Diversion Diversion - the Router Ad-Blocker

[Ro berto]

What router model are you running this on? Try rebooting maybe?

on a new Ac86u of a friend, I tried rebooting, do I have to run the ps command in amtm?

or in other words, are there any additional requirements (besides amtm and diversion requirements) to run pixel service?

 

[activate]

Sorry if this has been asked. Is it possible to block youtube ads using this.

 

[cmkelley]

Sorry if this has been asked. Is it possible to block youtube ads using this.

It has, and no.

 

[Jack Yaz]

Sorry if this has been asked. Is it possible to block youtube ads using this.

https://diversion.ch/faq-reader/can-diversion-block-youtube-ads.html

 

[activate]

It has, and no.

https://diversion.ch/faq-reader/can-diversion-block-youtube-ads.html

Thanks guys

Welcome
This is Diversion - the Router Ad-Blocker for Asuswrt-Merlin

Thanks for the great work!

 

[suxus]

Hello
I have again considered what i want to protect and found that devices such as iPad, iPhone, iMac to run on VPN and thus makes diversion or Pihole actually no more sense.
My VPN provider (PerfectPrivacy) also has a very good ad blocker.

 

[Ubimo]

I saw this in syslog:

Aug 18 15:04:09 dnsmasq[1147]: bad name at /opt/share/diversion/list/blacklist line 369

So I navigated to the file and saw multiple identical entries like:

192.168.1.2 redir.metaservices.microsoft.com
192.168.1.2 redir.metaservices.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!

Can diversion sort these multiple identical entries somehow out?

 

[thelonelycoder]

I saw this in syslog:

Aug 18 15:04:09 dnsmasq[1147]: bad name at /opt/share/diversion/list/blacklist line 369

So I navigated to the file and saw multiple identical entries like:

192.168.1.2 redir.metaservices.microsoft.com
192.168.1.2 redir.metaservices.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
192.168.1.2 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!

Can diversion sort these multiple identical entries somehow out?

Duplicates are not removed in a blacklist. If you use a hosted blacklist, it is your responsibility to make sure it is in the correct format and no duplicates and non-ASCII characters are used.

 

[thelonelycoder]

on a new Ac86u of a friend, I tried rebooting, do I have to run the ps command in amtm?

What ps command?
Did you reinstall Diversion as suggested?

or in other words, are there any additional requirements (besides amtm and diversion requirements) to run pixel service?

https://diversion.ch/diversion/requirements.html

 

[Ro berto]

What ps command?

see attached image.

I also tried reinstalling, but had the same issue, next time I visit my friend will do a factory reset.

 

[HairyA00]

see attached image.

I also tried reinstalling, but had the same issue, next time I visit my friend will do a factory reset.

That is unrelated to ad-blocking. That was a new feature in amtm 2.6 that allows you to use your root certificate as the SSL cert to access your router's web UI. It is a different feature altogether. Is that what you're trying to do?

 

[thelonelycoder]

see attached image.

I also tried reinstalling, but had the same issue, next time I visit my friend will do a factory reset.

For the ps option in amtm: This is the interface of amtm. What do you expect will happen? A Swiss chocolate materializes in your hands, the Matterhorn relocates to The Netherlands and the Schweizergarde (Swiss guards) invade Italy?

 

[Ro berto]

For the ps option in amtm: This is the interface of amtm. What do you expect will happen? A Swiss chocolate materializes in your hands, the Matterhorn relocates to The Netherlands and the Schweizergarde (Swiss guards) invade Italy?

I'll go with the first one a Lindt chocolate bunny.

sorry for the dumb question, next time I'll do proper research

 

[thelonelycoder]

I'll go with the first one a Lindt chocolate bunny.

sorry for the dumb question, next time I'll do proper research

Pick one (or two): https://duckduckgo.com/?q=Lindt+Goldhase&ia=images

 

[creatine]

My router is consifgured with DNSsec using cloudflare DNS and DNS global filter set to router. I just installed this script standard blocking list with pixlserv. Was working OK for about 2 days then DNS queries stopped resolving for all domains. I was still able to ping internet IPs. Once I stopped\started diversion. Everything started working again. I assume dnsmaq service crashed. How can I troubleshoot ? I don't see anything obvious in GUI systemlog

 

[HairyA00]

You got the best of both worlds.

As a follow-up to this question... I'm assuming there is no both force LAN clients through DNSMASQ to get the ad-blocking advantage, then send them somewhere upstream different than what you have configured on your WAN page.

In other words, my LAN fields are empty and my WAN is configured for DoT services. Everything works great. But I want to send a few clients upstream to their own external DNS (hence my use of DNSFilter). Today, I send a few clients upstream to a Pi-hole with OpenDNS and other clients to yet another Pi-hole with Cleanbrowsing Family. This is the only way I seem to be able to get both adblocking and special upstream DNS per MAC. Is there anything else I can do? Or because I have three different external DNS needs, is this the best I can do?

Even if the alternate blocking list had an option to send upstream somewhere else, that would be fantastic (and I could eliminate one Pi-hole at least).

I realize I can just send all the MACs upstream to their own DNS in DNSFilter, but I lose that distinct advantage of ad-blocking.

 

[thelonelycoder]

As a follow-up to this question... I'm assuming there is no both force LAN clients through DNSMASQ to get the ad-blocking advantage, then send them somewhere upstream different than what you have configured on your WAN page.

In other words, my LAN fields are empty and my WAN is configured for DoT services. Everything works great. But I want to send a few clients upstream to their own external DNS (hence my use of DNSFilter). Today, I send a few clients upstream to a Pi-hole with OpenDNS and other clients to yet another Pi-hole with Cleanbrowsing Family. This is the only way I seem to be able to get both adblocking and special upstream DNS per MAC. Is there anything else I can do? Or because I have three different external DNS needs, is this the best I can do?

Even if the alternate blocking list had an option to send upstream somewhere else, that would be fantastic (and I could eliminate one Pi-hole at least).

I realize I can just send all the MACs upstream to their own DNS in DNSFilter, but I lose that distinct advantage of ad-blocking.

I'll look into it.

 

[Jack Yaz]

I'll look into it.

It's fairly simple to spin up multiple dnsmasq instances with ip aliases (last time i dabbled, anyway)

Alternate-bf gave me most of the clues

 

[HairyA00]

It's fairly simple to spin up multiple dnsmasq instances with ip aliases (last time i dabbled, anyway)

Alternate-bf gave me most of the clues

Would be awesome... example:

DNS Filter > Global > Router (forces everyone to go through 192.168.1.1 even if DNS is hard-coded)

Exceptions (and the part that is missing is the Ad-blocking part):
DNSFilter > ClientA > Ad-blocking > UpstreamA
DNSFilter > ClientB > Ad-blocking > UpstreamB
DNSFilter > ClientC > Ad-blocking > UpstreamB
DNSFilter > ClientD > Ad-blocking > UpstreamB

 

[Jack Yaz]

Would be awesome... example:

DNS Filter > Global > Router (forces everyone to go through 192.168.1.1 even if DNS is hard-coded)

Exceptions (and the part that is missing is the Ad-blocking part):
DNSFilter > ClientA > Ad-blocking > UpstreamA
DNSFilter > ClientB > Ad-blocking > UpstreamB
DNSFilter > ClientC > Ad-blocking > UpstreamB
DNSFilter > ClientD > Ad-blocking > UpstreamB

I'll dig out my code that customises the dnsmasq instance that is spun up by Diversion. I imagine it's just a case of specifying a different upstream nameserver