Diversion Diversion - the Router Ad-Blocker

[Nero]

Diversion will not work over the VPN tunnel if you have Accept DNS Configuration = Exclusive in the OpenVPN client screen. With this setting, dnsmasq is bypassed. Diversion requires dnsmasq. Set Accept DNS Configuration to disabled or strict.

yeah i read about that so just to make things easier i will remove the vpn for now completely just to find what is not working with diversion, i probably didnt config something correctly. because i alredy tried before setting up the vpn stuff but nada, in amtm its show diversion is working but on pc and smatphons ads are still there.how i said im new to this stuff so mybe i just didnt configured correctly something srry for bad english i am from italy.

 

[Nero]

Ensure diversion is working correctly by running this on the router:

nslookup diversion-adblocking-ip.address 127.0.0.1

It should return your Pixelserv IP 192.168.187.8. If it does, you know that Diversion is integrated correctly with dnsmasq.

You mentioned a VPN earlier. How is it setup?

turned off vpn tried to find whats wrong but nope ads still there

 

[Xentrk]

turned off vpn tried to find whats wrong but nope ads still there

Try to force all clients to use the router dns. LAN->DNSFilter tab

 

[Laxarus]

Hello,
I wanted to share my experience with diversion here and I would be glad if I can be helpful for further development for the diversion folks.

Anyway, I was looking for a adblocking solution for my whole network for it is very cumbersome to set up adblocking for every device out there especially phones and such.

I am behind CGNAT and there are some country restrictions for certain websites. I use x3mRouting for selective VPN to bypass those.
I don't want to be behind VPN all the time because it puts additional latency to internet speed. I wanted VPN just to access whatever my ISP is blocking. However, my ISP has a way with VPNs. From what I experienced, I believe my ISP also inspects DNS packets too so they nip access in the bud. So, I also have to encrypt my DNS because DNS queries go through the internet without VPN when you opt for selective routing. For that, thankfully asus-merlin has DOT features I have been using.

I compared pi-hole, adguard and diversion. Diversion was a whole lot easier to set it up and run considering above mentioned restrictions.
Installation went smoothly with amtm. Diversion was up and running in 5 mins.
While using diversion, I noticed browser response was noticeably worse than normal browsing. Websites were always trying to load something with that annoying circle and failing.
I had to troubleshoot a lot with white lists and such and I was getting an earful for messing up the internet from the home folks.
Then, I decided to go back to drawing board, think about my options again.
So, I uninstalled diversion. Uninstalling was also pretty easy.

However, now I am facing problems with DNS resolution. Websites fail to load due to DNS errors which is forcing me to reload the page. I think diversion "un-installation" was not as smooth as I thought it was. Maybe, uninstallation left some settings and those settings and files are confusing the router. I am not an expert on this but it is the most likely option as diversion is a DNS sink hole and I have problems with DNS. I cannot fix it or know how to. At this point, I will have to go for factory default.
Hope, my feedback is somewhat helpful.

 

[Xentrk]

Hello,
I wanted to share my experience with diversion here and I would be glad if I can be helpful for further development for the diversion folks.

Anyway, I was looking for a adblocking solution for my whole network for it is very cumbersome to set up adblocking for every device out there especially phones and such.

I am behind CGNAT and there are some country restrictions for certain websites. I use x3mRouting for selective VPN to bypass those.
I don't want to be behind VPN all the time because it puts additional latency to internet speed. I wanted VPN just to access whatever my ISP is blocking. However, my ISP has a way with VPNs. From what I experienced, I believe my ISP also inspects DNS packets too so they nip access in the bud. So, I also have to encrypt my DNS because DNS queries go through the internet without VPN when you opt for selective routing. For that, thankfully asus-merlin has DOT features I have been using.

I compared pi-hole, adguard and diversion. Diversion was a whole lot easier to set it up and run considering above mentioned restrictions.
Installation went smoothly with amtm. Diversion was up and running in 5 mins.
While using diversion, I noticed browser response was noticeably worse than normal browsing. Websites were always trying to load something with that annoying circle and failing.
I had to troubleshoot a lot with white lists and such and I was getting an earful for messing up the internet from the home folks.
Then, I decided to go back to drawing board, think about my options again.
So, I uninstalled diversion. Uninstalling was also pretty easy.

However, now I am facing problems with DNS resolution. Websites fail to load due to DNS errors which is forcing me to reload the page. I think diversion "un-installation" was not as smooth as I thought it was. Maybe, uninstallation left some settings and those settings and files are confusing the router. I am not an expert on this but it is the most likely option as diversion is a DNS sink hole and I have problems with DNS. I cannot fix it or know how to. At this point, I will have to go for factory default.
Hope, my feedback is somewhat helpful.

