What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I believe the Entware OpenSSL is taking precedence over /usr/sbin/openssl, and causing the error.

EDIT: it turns out that the openssl-util package is a dependency for unbound-control-setup package, which is installed by Unbound Manager. But once Unbound is installed, I see no reason to keep unbound-control-setup installed, so I would suggest to remove both packages as a workaround. Not sure if @thelonelycoder wants to fully-qualify the openssl call in an update.
Code:
opkg remove unbound-control-setup
opkg remove openssl-util

Ran the two commands - and it broke the email ability - see code below ...
Code:
 Continue? [1=Yes e=Exit] 1

bad decrypt
4151317712:error:06065064:lib(6):func(101):reason(100):NA:0:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
curl: (67) Login denied

  ✖  sending testmail failed

 Note the curl: error above and check your settings

  !  Press Enter to return to menu
 
Ran the two commands - and it broke the email ability - see code below ...
Code:
 Continue? [1=Yes e=Exit] 1

bad decrypt
4151317712:error:06065064:lib(6):func(101):reason(100):NA:0:
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
curl: (67) Login denied

  ✖  sending testmail failed

 Note the curl: error above and check your settings

  !  Press Enter to return to menu
Re-enter your password in the Diversion settings to make sure it gets encoded with the same binary that's going to decode it.
 
Re-enter your password in the Diversion settings to make sure it gets encoded with the same binary that's going to decode it.

:D you got it ... as usual and to be expected ... :cool:. MANY thanks
 
I'm posting this idea here because I think it's most applicable to Diversion users who have Statistics and logging enabled.

I use https://router.asus.com/ to connect to my GUI instead of an IP URL (e.g. http://192.168.1.1/). If you use the IP URL, this post isn't really for you.

Due to the fancy ajax-y design of the router GUI, it is constantly making requests back to router.asus.com to refresh the GUI display. In the Diversion dnsmasq log it can look like this (many queries per second):
Code:
Feb 12 13:15:23 dnsmasq[9208]: 23547 192.168.1.18/59811 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 /etc hosts router.asus.com is 192.168.1.1
This is because the entries from the hosts file are assigned a time-to-live of zero, so neither the LAN client nor the browser will cache this name and IP. This can also skew the Diversion stats if you leave your router GUI open for a long time like I do.

My solution is to add a host-record to dnsmasq.postconf to dynamically add the router.asus.com plus the custom lan hostname and domain name with a TTL of 1 hour. This will cut down on the repetitive logs greatly, in my opinion.

This is what the relevant section of my /jffs/scripts/dnsmasq.postconf looks like:
Code:
#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
. /usr/sbin/helper.sh

CONFIG="$1"

pc_append "host-record=$(nvram get lan_hostname).$(nvram get lan_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
pc_append "host-record=$(nvram get local_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
You could also add the ipv6 address after the lan_ipaddr if you have IPv6 enabled using the proper nvram variable (ipv6_rtr_addr?).
 
Last edited:
I'm posting this idea here because I think it's most applicable to Diversion users who have Statistics and logging enabled.

I use https://router.asus.com/ to connect to my GUI instead of an IP URL (e.g. http://192.168.1.1/). If you use the IP URL, this post isn't really for you.

Nice. And for those that use the IP address, disabling "Redirect webui access to router.asus.com" should eliminate these messages (Administration > System > Basic Config).
 
Loving the new log menu!

Random question, with the world moving to IPv6 eventually will this break DNS blocking if apps just start hard coding static IPv6 addresses? Dunno, just a thought.
 
Just done full reset and reconfigure of my RT-AC86U from scratch 384.15 - all running well ... but for one setting in Diversion for email under option "c" ... threw up a problem
View attachment 21347
Sorry - couldn't screen grab it all - 86U too quick - but note email works despite the error.
Just curious - never had this before ???

Noted, thanks.
 
I'm posting this idea here because I think it's most applicable to Diversion users who have Statistics and logging enabled.

I use https://router.asus.com/ to connect to my GUI instead of an IP URL (e.g. http://192.168.1.1/). If you use the IP URL, this post isn't really for you.

