Diversion Diversion - the Router Ad-Blocker

[Mircica]

Dear friends, I have changed everything, but still not working... !
On 4.1.3, on 2x2GBpartition Ext2 everything worked fine and with no problems! Even with my whitelist and blacklist from the start.
Now, after upgrade, fresh reinstalling all, and FW update still baffled... not working!
I will modify my whitelist...
If someone has a backup of 4.1.3... please PM me!

 

[John Fitzgerald]

Dear friends, I have changed everything, but still not working... !
On 4.1.3, on 2x2GBpartition Ext2 everything worked fine and with no problems! Even with my whitelist and blacklist from the start.
Now, after upgrade, fresh reinstalling all, and FW update still baffled... not working!
I will modify my whitelist...
If someone has a backup of 4.1.3...

I know I am late here but, why are you not using EXT4 with Journaling turned ON?

Why: "2x2GBpartition Ext2"?

 

[Mircica]

I know I am late here but, why are you not using EXT4 with Journaling turned ON?

Why: "2x2GBpartition Ext2"?

Ext4 on RT-AC66U?

 

[Mircica]

Small blocking list worked! But none of the rest! Sad! Still no one has 4.1.3 backup?

 

[Asad Ali]

Small blocking list worked! But none of the rest! Sad! Still no one has 4.1.3 backup?

Why not try my other suggestion?offloading the whitelisting work to a PC and only import the final list, it may fix your issue.

 

[SomeWhereOverTheRainBow]

I know I am late here but, why are you not using EXT4 with Journaling turned ON?

Why: "2x2GBpartition Ext2"?

in some situations journaling would be beneficial, but not with all devices.

 

[Mircica]

Why not try my other suggestion?offloading the whitelisting work to a PC and only import the final list, it may fix your issue.

Using which software? Any particular one doing this? Still looking for it...
But worked nicely till 4.1.3!
Now tried everything...
Wish someone could give me a backup of 4.1.3, the version that worked so nicely even on my ancient FW!
Why not let users choose which version to use?

 

[Asad Ali]

Using which software? Any particular one doing this? Still looking for it...

You can edit the script from here to your own use case, I'm using the same and it works great for me.

https://github.com/StevenBlack/hosts/blob/master/readme.md#generate-your-own-unified-hosts-file

 

[Mircica]

Thank you!

 

[Mircica]

@thelonelycoder can you ad DNSCrypt 1.0 to AMTM for those who rely on old HW like me? It would be nice for all of us.
And somehow amtm tries to install 2.0 over 1.0... and also shows version "v" instead of 1.0!

solved part with "v"
DNSCRYPT_VER=1.0.0 added as 3rd line in script

 

[Mircica]

You can edit the script from here to your own use case, I'm using the same and it works great for me.

https://github.com/StevenBlack/hosts/blob/master/readme.md#generate-your-own-unified-hosts-file

I am trying right now... Thanks again!

 

[Mircica]

Any good script recommended for my old HW (RT-AC66U FW 380.70)?

 

[relic]

Hi @thelonelycoder,

1. Trying to look into Diversion a bit further, it seems like the description on the following pages is a bit misleading (at least for new Diversion users):
   https://diversion.ch/diversion/installation.html
   

   Diversion Lite installs Diversion and Entware, using the IP address 0.0.0.0 to divert blocked domains.
   The Lite Edition blocks http domains.
   Diversion Standard installs Diversion, Entware and its pixelserv-tls package, using the selected IP address to divert blocked domains to pixelserv-tls.
   The Standard Edition blocks http and https (secure) domains.

   
   https://diversion.ch/faq-reader/what-does-pixelserv-tls-do.html
   

   Diversion Lite Edition blocks HTTP ads, meaning they were served from a Web-server running the HTTP protocol.
   It may leave gaps in the web page where the blocked ad would show.
   Diversion Standard Edition installs pixelserv-tls and with it the capability to block HTTP and HTTPS ads.
   And not only that, it fills the space left by blocked content where possible with a pixel-sized image, hence the pixelserv name.

   
   From what I can tell, The Lite and The Standard Edition both can block http AND https domains,
   but The Standard Edition with pixelserv-tls can additionally fill the space left by blocked content (only if the pixelserv-tls' certificate is manually imported into clients),
   and, at least according to @kvic's manually performed tests
   https://kazoo.ga/pixelserv-tls-more-is-less/
   https://kazoo.ga/new-features-in-pixelserv-tls-2-1-0/
   the pages with blocked content could load faster with pixelserv-tls.
   