What router model and firmware are you using?

Did you setup pixelserv-tls feature? Should help with browser issues.

Diversion sets up dnsmasq logging. This feature is required if using the dnsmasq method of x3mRouting. So that may be your issue. You can set it up manually following the instructions on https://github.com/Xentrk/x3mRouting#enable-dnsmasq-logging

On the VPN, use a GCM cipher for better performance AES-GCM-128 or AES-GCM-256.

I use DoT Cloudflare on WAN page and have Accept DNS Configuration = Disabled on the OpenVPN Client Screen. DNS queries are still encrypted that way.

 

[gtqiiptzfsfcppfcs]

Hi,

Thank you so much for this amazing script. Installed from Amtm with no problem.

I live in HK and want to target some China ads. I want to add this list to the blacklist:

https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

May I ask essentially I just need to add 192.168.1.2 in front of each domain, save it as .txt, and use hosted blacklist option?

Is it possible to host this txt file on the router itself? (A local path)?

thank you so much!

 

[cga2020]

I've had a problem with the Facebook app for Android for a month or so. If I want to read an article on FB in the application, I get the error like in the attachment. They are different domains. What do i need to unlock?View attachment 26183

I have the same problem with one phone but it's working well on other phone (different model, different android version). The same link opened in Chome on the same phone it's also working well. Only when opening the link from Facebook app have this problem.

If I disable Diversion, the link from Facebook app working well, too.
Any idea what I have to do to fix it?

 

[doublehd]

Hi,

Thank you so much for this amazing script. Installed from Amtm with no problem.

I live in HK and want to target some China ads. I want to add this list to the blacklist:

https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

May I ask essentially I just need to add 192.168.1.2 in front of each domain, save it as .txt, and use hosted blacklist option?

Is it possible to host this txt file on the router itself? (A local path)?

thank you so much!

I need this help either as those ads just really pisssed me off.

 

[gtqiiptzfsfcppfcs]

Hi,

Thank you so much for this amazing script. Installed from Amtm with no problem.

I live in HK and want to target some China ads. I want to add this list to the blacklist:

https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

May I ask essentially I just need to add 192.168.1.2 in front of each domain, save it as .txt, and use hosted blacklist option?

Is it possible to host this txt file on the router itself? (A local path)?

thank you so much!

Small update: I tried alternative methods which are editing the following files:

/opt/share/diversion/list/blacklist
/jffs/configs/dnsmasq.conf.add

But nano crashed everytime I paste anything...and I'm not sure about the correct format for the domains...

 

[dave14305]

Small update: I tried alternative methods which are editing the following files:

/opt/share/diversion/list/blacklist
/jffs/configs/dnsmasq.conf.add

But nano crashed everytime I paste anything...and I'm not sure about the correct format for the domains...

Add the URL in diversion under b, 1, 2, 1 menu options.

____________________________________________________

What do you want to do?  b
____________________________________________________

Blocking list options

The blocking list is assembled from hosts file(s)
and is the main ad-blocker in Diversion.
To fine tune the blocking list, use the edit list
options in  el .

1. Change composition Standard  fs
2. Domains per line in blocking list(s), 20
3. Change update day(s) and time
4. Update blocking list now  bu
5. Find domain in hosts file(s)
6. Alternate blocking list for specified clients
7. Use LAN blocking IP address (advanced setting)
8. YouTube video ads blocking experimental feature!

Enter selection [1-8 e=Exit] 1
____________________________________________________

1. Select a predefined list
2. Customize hosts list
3. Enable blocking list fast switch  fs

Enter your selection: [1-3 e=Exit] 2
____________________________________________________

Customizable hosts list:

1: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
____________________________________________________

1. Add hosts list
2. Remove hosts list
3. Disable hosts list
4. Enable hosts list

Enter selection [1-2 e=Exit] 1

  i  Hosts list can be in "IP domain" pair or
     domain only format.

Paste web address and press [Enter]

Enter hosts list  [q=Quit]  https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

 

[weslsew]

what specifically am I looking for? Rebooted router yesterday morning and ads weren't being blocked when I woke up today...

most recent log entry is:

Sep 14 05:20:04 Diversion: rotated dnsmasq log files

before that is:

Sep 14 02:00:09 Diversion: started second Dnsmasq instance for alternate blocking list
Sep 14 02:00:09 Diversion: restarted Dnsmasq to apply settings
Sep 14 02:00:46 Skynet: [#] 309169 IPs (+0) -- 1763 Ranges Banned (+0) || 157 Inbound -- 0 Outbound Connections Blocked! [whitelist] [36s]
Sep 14 02:00:54 Diversion: updated Medium (primary) blocking list from 2 hosts files, 92696 domains are now blocked
Sep 14 02:00:54 Diversion: hostslist file empty, not updating blocking list [yes, my secondary block list is supposed to be empty]

before this looks like just diversion booting up

same thing again today - diversion just stopped blocking ads, the log entries are the same... any ideas on what I can check to find out why it just quits working?

