Diversion Diversion - the Router Ad-Blocker

[Mutzli]

Hey I got a question.

It seems like diversion (or pixelserv) is blocking some certificates from acting properly. Normally it has not been a problem but recently, because of corona, I’ve been working more from home and noticed that some programs within Office 365 act up (namley forms) and complain about the certificate not being trusted.

If I turn diverson off I can open it.

Can someone explain what to modify and how (assume I’m an idiot).

Your pixelserv certificate is probably old and doesn't match the new requirements. You have to re-issue a 2048bit with a new expiration date. In Diversion go to 'ep' then manage entware and use option 3. Purge and regenerate the certificate if it's not 2048 bit.

 

[thelonelycoder]

Can you add this to the faq page or other appropriate location. I couldn't find any mention of it on the website.

Done: https://diversion.ch/diversion/manual/menu-header.html

 

[Spindel]

Your pixelserv certificate is probably old and doesn't match the new requirements. You have to re-issue a 2048bit with a new expiration date. In Diversion go to 'ep' then manage entware and use option 3. Purge and regenerate the certificate if it's not 2048 bit.

Thanks, but still not 100 %. Now I don’t get certificate error, but forms doesn’t load correctly.

I’ll have to fiddle with it a bit, but now I at least know what path to go.

 

[thelonelycoder]

The main menu and extended options menu are now briefly explained on the website.
https://diversion.ch/diversion/manual/the-main-menu.html
https://diversion.ch/diversion/manual/the-extended-options-menu.html

 

[TheLyppardMan]

Thanks, but still not 100 %. Now I don’t get certificate error, but forms doesn’t load correctly.

I’ll have to fiddle with it a bit, but now I at least know what path to go.

I tried the option of regenerating the Pixelserv certificate before reading about it on this thread and then reimporting it both into Firefox and also into Windows via Microsoft Edge, but it didn't solve the problem of hundreds of certificate errors being flagged up by Bitdefender. Only when I disabled Pixelserv did the problem stop, but now I don't get any ad blocking on https sites, unfortunately. Up till a couple of days ago I hadn't had any such problems, so I still don't know what has caused this to happen.

 

[martinr]

I tried the option of regenerating the Pixelserv certificate before reading about it on this thread and then reimporting it both into Firefox and also into Windows via Microsoft Edge, but it didn't solve the problem of hundreds of certificate errors being flagged up by Bitdefender. Only when I disabled Pixelserv did the problem stop, but now I don't get any ad blocking on https sites, unfortunately. Up till a couple of days ago I hadn't had any such problems, so I still don't know what has caused this to happen.

My first instinct would have been to turn off Bitdefender rather than Diversion/Pixelserv.

 

[AntonK]

I tried the option of regenerating the Pixelserv certificate before reading about it on this thread and then reimporting it both into Firefox and also into Windows via Microsoft Edge, but it didn't solve the problem of hundreds of certificate errors being flagged up by Bitdefender. Only when I disabled Pixelserv did the problem stop, but now I don't get any ad blocking on https sites, unfortunately. Up till a couple of days ago I hadn't had any such problems, so I still don't know what has caused this to happen.

Bitdefender can't be set to ignore that error?

 

[Mister10B]

First of all, want to compliment Lonely coder! Since I have AMTM and Diversion installed I noticed much more want is going in (or blocked inbound) and what is blocked out..
Related to this, I noticed after using Avast as anti-virus software , is probalby doing more harm than giving advantage.
Maybe the wrong place here, but want do you guys recommand to use as anti-virus software?
For me, I do know what I doing (USB etc, phising...) but my 2 kids now doing much more on PC's due to Covid, I am not so sure....
Appreciate any comments / suggestions (and I am de-installing Avast right now )

 

[L&LD]

@Mister10B if you're using Windows 10, then all you need is the built-in solution. If you have an Office 365 (now called Microsoft 365) subscription with OneDrive, you're even more protected if you have your Desktop, Documents, and Pictures syncing automatically (particularly helpful for things like ransomware attacks, etc.).

For the kids, if they're also using Windows, and the subscription above, you can have very fine level of control over their exposure to online threats (virus or otherwise), screen time, and related concerns with the Family settings.

The video in the link below may be of some use, at least as an overview, for what Microsoft 365 can offer today's families.

https://www.windowscentral.com/microsoft-365

https://www.windowscentral.com/watch-microsoft-365-consumers-deep-dive-see-whats-new

HTH.

 

[cmkelley]

First of all, want to compliment Lonely coder! Since I have AMTM and Diversion installed I noticed much more want is going in (or blocked inbound) and what is blocked out..
Related to this, I noticed after using Avast as anti-virus software , is probalby doing more harm than giving advantage.
Maybe the wrong place here, but want do you guys recommand to use as anti-virus software?
For me, I do know what I doing (USB etc, phising...) but my 2 kids now doing much more on PC's due to Covid, I am not so sure....
Appreciate any comments / suggestions (and I am de-installing Avast right now )

View attachment 22970

Interesting ... on my system microsoft's watson is #1, with avast #2.

 

[thelonelycoder]

First of all, want to compliment Lonely coder! Since I have AMTM and Diversion installed I noticed much more want is going in (or blocked inbound) and what is blocked out..
Related to this, I noticed after using Avast as anti-virus software , is probalby doing more harm than giving advantage.
Maybe the wrong place here, but want do you guys recommand to use as anti-virus software?
For me, I do know what I doing (USB etc, phising...) but my 2 kids now doing much more on PC's due to Covid, I am not so sure....
Appreciate any comments / suggestions (and I am de-installing Avast right now )

View attachment 22970

Diversion does not block inbound domains. It blocks outgoing domains from being resolved to their real IP.