   

2. My own testing includes running amtm and Diversion on two RT-AC66U routers. One runs 380.70, the other johns LTS fork firmware. They're not dead yet.

   Do you use the original (MIPS-based) RT-AC66U or RT-AC66U_B1? What edition of Diversion do you use/recommend for such MIPS-based routers?
   
   According to your comment
   https://github.com/kvic-z/pixelserv-tls/issues/18#issuecomment-456516745
   the last pixelserv-tls version for MIPS-based routers is v2.0.1, and the URL http://<pixelserv ip>/ca.crt is not working,
   so have you found the way to import this pixelserv-tls cert?
   Do you use Diversion Standard without this cert or Diversion Lite?
   
   
3. Looking through the logs by selecting f follow dnsmasq.log
   and then 2. Unfiltered log extra highlighted (or 3. Filtered by blocked domains)
   I've noticed a small side-effect:
   the log line containing "blockinglist" or "blacklist" will be highlighted as blocked (in red),
   even if the corresponing URL wasn't actually in the blocking list:
   try visiting, for instance, blacklist.reddit.com
   
   Looking through
   

   /opt/share/diversion/file/functions.div

   it seems to happen because the functions highlighted() and blocked_domains() contain the same line
   

   if echo "$line" | grep -q "blockinglist\|blacklist\| config .* is $blockingIP"; then

   that just checks if the log file line contains specific keywords.

 

[Morgon]

Not really sure where to post this, but I'm getting security warnings when previewing links from the built-in browser in the Reddit app (or very occasionally through in-app Safari widgets in other apps). I'm not entirely sure what triggers it, because if I go to r/Diversion, the Diversion homepage doesn't generate this warning, but other links do.

This does not happen in Safari proper, so it's not a total misconfiguration. For now I have changed the Reddit app to use Safari, and it's been mostly okay so far. It is indeed "the answer", but curious if there's any thoughts as to why this would break here.

 

[HairyA00]

Not really sure where to post this, but I'm getting security warnings when previewing links from the built-in browser in the Reddit app (or very occasionally through in-app Safari widgets in other apps). I'm not entirely sure what triggers it, because if I go to r/Diversion, the Diversion homepage doesn't generate this warning, but other links do.

This does not happen in Safari proper, so it's not a total misconfiguration. For now I have changed the Reddit app to use Safari, and it's been mostly okay so far. It is indeed "the answer", but curious if there's any thoughts as to why this would break here.

I believe you need to update pixelserv-tls to version 2.3.0, regenerate a certificate, and install it on your phone.

From the diversion.ch website:

1. Update Diversion to this latest version.
2. Install Jack Yaz's pixelserv-tls v2.3.0 in ep, 6, 3
3. Re-generate the pixelserv-tls CA certificate in ep, 3, 2 (all domain certificates will be purged during that step).
4. Import the new pixelserv-tls CA certificate (ca.crt) into browsers and devices, replacing the previous certificate. Open the certificate link in a browser with your pixelserv-tls IP address, typically this is 192.168.1.2/ca.crt and import it.

 

[Morgon]

I believe you need to update pixelserv-tls to version 2.3.0, regenerate a certificate, and install it on your phone.

Fantastic. Thank you very much for your reply, this was wonderfully easy to fix!

 

[Morgon]

Good questions. When I added ups.tt.omtrdc.net, Diversion showed an exact match in blocking file. I will test removing it, clear cache and try again later today. It worked Sunday, then Monday was blank white, likely due to the fact I have my Diversion blocking list (Standard+) update Sunday at 0200 my local time.

FWIW, I just had this same issue with the white screen - both mobile and desktop. I noticed the text was physically on the page (I could see my cursor change between links and selectable text).

I ended up blocking another web-bug from 'tags.tiqcdn.com', and the page seemed to come up normally (both mobile and desktop). Not sure if it was caching (and thus coincidence) or whether it actually did something to affect the display.

 

[Rudi Pittman]

Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).

 

[HairyA00]

Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).

Not to turn this into a "I use these lists" discussion, but this is a good mix:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
http://sysctl.org/cameleon/hosts
https://hosts-file.net/ad_servers.txt
https://mirror1.malwaredomains.com/files/domains.hosts

Been using those for years and have had to whitelist one website ever.

Another great resource, but I will warn you that picking random lists off of that site will cause breakages: https://firebog.net/
Good whitelist to help with that: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt

 

[Butterfly Bones]

Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).

If you have Skynet installed, it has an IoT Blocking setting.