 

[gtqiiptzfsfcppfcs]

Add the URL in diversion under b, 1, 2, 1 menu options.

____________________________________________________

What do you want to do?  b
____________________________________________________

Blocking list options

The blocking list is assembled from hosts file(s)
and is the main ad-blocker in Diversion.
To fine tune the blocking list, use the edit list
options in  el .

1. Change composition Standard  fs
2. Domains per line in blocking list(s), 20
3. Change update day(s) and time
4. Update blocking list now  bu
5. Find domain in hosts file(s)
6. Alternate blocking list for specified clients
7. Use LAN blocking IP address (advanced setting)
8. YouTube video ads blocking experimental feature!

Enter selection [1-8 e=Exit] 1
____________________________________________________

1. Select a predefined list
2. Customize hosts list
3. Enable blocking list fast switch  fs

Enter your selection: [1-3 e=Exit] 2
____________________________________________________

Customizable hosts list:

1: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
____________________________________________________

1. Add hosts list
2. Remove hosts list
3. Disable hosts list
4. Enable hosts list

Enter selection [1-2 e=Exit] 1

  i  Hosts list can be in "IP domain" pair or
     domain only format.

Paste web address and press [Enter]

Enter hosts list  [q=Quit]  https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

Simple and brilliant, seems to be working now, thanks man.

Also, off topic but for people who hate China ads, I found Easylist China to be useful on mobile/uBlock etc.

 

[thelonelycoder]

what specifically am I looking for? Rebooted router yesterday morning and ads weren't being blocked when I woke up today...

most recent log entry is:

Sep 14 05:20:04 Diversion: rotated dnsmasq log files

before that is:

Sep 14 02:00:09 Diversion: started second Dnsmasq instance for alternate blocking list
Sep 14 02:00:09 Diversion: restarted Dnsmasq to apply settings
Sep 14 02:00:46 Skynet: [#] 309169 IPs (+0) -- 1763 Ranges Banned (+0) || 157 Inbound -- 0 Outbound Connections Blocked! [whitelist] [36s]
Sep 14 02:00:54 Diversion: updated Medium (primary) blocking list from 2 hosts files, 92696 domains are now blocked
Sep 14 02:00:54 Diversion: hostslist file empty, not updating blocking list [yes, my secondary block list is supposed to be empty]

before this looks like just diversion booting up

I see where it goes wrong for you during the blocking list(s) update. The empty hosts list file is the reason why.
Give me a good reason why the hostslist file deliberately is empty and I might consider a workaround for that rather unusual setup.
In any case, adding a direct raw link to a legitimate hosts or domain list that contains a minimum of 200 unique entries will fix this for you.

 

[repeater]

Please excuse my ignorance:

I installed Diversion. So far no adds blocked. I'm assuming I need to import the cert. Ummm how do I do that? Thanks.

 

[heslo]

Please excuse my ignorance:

I installed Diversion. So far no adds blocked. I'm assuming I need to import the cert. Ummm how do I do that? Thanks.

Navigate to http://192.168.50.2/ca.crt in your web browser and save that cert

 

[repeater]

Dude how did you know the IP I chose? Blowing my mind.

Thanks.

 

[repeater]

Not working for some reason. Would using a Mac be the issue? Tried Safari and Firefox. I refuse to use Chrome.

 

[L&LD]

Try using Edge Chromium then?

 

[thelonelycoder]

Please excuse my ignorance:

I installed Diversion. So far no adds blocked. I'm assuming I need to import the cert. Ummm how do I do that? Thanks.

Know that the ads count on the SSH UI is updated twice daily. Run ac to count them manually.

 

[doublehd]

Add the URL in diversion under b, 1, 2, 1 menu options.

____________________________________________________



1. Add hosts list
2. Remove hosts list
3. Disable hosts list
4. Enable hosts list

Enter selection [1-2 e=Exit] 1

  i  Hosts list can be in "IP domain" pair or
     domain only format.

Paste web address and press [Enter]

Enter hosts list  [q=Quit]  https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-domains.txt

Just wondering,is my hostlists on the right track ?Thanks alot for help.