Due to the fancy ajax-y design of the router GUI, it is constantly making requests back to router.asus.com to refresh the GUI display. In the Diversion dnsmasq log it can look like this (many queries per second):
Code:
Feb 12 13:15:23 dnsmasq[9208]: 23547 192.168.1.18/59811 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23548 192.168.1.18/57457 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:23 dnsmasq[9208]: 23549 192.168.1.18/63416 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23550 192.168.1.18/62795 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23551 192.168.1.18/51819 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23552 192.168.1.18/57391 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23553 192.168.1.18/65103 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23554 192.168.1.18/49938 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23555 192.168.1.18/64306 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23556 192.168.1.18/64537 /etc hosts router.asus.com is 192.168.1.1
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 query[A] router.asus.com from 192.168.1.18
Feb 12 13:15:24 dnsmasq[9208]: 23557 192.168.1.18/49664 /etc hosts router.asus.com is 192.168.1.1
This is because the entries from the hosts file are assigned a time-to-live of zero, so neither the LAN client nor the browser will cache this name and IP. This can also skew the Diversion stats if you leave your router GUI open for a long time like I do.

My solution is to add a host-record to dnsmasq.postconf to dynamically add the router.asus.com plus the custom lan hostname and domain name with a TTL of 1 hour. This will cut down on the repetitive logs greatly, in my opinion.

This is what the relevant section of my /jffs/scripts/dnsmasq.postconf looks like:
Code:
#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion
. /usr/sbin/helper.sh

CONFIG="$1"

pc_append "host-record=$(nvram get lan_hostname).$(nvram get lan_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
pc_append "host-record=$(nvram get local_domain),$(nvram get lan_ipaddr),3600" "$CONFIG"
You could also add the ipv6 address after the lan_ipaddr if you have IPv6 enabled using the proper nvram variable (ipv6_rtr_addr?).

Would the exclude IP in the stats function do? Not sure I implemented IPv6, but IPv4 should do the trick.
 
I'm going to set up Diversion using a new router. Will I need to re-import certificates to avoid security errors in my browsers?
 
I'm going to set up Diversion using a new router. Will I need to re-import certificates to avoid security errors in my browsers?
If you run a backup within diversion it should backup your Pixelserv CA and you can restore that on your new router, so you don't have to regenerate the CA and reimport. Never done it on a new router, but plenty of times when changing firmware.
 
yesterday: /mnt/Entware | Size 22.1M | Used 13.3M (63%)
today: /mnt/Entware | Size 22.1M | Used 13.4M (64%)
Still 2 USB 4GB each!
Why?
 
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).

What am I missing in my setup to use IPV6 with Diversion? Running 384.15/ 86U
 
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).

What am I missing in my setup to use IPV6 with Diversion? Running 384.15/ 86U
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.
 
Question on using IPV6 with Diversion. Prior to loading Diversion, I had both IPV6 and IPV4 servers selected under DoT presets with IPV6 as my first choice. Both worked well with my provider. After loading Diversion I was seeing that ads were not being blocked. I removed the IPV6 servers and all seems to work well under the IP4 servers. After reading through this thread, I checked my local network info and the IPV4 DNS server is shown as my LAN IP (192.168.xxx.1); the LAN IPV6 is not (2600:1700:xxxx.xxxx::1).
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.
Diversion auto-generates the IPv6 entries when Dnsmasq is restarted and no entries are found in the blocking list.
Disabling logging, ad-blocking or Diversion itself and re-enabling it does the trick.
Updating the blocking list works just as well.
 
Be sure to update the blocking list after enabling IPv6 on the router so that Diversion will add AAAA (IPv6) entries for blocked domains. Your browser was probably requesting AAAA DNS lookups and Diversion only had A (IPv4) hostnames to block.

That did it...Thanks

Another question for you. Prior to running Diversion, I was using Malwarebytes browser guard to block ads. I disabled the option to block ads/trackers once Diversion was up and running. I re-enabled it to see if it was blocking ads and it still showed a "blocked" count. Is this a duplication of what Diversion is blocking or additional ads/trackers that it has found?
 
That did it...Thanks

Another question for you. Prior to running Diversion, I was using Malwarebytes browser guard to block ads. I disabled the option to block ads/trackers once Diversion was up and running. I re-enabled it to see if it was blocking ads and it still showed a "blocked" count. Is this a duplication of what Diversion is blocking or additional ads/trackers that it has found?
Diversion blocks outgoing requests from browsers, devices, apps. In-browser ad-blockerS do it within the website.
So one still sees the blocked content, but Diversion likely would block it too, if it had a chance.
 
I don't see any option in amtm to uninstall Diversion or other scripts installed via amtm. How is it done?
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top