What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@doczenith1, yes, please re-read my post again (I think it makes sense. :) ).

Regenerate the certificate, verify it is actually used by Diversion and then re-import the new certificates into your client devices.
 
@Treadler, it did change a little. :)

See the first link in post 5169 above. ;)
 
Yeah, I deleted my post. May have served just to muddy the waters a little.

No! It had good information for Apple users! :(

I don't like posts disappearing on forums. Makes the following comments seem messy at best.

Like the post from @rgnldo about Auth-Zone that was on page 36 but was gone when I went back to reference it after installing unbound again (Auth-Zone makes a huge difference).

Now, I use a partial post and use 'rs' inside unbound_manager after doing the necessary commands from the post (below).

https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-33#post-541097
 
@doczenith1, yes, please re-read my post again (I think it makes sense. :) ).

Regenerate the certificate, verify it is actually used by Diversion and then re-import the new certificates into your client devices.

I read your post and linked messages multiple times. No mention of how to handle certs after the upgrade. They all seemed to refer to people having issues when upgrading pixelserv-tls from Jack's version or a manual install of the entware version prior to the official release.

And just so I am understanding you correctly, no need to purge before regenerating and reimporting my certs?
 
@doczenith1, the post that @Treadler deleted had that information. I can't track it down now as fast as I would like.

I would, as a matter of course, purge and regenerate the certificates. Why take chances? ;)

Then, of course, re-import them into all your client devices too.
 
I read your post and linked messages multiple times. No mention of how to handle certs after the upgrade. They all seemed to refer to people having issues when upgrading pixelserv-tls from Jack's version or a manual install of the entware version prior to the official release.

And just so I am understanding you correctly, no need to purge before regenerating and reimporting my certs?

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424
 
Once last question. When importing into my Android 10 device it brings up "Credential use:" and the choices are 'VPN and apps' or 'Wi-Fi'. I don't remember this choice when I imported the cert last time a year or so ago.
 
I use WiFi myself. But now you got me thinking? I also use OpenVPN back to my home router, should I import into both?
 
Another thing I noticed. The previous cert was located under Settings>Security>Encryption & credentials>Trusted credentials>USER. This time when I imported the cert it asked for a name (can't remember if it did that before but the name in the USER location was Pixelserv CA) and it put it under Settings>Security>Encryption & credentials>User credentials and used the name that I typed in when installing.
 
Last edited:
On one of my devices I had the cert installed for wifi only. I went to a site and was getting the grey box with frown face where ads were supposed to be. I then added the cert for VPN and apps the the grey box went away. Seems like the latter is the proper way for web browsing anyway.
 
@doczenith1 which device was that? Apple, Android, PC or other? :)
 
Does this look right, regarding TLS handshake errors, dropped requests and unknown certs?
pixelserv stats
 
Hello @thelonelycoder

Diversion is pretty good on what it does. Previously I did a small donation contribution, but now I'm looking for a different kind of contribution.
The alternate blocking list is a pretty good concept but it falls a little short of completely fulfilling my use case.
In addition to the use of a more comprehensive block list for my kids devices I want to be able to blacklist specific sites just for the alternate blocking list.
On vanilla Diversion I can either blacklist a domain for all devices or to none.
To workaround that I created a blacklist2 file and did changes to Diversion to use it (I'm glad you released it as GPL).
I also identified on Diversion the changed needed to implement an alternate balcklist to use with the alternate blocking list.
What I did not find what a GitHub repo to submit a PR, so you could evaluate if worth integrating to Diversion or not (I did find amtm's repo on GitHub).
If you interested in seeing it let me know.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top