What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Just like Skeptical.me, I have lost most if not all ad blocking in the past few weeks. I have tried Skeptical.me's suggestion of turning on "Enable DNS-Based Filtering", but that didn't do anything. I am using the default 9 lists. When most things were working, if I looked at the default "New Tab" on the edge browser every box that was labeled "Ad" in green had the picture removed and did not go anywhere. Now every one of them has a picture and if you click on it you go to the AD site. I have updated diversion to 4.1.3, and amtm to 2.7, so I think I am up to date.

I know that Diversion will not work if you are using a VPN Client and have the combination of Policy Rules enabled + Accept DNS Configuration = Exclusive. With these settings, dnsmasq is bypassed and the clients will exclusively use the DNS pushed by the OpenVPN Server.

My recommended work around is to configure DNS over TLS to encrypt DNS queries and set Accept DNS Configuration = Disabled. The VPN Clients will then use the DNS of the WAN interface.
 
I know that Diversion will not work if you are using a VPN Client and have the combination of Policy Rules enabled + Accept DNS Configuration = Exclusive. With these settings, dnsmasq is bypassed and the clients will exclusively use the DNS pushed by the OpenVPN Server.

My recommended work around is to configure DNS over TLS to encrypt DNS queries and set Accept DNS Configuration = Disabled. The VPN Clients will then use the DNS of the WAN interface.
Setting Accept DNS Configuration=Strict also forces WAN DNS. Is there any difference between Strict and Disabled when DoT is configured on WAN settings page?
 
Just like Skeptical.me, I have lost most if not all ad blocking in the past few weeks. I have tried Skeptical.me's suggestion of turning on "Enable DNS-Based Filtering", but that didn't do anything. I am using the default 9 lists. When most things were working, if I looked at the default "New Tab" on the edge browser every box that was labeled "Ad" in green had the picture removed and did not go anywhere. Now every one of them has a picture and if you click on it you go to the AD site. I have updated diversion to 4.1.3, and amtm to 2.7, so I think I am up to date.
Like me, you might also be experiencing USB flash drive corruption that is affecting Diversion's ability to write to the dnsmasq.log file: it will show up in the Diversion menu as "logging disabled, cannot count ads", and this will effectively stop Diversion from functioning. I have tried reformatting the drive, and it works for a short time, but the real solution is replacement of the flash drive, ideally with a small SSD in a USB enclosure for best long term use.
 
Last edited:
jsbeddow you may be correct. I was noticing something funny on the servstats page which seemed to have minimal information on it. I was also noticing that my logins to the normal page are many times not connecting.
I will try a different USB flash drive or replace it with a hard drive. Is it possible that something is wrong with the USB R/W code? I know that USB drives are notoriously finicky and many times fail outright.

Edit: I did a badbocks on the drive and it came up with no errors so it looks like the disk is good. So, I am going to re-format the disk and re-install diversion and amtm to see if that fixes the problem.
 
Last edited:
jsbeddow you may be correct. I was noticing something funny on the servstats page which seemed to have minimal information on it. I was also noticing that my logins to the normal page are many times not connecting.
I will try a different USB flash drive or replace it with a hard drive. Is it possible that something is wrong with the USB R/W code? I know that USB drives are notoriously finicky and many times fail outright.

Edit: I did a badbocks on the drive and it came up with no errors so it looks like the disk is good. So, I am going to re-format the disk and re-install diversion and amtm to see if that fixes the problem.

Sorry my advice was useless. lol. In fact I updated my AX88U to the latest Merlin firmware and now Expressvpn with diversion on won't work unless I have DNSFilter set to on using a DNS server like "CleanBrowsing". However, ProtonVPN works without any DNSFliter on. It gets a bit confusing after awhile. I hope you can solve your issue. Sorry I couldn't be any more helpful.


