What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am running 384.13.

Okay, I am at your baseline from changing the requested settings above. WAN is set to connect DNS automatically. Under Tools, Use local cache is set to No. NTP timing is set. I have initiated DoT with Cloudflare 1.1.1.1 under server list for Privacy protocol. Xentrk's config under VPN has been removed.



How do I ensure that the clients use the router IP as DNS?

All the changes have been made, so I believe like you told HairyA00, I have set up a good environment. However, the result has not yet been achieved. 1.1.1.1/help still shows that I am not connected or using DoT.

View attachment 18973


I really do appreciate the help. I am fortunate for your expertise.


Take care.

@Nebulaz

The best way to verify DoT is working is to use the entware package tcpdump. You can see how to do that in my post below.

https://www.snbforums.com/threads/r...-384-11-is-available.56501/page-6#post-488904
 
Hello
I have slow loading times on websites like bild.de and i think it‘s purhaps something wrong with Diversion. Is this possible or what i can do for better/faster loading times?
Thank you
 
Hello
I have slow loading times on websites like bild.de and i think it‘s purhaps something wrong with Diversion. Is this possible or what i can do for better/faster loading times?
Thank you
Disable adblocking in Diversion and test if it's any better or worse with it disabled.
 
Hello
When i disable Diversion then everythings works. I have also check the log for blockend domains, but also nothing. Is this purhaps possible with IPv6? I use in my local net IPv4 but for my VPN provider i must activate IPv6 (connectiontype: native).
Greeting
 
Hi,

I recently installed pixelserv-tls on my AC87U to work together with Diversion. Upon reboot after installation, my OpenVPN server borked. From the logs, it says:

Code:
Aug 11 00:02:03 ovpn-server1[28611]: TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:443: Address already in use (errno=98)
Aug 11 00:02:03 ovpn-server1[28611]: Exiting due to fatal error

After a mild panic attack (I was doing this remotely, and thought I no longer had access to my router), I managed to reconfigure ovpn to use the default port (1194/udp).

I am guessing this is happening because the pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.

Is there any way of running pixelserv-tls on a different port without breaking my Diversion configuration? I would like ovpn to be on 443/TCP for "accessibility" reasons, but would also like my router to do my adblocking for me.

Note: will be cross-posting this on the pixelserv-tls thread (https://www.snbforums.com/threads/p...server-for-adblock.26114/page-147#post-509911)
 
Would it be possible to add an option to increase the blocking list update frequency to daily? The lists are pretty volatile, it started blocking the google forms shortlink domain (forms.gle) recently. Stopped after a manual update. Probably would have stayed that way until the next week if I didn't step in.
 
Hello
When i disable Diversion then everythings works. I have also check the log for blockend domains, but also nothing. Is this purhaps possible with IPv6? I use in my local net IPv4 but for my VPN provider i must activate IPv6 (connectiontype: native).
Greeting

Enable diversion, choose option 'f' (follow dnsmasq.log), choose option '3' (filter by blocked domains)

Reload the website in the browser and observe which hosts are shown in the terminal display. If there are host names that look relevant, add them to the diversion whitelist and try again.
 
Last edited:
Hi,

I recently installed pixelserv-tls on my AC87U to work together with Diversion. Upon reboot after installation, my OpenVPN server borked. From the logs, it says:

Code:
Aug 11 00:02:03 ovpn-server1[28611]: TCP/UDP: Socket bind failed on local address [AF_INET6][undef]:443: Address already in use (errno=98)
Aug 11 00:02:03 ovpn-server1[28611]: Exiting due to fatal error

After a mild panic attack (I was doing this remotely, and thought I no longer had access to my router), I managed to reconfigure ovpn to use the default port (1194/udp).

I am guessing this is happening because the pixelserv-tls service starts before ovpn, and reserves the 443/TCP port.

Is there any way of running pixelserv-tls on a different port without breaking my Diversion configuration? I would like ovpn to be on 443/TCP for "accessibility" reasons, but would also like my router to do my adblocking for me.

Note: will be cross-posting this on the pixelserv-tls thread (https://www.snbforums.com/threads/p...server-for-adblock.26114/page-147#post-509911)
Welcome to the forum. Tgere’s a simple fix:

https://www.snbforums.com/threads/ab-solution-the-ad-blocking-solution.37511/page-131#post-386022

Set up second server to reduce panic attacks.

(Cross posting doesn’t always go dow well ;) )
 
Would it be possible to add an option to increase the blocking list update frequency to daily? The lists are pretty volatile, it started blocking the google forms shortlink domain (forms.gle) recently. Stopped after a manual update. Probably would have stayed that way until the next week if I didn't step in.

Tone down the blocklists to Standard (or Standard+ if you're using Skynet). Less is more in my opinion; the standard default blocklist is pretty stellar as-is:
https://github.com/StevenBlack/hosts

Use a hosted whitelist (although I don't see forms.gle in there):
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
 
S
Would it be possible to add an option to increase the blocking list update frequency to daily? The lists are pretty volatile, it started blocking the google forms shortlink domain (forms.gle) recently. Stopped after a manual update. Probably would have stayed that way until the next week if I didn't step in.
Of the pre-defined hosts lists, some update once a week, most once a month or even less.
 
Quick question folks.

With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.

What would be the best way to track down what is being blocked so I can whitelist it.

When I follow the log I don't see anything that shows a block.

Code:
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: query[A] desktop.twitchsvc.net from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded desktop.twitchsvc.net to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.129.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.1.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.193.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.65.130
Aug 14 18:23:04 dnsmasq[457]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply spade.sci.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.173.148
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.71.53
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.154.241
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.201.25.216
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.69.85.227
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.225.15
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    52.27.133.51
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.200.12.25
Aug 14 18:23:04 dnsmasq[20424]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[20424]: cached spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[20424]: cached spade.sci.twitch.tv is <CNAME>
 
Last edited:
Quick question folks.

