bluzfanmr1
Senior Member
@Nebulaz
The best way to verify DoT is working is to use the entware package tcpdump. You can see how to do that in my post below.
https://www.snbforums.com/threads/r...-384-11-is-available.56501/page-6#post-488904
Diversion Diversion - the Router Ad-Blocker
- Thread starter thelonelycoder
- Start date
@Nebulaz
The best way to verify DoT is working is to use the entware package tcpdump. You can see how to do that in my post below.
https://www.snbforums.com/threads/r...-384-11-is-available.56501/page-6#post-488904
HairyA00
Senior Member
Disable adblocking in Diversion and test if it's any better or worse with it disabled.
HairyA00
Senior Member
Yes
Hi,
I recently installed pixelserv-tls on my AC87U to work together with Diversion. Upon reboot after installation, my OpenVPN server borked. From the logs, it says:
After a mild panic attack (I was doing this remotely, and thought I no longer had access to my router), I managed to reconfigure ovpn to use the default port (1194/udp).
I am guessing this is happening because the pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.
Is there any way of running pixelserv-tls on a different port without breaking my Diversion configuration? I would like ovpn to be on 443/TCP for "accessibility" reasons, but would also like my router to do my adblocking for me.
Note: will be cross-posting this on the pixelserv-tls thread (https://www.snbforums.com/threads/p...server-for-adblock.26114/page-147#post-509911)
I recently installed pixelserv-tls on my AC87U to work together with Diversion. Upon reboot after installation, my OpenVPN server borked. From the logs, it says:
Code:
Aug 11 00:02:03 ovpn-server1[28611]: TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:443: Address already in use (errno=98)
Aug 11 00:02:03 ovpn-server1[28611]: Exiting due to fatal errorAfter a mild panic attack (I was doing this remotely, and thought I no longer had access to my router), I managed to reconfigure ovpn to use the default port (1194/udp).
I am guessing this is happening because the pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.
Is there any way of running pixelserv-tls on a different port without breaking my Diversion configuration? I would like ovpn to be on 443/TCP for "accessibility" reasons, but would also like my router to do my adblocking for me.
Note: will be cross-posting this on the pixelserv-tls thread (https://www.snbforums.com/threads/p...server-for-adblock.26114/page-147#post-509911)
WheatonPark
New Around Here
Would it be possible to add an option to increase the blocking list update frequency to daily? The lists are pretty volatile, it started blocking the google forms shortlink domain (forms.gle) recently. Stopped after a manual update. Probably would have stayed that way until the next week if I didn't step in.
PeterR
Senior Member
Enable diversion, choose option 'f' (follow dnsmasq.log), choose option '3' (filter by blocked domains)
Reload the website in the browser and observe which hosts are shown in the terminal display. If there are host names that look relevant, add them to the diversion whitelist and try again.
Last edited:
Welcome to the forum. Tgere’s a simple fix:
https://www.snbforums.com/threads/ab-solution-the-ad-blocking-solution.37511/page-131#post-386022
Set up second server to reduce panic attacks.
(Cross posting doesn’t always go dow well
)
HairyA00
Senior Member
Tone down the blocklists to Standard (or Standard+ if you're using Skynet). Less is more in my opinion; the standard default blocklist is pretty stellar as-is:
https://github.com/StevenBlack/hosts
Use a hosted whitelist (although I don't see forms.gle in there):
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
thelonelycoder
Part of the Furniture
S
Of the pre-defined hosts lists, some update once a week, most once a month or even less.
Nebulaz
Occasional Visitor
Thank you.
@dave14305, @HairyA00, @martinr, @bluzfanmr1
I really appreciate combined efforts of everyone. I have not run @bluzfanmr1 through yet but that will be a project for the weekend. But I wanted to express my gratitude.
Take care.
@dave14305, @HairyA00, @martinr, @bluzfanmr1
I really appreciate combined efforts of everyone. I have not run @bluzfanmr1 through yet but that will be a project for the weekend. But I wanted to express my gratitude.
Take care.
Makaveli
Very Senior Member
Quick question folks.
With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.
What would be the best way to track down what is being blocked so I can whitelist it.
