Diversion Diversion - the Router Ad-Blocker

[thelonelycoder]

Seems there is no interest in implement this...

If anyone is interested in using this unsupported "feature", here are the steps

• Make a copy of the blacklist file (/opt/share/diversion/list/blacklist)
• Manually add domains you intend to block to copy of the blacklist
• Edit the file /opt/share/diversion/file/alternate-bf.div

• Locate the line containing: echo "addn-hosts=${DIVERSION_DIR}/list/blacklist"
• Change the file name from blacklist to the name you chose on 2nd step
• Save

• Edit the file /opt/share/diversion/file/post-conf.div

• Locate the line containing: pc_append "addn-hosts=${DIVERSION_DIR}/list/blacklist" $CONFIG
• 4.2 - Change the file name from blacklist to the name you chose on 2nd step
• 4.3 - Save

• Open diversion

• If alternate blocking list is enable then disable it
• Enable alternate blocking list

Notes:

• Any new domains have to manually added to the copy of the blacklist
• Every time you upgrade diversion you need to make those changes (well, even the changes you need may change)
• If you break diversion files uninstall and reinstall it

I read your original post and made a note in my file to look into it.

 

[a k]

I read your original post and made a note in my file to look into it.

I did not see a response... so I assumed otherwise... sorry about that.
Since you already publishing it as GPL, why not get help on it?

 

[thelonelycoder]

I did not see a response... so I assumed otherwise... sorry about that.
Since you already publishing it as GPL, why not get help on it?

I was busy at the time and on the road, so I just added a note to look into it. So far I have not had the time to do that.

 

[thelonelycoder]

Since you already publishing it as GPL, why not get help on it?

Adding an additional blacklist is not just a matter of changing some lines.
The list needs to be added to the el functions and many other places, which require a lot of code changes and with it even more checks that this and the affected code still works.

 

[thelonelycoder]

• Edit the file /opt/share/diversion/file/post-conf.div

• Locate the line containing: pc_append "addn-hosts=${DIVERSION_DIR}/list/blacklist" $CONFIG
• 4.2 - Change the file name from blacklist to the name you chose on 2nd step
• 4.3 - Save

That entry is for the regular blocking file, not for the alternate blocking file.

 

[TonyK132]

Did you add the Pixelserv CA cert to your device? It's the best way to eliminate potential problems (see the import steps, you already have the CA created by Diversion):
https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices

I tried to do that, but I cannot connect to my Pixelserv IP address. Is there another way to install that cert, maybe getting it via ssh?

 

[TonyK132]

@TonyK132, do you have any adblocking on the devices themselves?

Did you reboot the router yet? After about 15 to 20 minutes I find that a reboot helps with the responsiveness afterward.

Of course, you need to install unbound too (use amtm!).

https://www.snbforums.com/threads/r...ility-for-unbound-recursive-dns-server.61669/

https://github.com/MartineauUK/Unbound-Asuswrt-Merlin

It seems that unbound is still in a state of flux. I might add it once it settles down a bit. It is good that it is now in amtm.

 

[a k]

That entry is for the regular blocking file, not for the alternate blocking file.

Updated above
When I was writing it down I was quite sure last time I did changes to a single file...

 

[dave14305]

I tried to do that, but I cannot connect to my Pixelserv IP address. Is there another way to install that cert, maybe getting it via ssh?

If you cannot connect to your Pixelserv IP, that is likely the problem -- full stop.

What is your Pixelserv IP? Try running these commands to look for problems. Replace your actual Pixelserv IP in the curl URL.

ifconfig | grep -a1 pixel
ps | grep pixel
grep pixelserv-tls /tmp/syslog.log*
curl http://192.168.1.xxx/servstats.txt

 

[a k]

Adding an additional blacklist is not just a matter of changing some lines.
The list needs to be added to the el functions and many other places, which require a lot of code changes and with it even more checks that this and the affected code still works.

Yeah... Of course the workaround to have it and the actual code to do it are different things.
From what I saw in the code it seems pretty straight forward, but I guess you know better.

 

[TonyK132]

If you cannot connect to your Pixelserv IP, that is likely the problem -- full stop.

What is your Pixelserv IP? Try running these commands to look for problems. Replace your actual Pixelserv IP in the curl URL.

ifconfig | grep -a1 pixel
ps | grep pixel
grep pixelserv-tls /tmp/syslog.log*
curl http://192.168.1.xxx/servstats.txt

My pixelserv IP is: 192.168.2.2

Attached is a file with the output of the commands. Does this tell you anything?

 

[dave14305]

My pixelserv IP is: 192.168.2.2

Attached is a file with the output of the commands. Does this tell you anything?

It should be working (it's running properly). I assume your router LAN IP is 192.168.2.1 and we don't have a subnet mismatch. So what happens when you browse to http://192.168.2.2/servstats

 

[wizin]

Cannot update diversion after new firmware, force doesnt work either

 

[TonyK132]

It should be working (it's running properly). I assume your router LAN IP is 192.168.2.1 and we don't have a subnet mismatch. So what happens when you browse to http://192.168.2.2/servstats

Correct, that is my subnet.

When I attempt to go there, I get:

This site can’t be reached
192.168.2.2 took too long to respond.

Maybe this is a Win10 thing and not a Diversion thing. I'll be working on that.

 

[kidd232]

One more question, is it normal to show 0 under "Medium+" in attached picture?
Thanks for all help!

 

[kernol]

Just done full reset and reconfigure of my RT-AC86U from scratch 384.15 - all running well ... but for one setting in Diversion for email under option "c" ... threw up a problem

Sorry - couldn't screen grab it all - 86U too quick - but note email works despite the error.
Just curious - never had this before ???

 

[kernol]

One more question, is it normal to show 0 under "Medium+" in attached picture?
Thanks for all help!

The line below Medium+ is not a reflection of the blocking file - that line is opposite "el" which allows you to edit lists - and is showing that so far you have not edited any of the lists. 0 w - white list / 0 b - blacklist etc

 

[dave14305]

Just done full reset and reconfigure of my RT-AC86U from scratch 384.15 - all running well ... but for one setting in Diversion for email under option "c" ... threw up a problem
View attachment 21347
Sorry - couldn't screen grab it all - 86U too quick - but note email works despite the error.
Just curious - never had this before ???

Yes, it seems to have something to do with the OpenSSL call when retrieving the username and password from the config file.

 

[kernol]

Yes, it seems to have something to do with the OpenSSL call when retrieving the username and password from the config file.

Anything to worry about [for me that is ] ... guess it'll get fixed in due time.

 

[dave14305]

Anything to worry about [for me that is ] ... guess it'll get fixed in due time.

I believe the Entware OpenSSL is taking precedence over /usr/sbin/openssl, and causing the error.

EDIT: it turns out that the openssl-util package is a dependency for unbound-control-setup package, which is installed by Unbound Manager. But once Unbound is installed, I see no reason to keep unbound-control-setup installed, so I would suggest to remove both packages as a workaround. Not sure if @thelonelycoder wants to fully-qualify the openssl call in an update.

opkg remove unbound-control-setup
opkg remove openssl-util