Diversion Diversion - the Router Ad-Blocker

[Skeptical.me]

I tested again and confirmed that Diversion will not work over the VPN tunnel when Accept DNS Configuration = Exclusive when using Policy Rules or Policy Rules (Strict).

Copy to the entire contents to /jffs/scripts/Chk_ADNS.sh. Type chmod 755 Chk_ADNS.sh to make it executable. Run the script:

./Chk_ADNS.sh

or

sh  Chk_ADNS.sh

or

sh /jffs/scripts/Chk_ADNS.sh

Output below. I need to change the text to also include using Accept DNS Configuration = Disabled as an option.

View attachment 14568

Hi,

I've done everything you have instructed, including adding the ADNS.sh, Adverts are blocked with the addition of DHCP-Option DNS 1.1.1.1 to the OpenVPN Client's configuration. Accept DNS Configuration = Disabled with Policy Routing (Strict). However, as you've pointed out the DNS leaks;

There are two issues I have with this: 1. Doesn't having your DNS leak defeat the purpose of a VPN? Also, Netflix does not work, see here:

So, I'm left with 2 options, 1. Set REDIRECT INTERNET TRAFFIC to ALL and have Adverts blocked, no DNS leak, and all US streaming services working, or 2. Have Routing Policy Rules with Adverts blocked, leaked DNS, and no US streaming services working. Although, I do have a third option and that is to use option 1 and also run VPN clients on my iMac and NAS. So, it would be a VPN within a VPN connection, although a little slow.

 

[john9527]

So, I'm left with 2 options,

Another option....enter your VPN DNS addresses on the WAN page, and set Accept DNS configuration to Disabled. The side effect of this is that your non-VPN clients will also be using your VPN DNS servers, but everybody will be using Diversion.

 

[Skeptical.me]

Another option....enter your VPN DNS addresses on the WAN page, and set Accept DNS configuration to Disabled. The side effect of this is that your non-VPN clients will also be using your VPN DNS servers.

ahh, yeah good idea. Although, I use ExpressVPN for streaming and IoT devices, and use ProtonVPN on my iMacs and NAS. The problem is I don't know where to find the DNS server address for ExpressVPN. I once asked their Help Desk but the response I got was that each shared IP address has its own DNS server.

 

[john9527]

The problem is I don't know where to find the DNS server address for ExpressVPN. I once asked their Help Desk but the response I got was that each shared IP address has its own DNS server.

I doubt the latter is true, although possible.

To find the ExpressVPN DNS servers, set the Accept DNS configuration to Exclusive. Then either look in the syslog for dnsmasq logs which will tell you the upstream servers it is using, or run the ipleak test again and note the DNS servers.

 

[Skeptical.me]

I doubt the latter is true, although possible.

To find the ExpressVPN DNS servers, set the Accept DNS configuration to Exclusive. Then either look in the syslog for dnsmasq logs which will tell you the upstream servers it is using, or run the ipleak test again and note the DNS servers.

Will do, the DNS Servers they use, from what I can tell on IPleak, are similar addresses to the shared IP. I guess, since I mainly use only one server of theirs, it will probably work well. Option number 4. Cheers.

 

[nzwayne]

Using Diversion 4.0.4 on RT-AC86U. Cannot get the email function working (everything worked ok, prior to upgrade from AB-Solution). PW for Google...tripled checked (has alpha numerics and a ! ).

+++++++++++++++++++++++++++++++++
Common SMTP Server settings
Provider Server Port Protocol
------------------------------------------------
Gmail smtp.gmail.com 465 smtps
mail.com smtp.mail.com 587 smtp
Yahoo! smtp.mail.yahoo.com 465 smtps
outlook.com smtp-mail.outlook.com 587 smtp

1. Edit From address: xxxsmith@gmail.com
2. Edit To name: Wayne Smith
3. Edit To address: xxxsmith@gmail.com
4. Edit Router name: RT-AC86U
5. Edit User name: xxxsmith@gmail.com
6. Edit Password: select Edit to show
7. Edit SMTP Server: smtp.gmail.com
8. Edit Server port: 465
9. Edit Protocol: smtps
10. Edit SSL flag:
11. Send testmail to confirm settings

Enter your selection [1-11 e=Exit] 11
____________________________________________________

This will send a testmail from:

xxxsmith@gmail.com to:
Wayne Smith <xxxsmith@gmail.com>

Continue? [1=Yes e=Exit] 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (67) Login denied

? sending testmail failed

Note the curl: error above and check your settings
++++++++++++++++++++++++++++++++++++++++

 

[Skeptical.me]

Using Diversion 4.0.4 on RT-AC86U. Cannot get the email function working (everything worked ok, prior to upgrade from AB-Solution). PW for Google...tripled checked (has alpha numerics and a ! ).