When I follow the log I don't see anything that shows a block.
With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.
What would be the best way to track down what is being blocked so I can whitelist it.
When I follow the log I don't see anything that shows a block.
Code:
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: query[A] desktop.twitchsvc.net from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded desktop.twitchsvc.net to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.129.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.1.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.193.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.65.130
Aug 14 18:23:04 dnsmasq[457]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply spade.sci.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 34.213.173.148
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 34.213.71.53
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 54.68.154.241
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 54.201.25.216
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 54.69.85.227
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 54.68.225.15
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 52.27.133.51
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is 54.200.12.25
Aug 14 18:23:04 dnsmasq[20424]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[20424]: cached spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[20424]: cached spade.sci.twitch.tv is <CNAME>
Last edited:
Make sure logging is enabled in Diversion menu, then in the main menu press 'f' to follow dnsmasq.log ->then choose the third option 'Filtered by blocked domains' . Open the twitch app and look what domain is Diversion blocking (I guess you will see twitch word in one of the block domains) , copy the domain and add it to whitelist ('el' in main menu -> 1 to add a domain to whitelist)
Makaveli
Very Senior Member
Does the blocked domains normally take awhile to run?
Also i'm using the Standard Block file
So far
Code:
i This follows the Dnsmasq log file (tail -f)
1. Unfiltered log
2. Unfiltered log extra highlighted
3. Filtered by blocked domains
4. Filtered by term
Enter selection [1-4 e=Exit] 3
i Press Ctrl-C to exit
18:38:29 blocked by blockinglist device-metrics-us-2.amazon.com
18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
18:39:59 blocked by blockinglist adservice.google.ca
18:39:59 blocked by blockinglist adservice.google.com
18:39:59 blocked by blockinglist adservice.google.ca
18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
18:39:59 blocked by blockinglist adservice.google.com
18:39:59 blocked by blockinglist adservice.google.ca
18:39:59 blocked by blockinglist adservice.google.com
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist www.googletagservices.com
18:40:00 blocked by blockinglist www.googletagservices.com
18:40:00 blocked by blockinglist www.googletagservices.com
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:00 blocked by blockinglist googleads.g.doubleclick.net
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist adservice.google.ca
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
18:40:28 blocked by blockinglist adservice.google.ca
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist www.googletagservices.com
18:40:28 blocked by blockinglist www.googletagservices.com
18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
18:40:28 blocked by blockinglist adservice.google.ca
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist adservice.google.ca
18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
18:40:28 blocked by blockinglist adservice.google.com
18:40:28 blocked by blockinglist googleads.g.doubleclick.net
18:40:28 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist www.googletagservices.com
18:40:29 blocked by blockinglist www.googletagservices.com
18:40:29 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist googleads.g.doubleclick.net
18:40:29 blocked by blockinglist googleads.g.doubleclick.netHairyA00
Senior Member
Install the pixelserv-tls cert on your phone? It's working fine for me with the same setup as you...
Makaveli
Very Senior Member
The Cert is already on my phone and its funny you mention that because the andriod twitch app works without this issue. However a Linux Laptop, a Windows 10 Laptop and a Windows 10 desktop all cannot connect to the app.
HairyA00
Senior Member
I'm assuming you installed the cert on the Win and Linux boxes as well?
dave14305
Part of the Furniture
Try disabling DNSSEC strict validation as a test. You have some Insecure responses on your log.
Similar threads
Similar threads
Similar threads
-
Diversion Diversion 5.3 - the Router Ad-Blocker, August 11, 2024
- Started by thelonelycoder
- Replies: 26
-
Diversion Diversion 5.1.3 - the Router Ad-Blocker, May 09, 2024
- Started by thelonelycoder
- Replies: 695
-
-
-
-
Diversion Diversion and Breezeline Customer Portal
- Started by Fox23
- Replies: 5
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10
-
Diversion Diversion install is getting the best of me- Started by keef
- Replies: 10
-
Skynet SkyNet and Diversion have conflicts when using user defined DNS servers - SOLVED
- Started by grahamgo
- Replies: 16