 

[HairyA00]

Only when I disabled Pixelserv did the problem stop, but now I don't get any ad blocking on https sites, unfortunately.

Diversion will block https ads even with pixelserv disabled. They just won't be replaced with a single pixel to tidy up the page and load faster. They will just timeout to 0.0.0.0 instead of being answered by pixelserv.

 

[Centrifuge]

They will just timeout to 0.0.0.0

Just curious, is there a set timeout interval for that scenario?

 

[HairyA00]

Just curious, is there a set timeout interval for that scenario?

My understanding is that without pixelserv, the best that can be done is a 'network error' kind of scenario. In other words, the connection simply times out because it cannot establish a connection to the server. You'll get the ugly grey squares (like my avatar) but otherwise, they are still blocked, just not as 'cleanly'.

 

[thelonelycoder]

My understanding is that without pixelserv, the best that can be done is a 'network error' kind of scenario. In other words, the connection simply times out because it cannot establish a connection to the server. You'll get the ugly grey squares (like my avatar) but otherwise, they are still blocked, just not as 'cleanly'.

The NULL address 0.0.0.0 tells the clients, apps or OS to abandon any further requests to it immediately, as opposed to the localhost 127.0.0.1 which usually runs a service behind the selected port.
That is the theory, some browsers or apps may not follow that or stray from that behaviour. That directive has been agreed on since the keyboard is a device to enter characters into a computing device and not meant to produce sounds.

 

[dev_null]

First of all, want to compliment Lonely coder! Since I have AMTM and Diversion installed I noticed much more want is going in (or blocked inbound) and what is blocked out..
Related to this, I noticed after using Avast as anti-virus software , is probalby doing more harm than giving advantage.
Maybe the wrong place here, but want do you guys recommand to use as anti-virus software?
For me, I do know what I doing (USB etc, phising...) but my 2 kids now doing much more on PC's due to Covid, I am not so sure....
Appreciate any comments / suggestions (and I am de-installing Avast right now )

View attachment 22970

I thought the number of blocked attempts was bad on Avast until I tried Bitdefender. BD had almost 5 times the number Avast did.

Have you turned off all the data sharing options (Menu > Settings > General scroll to "Open old settings" and then Privacy)? I found out turn off all the sharing reduced the number considerably.

I think any of the antivirus apps are going to "overshare" because the heuristics are so complex they need to do that on servers rather than locally for performance reasons. While undesirable, it is likely a fact of life.

 

[Marin]

Hi guys,

I updated my Large blocking list and I can’t access asus.com any longer. Any of you experiencing this or is the site down, perhaps?


Sent from my iPhone using Tapatalk

 

[Marin]

Hi guys,

I updated my Large blocking list and I can’t access asus.com any longer. Any of you experiencing this or is the site down, perhaps?


Sent from my iPhone using Tapatalk

In Diversion, I get this:

Blocking list options

 The blocking list is assembled from hosts file(s)
 and is the main ad-blocker in Diversion.
 To fine tune the blocking list, use the edit list
 options in  el .

 1. Change composition Large  fs 
 2. Domains per line in blocking list(s), 20
 3. Change update day(s) and time
 4. Update blocking list now  bu 
 5. Find domain in hosts file(s)
 6. Alternate blocking list for specified clients
 7. Use LAN blocking IP address (advanced setting)

 Enter selection [1-7 e=Exit] 5
____________________________________________________

  i  This finds in which hosts file(s)
     a domain is blocked.

 Enter domain  [e=Exit] www.asus.com

 no matches found in used hosts files

  !  Press Enter to return to menu.

Also tried in Skynet and this is what I get:

 Unbanning 103.10.4.216
ipset v6.32: Element cannot be deleted from the set: itd[i] Saving Changes

Sent from my iPhone using Tapatalk

 

[Marin]

In Diversion, I get this:

Blocking list options

 The blocking list is assembled from hosts file(s)
 and is the main ad-blocker in Diversion.
 To fine tune the blocking list, use the edit list
 options in  el .

 1. Change composition Large  fs 
 2. Domains per line in blocking list(s), 20
 3. Change update day(s) and time
 4. Update blocking list now  bu 
 5. Find domain in hosts file(s)
 6. Alternate blocking list for specified clients
 7. Use LAN blocking IP address (advanced setting)

 Enter selection [1-7 e=Exit] 5
____________________________________________________

  i  This finds in which hosts file(s)
     a domain is blocked.

 Enter domain  [e=Exit] www.asus.com

 no matches found in used hosts files

  !  Press Enter to return to menu.

Also tried in Skynet and this is what I get:

 Unbanning 103.10.4.216
ipset v6.32: Element cannot be deleted from the set: itd[i] Saving Changes

Sent from my iPhone using Tapatalk

Resolved....I uninstalled and reinstalled Skynet and the site resolved.


Sent from my iPhone using Tapatalk

 

[pirx73]

It is ok to run Diversion along with Skynet on RT-AC68U RAM-wise? Asking because currently i have about 40MB RAM free on my router and i am not sure is this enough since Diversion runs a webserver in addition to scripts.
I have 2GB swap file set on USB, but a bit concerned about excessive swapping which might slow my router.