+++++++++++++++++++++++++++++++++
Common SMTP Server settings
Provider Server Port Protocol
------------------------------------------------
Gmail smtp.gmail.com 465 smtps
mail.com smtp.mail.com 587 smtp
Yahoo! smtp.mail.yahoo.com 465 smtps
outlook.com smtp-mail.outlook.com 587 smtp

1. Edit From address: xxxsmith@gmail.com
2. Edit To name: Wayne Smith
3. Edit To address: xxxsmith@gmail.com
4. Edit Router name: RT-AC86U
5. Edit User name: xxxsmith@gmail.com
6. Edit Password: select Edit to show
7. Edit SMTP Server: smtp.gmail.com
8. Edit Server port: 465
9. Edit Protocol: smtps
10. Edit SSL flag:
11. Send testmail to confirm settings

Enter your selection [1-11 e=Exit] 11
____________________________________________________

This will send a testmail from:

xxxsmith@gmail.com to:
Wayne Smith <xxxsmith@gmail.com>

Continue? [1=Yes e=Exit] 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (67) Login denied

? sending testmail failed

Note the curl: error above and check your settings
++++++++++++++++++++++++++++++++++++++++

Did you use an app specific password?

 

[thelonelycoder]

Using Diversion 4.0.4 on RT-AC86U. Cannot get the email function working (everything worked ok, prior to upgrade from AB-Solution). PW for Google...tripled checked (has alpha numerics and a ! ).

+++++++++++++++++++++++++++++++++
Common SMTP Server settings
Provider Server Port Protocol
------------------------------------------------
Gmail smtp.gmail.com 465 smtps
mail.com smtp.mail.com 587 smtp
Yahoo! smtp.mail.yahoo.com 465 smtps
outlook.com smtp-mail.outlook.com 587 smtp

1. Edit From address: xxxsmith@gmail.com
2. Edit To name: Wayne Smith
3. Edit To address: xxxsmith@gmail.com
4. Edit Router name: RT-AC86U
5. Edit User name: xxxsmith@gmail.com
6. Edit Password: select Edit to show
7. Edit SMTP Server: smtp.gmail.com
8. Edit Server port: 465
9. Edit Protocol: smtps
10. Edit SSL flag:
11. Send testmail to confirm settings

Enter your selection [1-11 e=Exit] 11
____________________________________________________

This will send a testmail from:

xxxsmith@gmail.com to:
Wayne Smith <xxxsmith@gmail.com>

Continue? [1=Yes e=Exit] 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (67) Login denied

? sending testmail failed

Note the curl: error above and check your settings
++++++++++++++++++++++++++++++++++++++++

Try setting the SSL flag to:
--insecure

 

[nzwayne]

Did you use an app specific password?

Using the password for my xxxsmith@gmail.com account

 

[Skeptical.me]

Using the password for my xxxsmith@gmail.com account

Yeah, I have the same issue with Outlook. I've tried with and without app specific password, ssl flag 5 insecure, no ssl flag ... smtp server correct and port number etc. just wouldn't work.

 

[nzwayne]

Try setting the SSL flag to:
--insecure

What settings existed for SSL flag I couldn't find in the install instructions or forum, so just entered blank. For your suggestion I just typed in.. --insecure ..is that how you enable that flag? Didn't work..still same error. "curl: (67) Login denied"

 

[Skeptical.me]

What settings existed for SSL flag I couldn't find in the install instructions or forum, so just entered blank. For your suggestion I just typed in.. --insecure ..is that how you enable that flag? Didn't work..still same error. "curl: (67) Login denied"

I think you enter the number 5

 

[thelonelycoder]

What settings existed for SSL flag I couldn't find in the install instructions or forum, so just entered blank. For your suggestion I just typed in.. --insecure ..is that how you enable that flag? Didn't work..still same error. "curl: (67) Login denied"

If you ported AB-Solution to Diversion it should work with the --insecure SSL flag which is the only setting that changed. This flag was hardcoded in AB, now it's configurable and empty when not set.

 

[bluzfanmr1]

Yeah, I have the same issue with Outlook. I've tried with and without app specific password, ssl flag 5 insecure, no ssl flag ... smtp server correct and port number etc. just wouldn't work.

I have the same issue with my @icloud.com email and asked about it on here awhile back, but my posts kept getting flagged and by the time they posted, I didn't get any replies.

 

[snb_lurker]

Android's amazon app flat out does not work with this ad blocker installed unfortunately as mentioned prior in this thread a couple times and the older ab-solution thread.

Please fix.

 

[visortgw]

Android's amazon app flat out does not work with this ad blocker installed unfortunately as mentioned prior in this thread a couple times and the older ab-solution thread.

Please fix.

There is really nothing to "fix". Determine which hosts need to be whitelisted in order to resolve the issue.

 

[Lost Dog]

Android's amazon app flat out does not work with this ad blocker installed unfortunately as mentioned prior in this thread a couple times and the older ab-solution thread.

Please fix.

Are you using Pixelserv-tls? I was never able to figure out what needed to be whitelisted in order to make the amazon app work. I ended up not having pixelserv-tls active. