Diversion Diversion - the Router Ad-Blocker

[bluepoint]

https://diversion-adblocking-ip.address is exactly what one enters into a browser.

And is it supposed to be blank?

 

[thelonelycoder]

And is it supposed to be blank?
View attachment 20455

Yes, a blank page. Or should I insert some ads to show that pixelserv-tls and ad-blocking is working
You have the padlock, that's all that matters.

 

[Mats Mora]

A non blank version: https://diversion-adblocking-ip.address/servstats

 

[bluepoint]

Yes, a blank page. Or should I insert some ads to show that pixelserv-tls and ad-blocking is working
You have the padlock, that's all that matters.

If you want you can put a dancing padlock.

 

[elorimer]

Christmas brought an 86U, so I've been moving things over to it from my 87U.

I had no whitelist and no blacklist, and going to the edit lists diaglog took me to a loop:

1. Edit whitelist
 2. Edit blacklist
 3. Edit wildcard-blacklist
 4. Process all lists
 5. List Settings: Colors on, Pagination 20
    Auto-add www/non-www domain off
 6. Delete backup files (0)
 Enter your selection [1-6 e=Exit] 1
 Notice: Empty or no whitelist found
 restoring from backup...
  !  Press Enter to continue 
 Notice: Empty or no whitelist found
 restoring from backup...(and so on)

Since my 87U had emailed me backup files, I downloaded blacklist.txt and whitelist.txt to /opt/share/diversion/lists, and got the same thing.

I changed the names of those to delete the .txt, and then they worked fine. So two small things: one the lists that get sent via backup shouldn't have the .txt, and two some escape when no list is found.

 

[elorimer]

Why can't I pass(get a secure padlock) with this site using Chromium Edge/IE 11 from latest Win 10? I've checked the pixelserv cert and verified 2048 bit. What am I missing?

I have found it necessary sometimes to delete old certs; that often means going in on an admin account where they have been saved to "local machine", as they should.

 

[thelonelycoder]

Christmas brought an 86U, so I've been moving things over to it from my 87U.

I had no whitelist and no blacklist, and going to the edit lists diaglog took me to a loop:

1. Edit whitelist
 2. Edit blacklist
 3. Edit wildcard-blacklist
 4. Process all lists
 5. List Settings: Colors on, Pagination 20
    Auto-add www/non-www domain off
 6. Delete backup files (0)
 Enter your selection [1-6 e=Exit] 1
 Notice: Empty or no whitelist found
 restoring from backup...
  !  Press Enter to continue
 Notice: Empty or no whitelist found
 restoring from backup...(and so on)

Since my 87U had emailed me backup files, I downloaded blacklist.txt and whitelist.txt to /opt/share/diversion/lists, and got the same thing.

I changed the names of those to delete the .txt, and then they worked fine. So two small things: one the lists that get sent via backup shouldn't have the .txt, and two some escape when no list is found.

Noted and fix built into local files, thanks for reporting.

 

[thelonelycoder]

I have found it necessary sometimes to delete old certs; that often means going in on an admin account where they have been saved to "local machine", as they should.

One should never have duplicate certificate files in browsers and devices. How should the browser or device know which of the identical file names to pick?

 

[Diamond67]

Should I do (update) something or not? I have pixelserv-tls v.2.2.1 and ep, 3, shows Key length: 1024 bit. I don't use iOS products.

 

[thelonelycoder]

Should I do (update) something or not? I have pixelserv-tls v.2.2.1 and ep, 3, shows Key length: 1024 bit. I don't use iOS products.

No. If all works well I'd stay on v2.2.1 until the Entware team releases the v2.3.1 update.

 

[elorimer]

One should never have duplicate certificate files in browsers and devices. How should the browser or device know which of the identical file names to pick?

Yes, that makes sense. But when one imports a cert, it doesn't necessarily delete an old cert, does it? Or at least, I can see three or more pixelerv certs sometimes. In all the instructions, though, do we describe first deleting obsolete certificates before importing a new certificate?

 

[Ian Holl]

Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?

 

[thelonelycoder]

Yes, that makes sense. But when one imports a cert, it doesn't necessarily delete an old cert, does it? Or at least, I can see three or more pixelerv certs sometimes. In all the instructions, though, do we describe first deleting obsolete certificates before importing a new certificate?

I usually word it "replace the certs in browser / devices" for a reason.

 

[thelonelycoder]

Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?

An app or in browser ad-blocker only blocks ads for these. Diversion blocks them for all devices behind the router.

 

[Ian Holl]

An app or in browser ad-blocker only blocks ads for these. Diversion blocks them for all devices behind the router.

That's very good reason to keep it.

 

[elorimer]

I usually word it "replace the certs in browser / devices" for a reason.

I think it might be helpful to edit #4535 more expressly. When 2.3.1 drops I think a bunch of people will regenerate the certs and go through the reimporting process. None of the guides we link to describes the replacement idea; in fact the Chromebook guide expressly recommends importing multiple certs.

If I follow (I don't pretend to), it is possible to have more than one cert imported (as for example a renewed cert), and in response to a request either (1) the most recent is served up, or (2) a round-robin choice is made, or (3) something else. Where both are valid it won't matter, but if a 10 year cert or a 1024 cert is served up instead of the shorter longer cert, I guess IOS will choke. One of the nice things about pixelserv is that this fails gracefully.

 

[thelonelycoder]

I think it might be helpful to edit #4535 more expressly. When 2.3.1 drops I think a bunch of people will regenerate the certs and go through the reimporting process. None of the guides we link to describes the replacement idea; in fact the Chromebook guide expressly recommends importing multiple certs.

If I follow (I don't pretend to), it is possible to have more than one cert imported (as for example a renewed cert), and in response to a request either (1) the most recent is served up, or (2) a round-robin choice is made, or (3) something else. Where both are valid it won't matter, but if a 10 year cert or a 1024 cert is served up instead of the shorter longer cert, I guess IOS will choke. One of the nice things about pixelserv is that this fails gracefully.

Documentation is key in such cases. And I wanted to prepare an illustrated guide on the Diversion website for a while.
I think now is the time, if I had the time...

 

[martinr]

Does Division offer more protection than apps like AdBlock Pro? I installed Division hoping it might have reduced the YouTube ads on my smartTV, but to no avail. But in all fairness the docs do say it doesn't stop YouTube ads. I guess I was just hoping Division might reduce them. What advantages is there by keeping Division on my router if AdBlock Pro is doing its job on my build?

Well, one (of several) advantages to keeping Diversion on your router (I’d uninstall Division, though, ), is that the blocking action takes place at your router, and not further downstream on the device with AdBlock Pro on it. And do all your current (and future) devices run AdBlock Pro?

 

[bluepoint]

Documentation is key in such cases. And I wanted to prepare an illustrated guide on the Diversion website for a while.
I think now is the time, if I had the time...

Now that we have the certs topic, I think now is the time to ask what's been in my confused mind, if you may?
a. Why is there a need to import pixelserv's certificate(my impression) to all devices?

I will have a follow up question after a.'s answered.

 

[dave14305]

Now that we have the certs topic, I think now is the time to ask what's been in my confused mind, if you may?
a. Why is there a need to import pixelserv's certificate(my impression) to all devices?

I will have a follow up question after a.'s answered.

In order for your browser to accept the https response from Pixelserv-tls, it must trust the certificate that signed the “phony” site certificate that Pixelserv generates for the blocked ad domain. Otherwise, you would see browser warnings every time an https ad request was answered by Pixelserv.