Sent from my iPhone using Tapatalk Pro
 
Sorry Skeptical.me. It is strange that diversion (on some systems) seems to have lots of problems. I have been running diversion and amtm for more than a year (on a RT-AC68U) with minimal problems and good ad blocking. I don't know if it a diversion problem or a problem with the router software. Perhaps it is a problem with DNSFilter on the router software.

Edit: Good thing I tried to re-install diversion. I found out that the IP address for servstats and all blocking was supposed to be reserved and not used by DNS. Somehow, the settings in the DNS server on the router was reset to cover the address for servstats. I am pretty sure that having diversion already setup for an address that is reserved and then that address is moved into the DNS server addresses, things will go horribly wrong (like they did).
 
Last edited:
Can I get some help here?

I am unable to install diversion through amtm. I get "Diversion installation failed" which literally has no google search results except for the install.sh script itself.

If I manually install with the curl command it appears to do nothing and returns me to prompt. It certainly doesn't run the Diversion installer.

I'm attempting to reinstall right now because of the issues I experienced with a USB drive that everything was installed on unmounting itself and no longer functioning properly. When I replaced it I was still able to update diversion, but there was something funky going on, it wasn't really updating properly and amtm was confused what version was there. I tried uninstalling reinstalling, nothing.

I've updated to the latest Merlin. From there I noticed odd 100% on both core activity, so I factory reset. I added a new USB device. I formatted it with fd. It is recognizing properly.

Diversion still won't install.

What could possibly be causing this? Is something sticking around from a previous install? Is there a single command I can execute to truly wipe out whatever might be left behind causing the install script to fail?
 
Can I get some help here?

I am unable to install diversion through amtm. I get "Diversion installation failed" which literally has no google search results except for the install.sh script itself.

If I manually install with the curl command it appears to do nothing and returns me to prompt. It certainly doesn't run the Diversion installer.

I'm attempting to reinstall right now because of the issues I experienced with a USB drive that everything was installed on unmounting itself and no longer functioning properly. When I replaced it I was still able to update diversion, but there was something funky going on, it wasn't really updating properly and amtm was confused what version was there. I tried uninstalling reinstalling, nothing.

I've updated to the latest Merlin. From there I noticed odd 100% on both core activity, so I factory reset. I added a new USB device. I formatted it with fd. It is recognizing properly.

Diversion still won't install.

What could possibly be causing this? Is something sticking around from a previous install? Is there a single command I can execute to truly wipe out whatever might be left behind causing the install script to fail?

Did you try to install another script first on the AMTM menu to see if the same issue happens again ?


Sent from my iPhone using Tapatalk
 
Can I get some help here?

I am unable to install diversion through amtm. I get "Diversion installation failed" which literally has no google search results except for the install.sh script itself.

If I manually install with the curl command it appears to do nothing and returns me to prompt. It certainly doesn't run the Diversion installer.

I'm attempting to reinstall right now because of the issues I experienced with a USB drive that everything was installed on unmounting itself and no longer functioning properly. When I replaced it I was still able to update diversion, but there was something funky going on, it wasn't really updating properly and amtm was confused what version was there. I tried uninstalling reinstalling, nothing.

I've updated to the latest Merlin. From there I noticed odd 100% on both core activity, so I factory reset. I added a new USB device. I formatted it with fd. It is recognizing properly.

Diversion still won't install.

What could possibly be causing this? Is something sticking around from a previous install? Is there a single command I can execute to truly wipe out whatever might be left behind causing the install script to fail?
Run step by step like this:
Code:
date
cd
curl -O https://diversion.ch/install
sh install
If it doesn’t work, post the output.
 
Run step by step like this:
Code:
date
cd
curl -O https://diversion.ch/install
sh install
If it doesn’t work, post the output.

