is my diversion settings
LFwUglz.png



I have used diversion long time ago and it worked like that, but this time I guess I configured something wrong after updating router.

Thank you
For the screenshot from your PC, you have three IPs listed for DNS because you specified DNS 1, DNS 2, and advertise router's IP in addition to. If you don't want your local devices to use the router, then set that radio button to No.

For your Samsung, you listed the DNS server as the Pixelserv address, that isn't a DNS address. The Pixelserv address is where ads get resolved to. So, instead of resolving ACMEevilAds.com to 156.49.7.8, it goes to 192.168.50.2 and a 1x1 pixel is served up instead. You should use 192.168.50.1 for the TV.
 
Has anyone else noticed some latency issues with DNS resolution?
In some rare cases when browsing the DNS fails to respond in a timely fashion.

I've noticed some CPU spikes upwards to 45% on the dnsmasq --log-async process at times. pixelserv-tls also hits upwards up 30% during some other time peroids. I've yet to do any additional debugging yet as it appears YT has oodles of domains to flood ads to users and has no affect on my roku so I may just ditch it in all, fun little project and quite useful for many. Its quite rare when this occurs but most certainly does. Also does the dnsmasq.log have a hard limit of duration/size? For the most part I increased the cache size and log-async to 25 and enabled domain/priv. I think the increased cache has decreased the issue frequency but I do know it still does exist.

Diversion 4.2.0 by thelonelycoder

1.037M blocked domains by 1 hosts file(s)
33,857 t 33,857 w 9,972 n ads since Nov 08 05:20

/mnt/sda | Size 14.2G | Used 2.1G (16%)

d Diversion Standard enabled
c communication DivUn stats backup FWun BL

a ad-blocking to IP 192.168.1.2
l logging dnsmasq.log 11.2M

ep pixelserv-tls 192.168.1.2 v2.4

b blocking list Large Sun @ 2:00
el edit lists 0 w 0 b 0 wb 107 YT

f follow dnsmasq.log

e exit u update more options o
 
Last edited:
Your router isn’t supported with the firmware.

Your list is probably too large.
Its the same hardware running the same firmware that would be "supported".
Odds are its the USB drive with inadequate read/write speeds running entware.
 
Its the same hardware running the same firmware that would be "supported".
Odds are its the USB drive with inadequate read/write speeds running entware.
You aren't going to get much help here running Asus firmware on a illegal device.
 
@thelonelycoder thank you so much for this! I've just noticed the update... It's awesome...Just what I wanted. A nice UI to whitelist etc instead of having to use the CLI. Brilliant... I would never buy any other router apart from Asus running Merlin and Diversion from here on in! :D
 
You aren't going to get much help here running Asus firmware on a illegal device.
Thanks, I was unaware of the licensing more so than the way the response was worded that the build was unsupported. I suppose I should keep any converse to the application itself than the device. For the record it turned out to just be a poor performing USB with the larger list. I install an agent to poll some data and nothing alarming has shown in the last while nor any timeouts occurred since using a USB 3.0 drive for entware/diversion.

I suppose a question around the application itself and a feature that I think was recently added would be what is the forced IP switching actually doing? I've been running it for a day or so and I've noticed some ad's getting blocked which is good but wanted to see if I could improve the capture rate of ads a bit higher. Is this just changing 0.0.0.0 to something else on a random interval specific to the YT domains generated? Or alternating forcing YT IP's during lookups to hit specific CDN's that may have different content/ads?
 
For the screenshot from your PC, you have three IPs listed for DNS because you specified DNS 1, DNS 2, and advertise router's IP in addition to. If you don't want your local devices to use the router, then set that radio button to No.

For your Samsung, you listed the DNS server as the Pixelserv address, that isn't a DNS address. The Pixelserv address is where ads get resolved to. So, instead of resolving ACMEevilAds.com to 156.49.7.8, it goes to 192.168.50.2 and a 1x1 pixel is served up instead. You should use 192.168.50.1 for the TV.
You are right with the ISPs DNSs, but the thing is I can see diversion blocking stuff that is not coming from tv or other things i block from calling home. But that is great point at why the firewall rules don't work. Thank you.

After removing ISPs DNS traffic is still blocked by diversion even thought only DNS server set does have router ip 192.168.50.1

Update: I think I now understand your comment about the TV, so my question now is:
Is it possible to run Diversion on other IP then router's IP?
So I would have two separate DNSes, let's say:
router default dns 192.168.50.1
diversion dns 192.168.50.2 [so it would be in a way as an pihole]
pixelserver on 192.168.50.3

Also in my previous post i lied, now I remember when blocking worked as I had described it I had run pihole on internet server exposed to the world instead. So now I tried running diversion locally and got it confused with pihole. Sorry for that.
 