With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.

What would be the best way to track down what is being blocked so I can whitelist it.
Make sure logging is enabled in Diversion menu, then in the main menu press 'f' to follow dnsmasq.log ->then choose the third option 'Filtered by blocked domains' . Open the twitch app and look what domain is Diversion blocking (I guess you will see twitch word in one of the block domains) , copy the domain and add it to whitelist ('el' in main menu -> 1 to add a domain to whitelist)
 
Make sure logging is enabled in Diversion menu, then in the main menu press 'f' to follow dnsmasq.log ->then choose the third option 'Filtered by blocked domains' . Open the twitch app and look what domain is Diversion blocking (I guess you will see twitch word in one of the block domains) , copy the domain and add it to whitelist ('el' in main menu -> 1 to add a domain to whitelist)

Does the blocked domains normally take awhile to run?

Also i'm using the Standard Block file

So far

Code:
  i  This follows the Dnsmasq log file (tail -f)

 1. Unfiltered log
 2. Unfiltered log extra highlighted
 3. Filtered by blocked domains
 4. Filtered by term

 Enter selection [1-4 e=Exit] 3

  i  Press Ctrl-C to exit

 18:38:29 blocked by blockinglist device-metrics-us-2.amazon.com
 18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
 18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
 18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
 18:39:59 blocked by blockinglist adservice.google.ca
 18:39:59 blocked by blockinglist adservice.google.com
 18:39:59 blocked by blockinglist adservice.google.ca
 18:39:59 blocked by blockinglist pagead46.l.doubleclick.net
 18:39:59 blocked by blockinglist adservice.google.com
 18:39:59 blocked by blockinglist adservice.google.ca
 18:39:59 blocked by blockinglist adservice.google.com
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist www.googletagservices.com
 18:40:00 blocked by blockinglist www.googletagservices.com
 18:40:00 blocked by blockinglist www.googletagservices.com
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:00 blocked by blockinglist googleads.g.doubleclick.net
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist adservice.google.ca
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
 18:40:28 blocked by blockinglist adservice.google.ca
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist www.googletagservices.com
 18:40:28 blocked by blockinglist www.googletagservices.com
 18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
 18:40:28 blocked by blockinglist adservice.google.ca
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist adservice.google.ca
 18:40:28 blocked by blockinglist pagead46.l.doubleclick.net
 18:40:28 blocked by blockinglist adservice.google.com
 18:40:28 blocked by blockinglist googleads.g.doubleclick.net
 18:40:28 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist www.googletagservices.com
 18:40:29 blocked by blockinglist www.googletagservices.com
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 18:40:29 blocked by blockinglist googleads.g.doubleclick.net
 
Quick question folks.

With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.

What would be the best way to track down what is being blocked so I can whitelist it.

When I follow the log I don't see anything that shows a block.

Code:
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: query[A] desktop.twitchsvc.net from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded desktop.twitchsvc.net to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.129.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.1.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.193.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.65.130
Aug 14 18:23:04 dnsmasq[457]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply spade.sci.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.173.148
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.71.53
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.154.241
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.201.25.216
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.69.85.227
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.225.15
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    52.27.133.51
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.200.12.25
Aug 14 18:23:04 dnsmasq[20424]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[20424]: cached spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[20424]: cached spade.sci.twitch.tv is <CNAME>

Install the pixelserv-tls cert on your phone? It's working fine for me with the same setup as you...
 
Install the pixelserv-tls cert on your phone? It's working fine for me with the same setup as you...

The Cert is already on my phone and its funny you mention that because the andriod twitch app works without this issue. However a Linux Laptop, a Windows 10 Laptop and a Windows 10 desktop all cannot connect to the app.
 
The Cert is already on my phone and its funny you mention that because the andriod twitch app works without this issue. However a Linux Laptop, a Windows 10 Laptop and a Windows 10 desktop all cannot connect to the app.

I'm assuming you installed the cert on the Win and Linux boxes as well?
 
Quick question folks.

With Diversion running it seems I'm unable to connect to the Twitch App, the browser works fine. The app will only run if I turn on the VPN or turn off Diversion.

What would be the best way to track down what is being blocked so I can whitelist it.

When I follow the log I don't see anything that shows a block.

Code:
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: query[A] desktop.twitchsvc.net from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded desktop.twitchsvc.net to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.129.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.1.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.193.130
Aug 14 18:23:04 dnsmasq[457]: reply desktop.twitchsvc.net is 151.101.65.130
Aug 14 18:23:04 dnsmasq[457]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[457]: forwarded spade.twitch.tv to 127.0.1.1
Aug 14 18:23:04 dnsmasq[457]: validation result is INSECURE
Aug 14 18:23:04 dnsmasq[457]: reply spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply spade.sci.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.173.148
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    34.213.71.53
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.154.241
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.201.25.216
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.69.85.227
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.68.225.15
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    52.27.133.51
Aug 14 18:23:04 dnsmasq[457]: reply science-edge-external-prod-73889260.us-west-2.elb.amazonaws.com is    54.200.12.25
Aug 14 18:23:04 dnsmasq[20424]: query[A] spade.twitch.tv from 192.168.1.8
Aug 14 18:23:04 dnsmasq[20424]: cached spade.twitch.tv is <CNAME>
Aug 14 18:23:04 dnsmasq[20424]: cached spade.sci.twitch.tv is <CNAME>
Try disabling DNSSEC strict validation as a test. You have some Insecure responses on your log.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top