Thank you. Didn't work initially because date was WAY WAY off. Didn't notice it at all. That's odd, I guess ntpMerlin failed at the same time the old USB was unmounted? Thanks for the help. Curl certificates were failing and with the new time installed right away. :)
 
I have strange issue with Diversion (latest version by post date). Merlin FW version 384.11_2, router model Asus RT-AC68U. DNS server in my router redirects all domain names on my PC to 10.0.0.1 IP address. After disabling Diversion via console menu problem was gone. Looked into logs - no errors found there. Even at debug level - no suspicious messages. Before this diversion worked fine for 2 weeks and blocked ads.
 
Setting Accept DNS Configuration=Strict also forces WAN DNS. Is there any difference between Strict and Disabled when DoT is configured on WAN settings page?
I stopped using Strict when Stubby became available. When I set Accept DNS Configuration to “Strict”, I was specifying the DNS server for the VPN tunnel to use by adding the dhcp-option DNS command in the Custom Configuration section per the example below:

Code:
dhcp-option DNS 1.1.1.1

For reference, the definition of the Accept DNS Configuration field values are as follows:
  • Disabled: DNS servers pushed by VPN provided DNS server are ignored.
  • Relaxed: DNS servers pushed by VPN provided DNS server are prepended to the current list of DNS servers, of which any can be used.
  • Strict: DNS servers pushed by the VPN provided DNS server are prepended to the current list of DNS servers, which are used in order. Existing DNS servers are only used if VPN provided ones don’t respond.
  • Exclusive: Only the pushed VPN provided DNS servers are used.
 
For reference, the definition of the Accept DNS Configuration field values are as follows:
  • Disabled: DNS servers pushed by VPN provided DNS server are ignored.
  • Relaxed: DNS servers pushed by VPN provided DNS server are prepended to the current list of DNS servers, of which any can be used.
  • Strict: DNS servers pushed by the VPN provided DNS server are prepended to the current list of DNS servers, which are used in order. Existing DNS servers are only used if VPN provided ones don’t respond.
  • Exclusive: Only the pushed VPN provided DNS servers are used.
Only meant as question from my perspective, never used VPN so really without any knowledge to all of that.
Wouldn't it be better than to use more intuitive naming like:
Disabled
Added
Prefered

Strict (or Exlusive)

Would this be correct or do I miss something?

Sorry if I bother you!
 
Only meant as question from my perspective, never used VPN so really without any knowledge to all of that.
Wouldn't it be better than to use more intuitive naming like:
Disabled
Added
Prefered

Strict (or Exlusive)

Would this be correct or do I miss something?

Sorry if I bother you!
The terms come from the Accept DNS Configuration dropdown menu on the OpenVPN Client screen. I think they originated with the Tomato firmware. I agree the names are not intuitive.
 
So, no known solution at this time short of bailing from WiFi when using the Android Amazon App? Are there other apps and/or domains that won't work with pixelserv-tls installed?
Well, the known solution is to spend hours figuring out which ad urls are causing the problem, and whitelist them. IIRC, the last time I looked, the lists people had come up with were rather long, and had a tendency to break regularly requiring whitelisting of more urls. It seemed to me like a never ending game of whack-a-mole. Maybe that situation has changed, but given the lack of response here, I'm guessing it hasn't.
 
Well, the known solution is to spend hours figuring out which ad urls are causing the problem, and whitelist them. IIRC, the last time I looked, the lists people had come up with were rather long, and had a tendency to break regularly requiring whitelisting of more urls. It seemed to me like a never ending game of whack-a-mole. Maybe that situation has changed, but given the lack of response here, I'm guessing it hasn't.
I hear ya. What's interesting to me is if you just turn it off and all the domains are dumped to 0.0.0.0, it works sans issue. Meaning that it's not a white-listing of particular domains issue, but more likely a logic issue of how the pixelserv-tls solution handles the requests. I mean perhaps Amazon is doing something unorthodox? Regardless, I will continue to not use pixelserv-tls in the meantime. I've also noticed that there have been no releases since last December and only minor commits leading up to April of this year: https://github.com/kvic-z/pixelserv-tls/compare/2.2.1...master
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top