Last edited:
You are right with the ISPs DNSs, but the thing is I can see diversion blocking stuff that is not coming from tv or other things i block from calling home. But that is great point at why the firewall rules don't work. Thank you.

After removing ISPs DNS traffic is still blocked by diversion even thought only DNS server set does have router ip 192.168.50.1

Update: I think I now understand your comment about the TV, so my question now is:
Is it possible to run Diversion on other IP then router's IP?
So I would have two separate DNSes, let's say:
router default dns 192.168.50.1
diversion dns 192.168.50.2 [so it would be in a way as an pihole]
pixelserver on 192.168.50.3

Also in my previous post i lied, now I remember when blocking worked as I had described it I had run pihole on internet server exposed to the world instead. So now I tried running diversion locally and got it confused with pihole. Sorry for that.
I think you have to use a Raspberry Pi to have it use a different IP address, but that's just an educated guess and someone else here could have much better information than me.

I'm not sure I fully understand the first part, though.
 
Is it possible to run Diversion on other IP then router's IP?

So I would have two separate DNS serverrs, let's say:
router default dns server 192.168.50.1
diversion dns server 192.168.50.2 (and if the request passed filtering it would use 192.168.50.1 for resolving the request)
pixelserver on 192.168.50.3

I do not know if diversion even works in the same way as pihole or adguard home - maybe it is not dns server?
 
Is it possible to run Diversion on other IP then router's IP?

So I would have two separate DNS serverrs, let's say:
router default dns server 192.168.50.1
diversion dns server 192.168.50.2 (and if the request passed filtering it would use 192.168.50.1 for resolving the request)
pixelserver on 192.168.50.3

I do not know if diversion even works in the same way as pihole or adguard home - maybe it is not dns server?
Diversion isn't a DNS server. I imagine you'd have to look through the source code to try and change the IP Diversion points to, and you would need to find another DNS server to run on the router. You probably want a new thread asking if anyone else has tried to have two DNS servers on your router.
 
Is it possible to run Diversion on other IP then router's IP?

So I would have two separate DNS serverrs, let's say:
router default dns server 192.168.50.1
diversion dns server 192.168.50.2 (and if the request passed filtering it would use 192.168.50.1 for resolving the request)
pixelserver on 192.168.50.3

I do not know if diversion even works in the same way as pihole or adguard home - maybe it is not dns server?
See https://diversion.ch/diversion/manual/alternate-blocking-list.html

You could have 2 different DNS IPs with different blocking lists.
 
Thank you, that would be pretty much exacly it, if only there was option for alternate list to be nothing/disabled, but i get that for most people alternat blocking list is enough
 
Welcome
This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin
@thelonelycoder

Is there anyway of bypassing a client to not use the Diversion Ad-Blocking and just use the DNS services as provided by the router (or as provided by the ISP)?

Apologies, it is a slightly long post - but I have read through the FAQs and other forum posts and the suggested ways do not work for me.

My Setup:
Asus RT-AX88U, running 386.3.2, Diversion Standard

WAN settings:
Connect to DNS Server automatically: Yes
(as I wish to use the ISP provided DNS, as these are usually the fastest)

LAN settings:
DHCP Server: DNS Server1 and 2: Blank
(so use router settings)

DNS Filter:
Enable DNS Filtering: ON
Global Filter Mode: Router
(as I wish to enable force ad-blocking for all clients, even if they have their own DNS setup)

Client List:
Client 1: Filter Mode: No Filtering
Client 2: Filter Mode: No Filtering

Requirement:

I wish to have these 2 clients not use Diversion, and without any ad-blocking.

Question:
How do I accomplish the above requirement?

I have read through the forums (and FAQ at diversion.ch) and a lot of people have suggested that I set Custom (user defined) DNS 1 to 8.8.8.8 or something similar and then set my specific client Client 1 to use 'Custom 1'.

- This would work, but then I am forcing my queries to go to 8.8.8.8, while I wish these to go to my ISP instead.
- Now one may suggest that I replace the 8.8.8.8 with my ISP DNS servers.
- The issue is that my ISP assigns DNS servers dynamically, so I do not know when the ISP will change the DNS settings, so I cannot assign a value to Custom 1 setting.

Any easy way to accomplish this?
I thought setting the Client 1 DNS settings to 'No Filtering' should avoid using Diversion, but it is not the case.
 

Attachments

  • 1WAN.png
    1WAN.png
    85.9 KB · Views: 94
  • 2DHCP.png
    2DHCP.png
    156.4 KB · Views: 94
  • 2DNSFilter.png
    2DNSFilter.png
    365.7 KB · Views: 92
Is there anyway of bypassing a client to not use the Diversion Ad-Blocking and just use the DNS services as provided by the router (or as provided by the ISP)?
Sounds like a doable feature. Will be available with the next Diversion update.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top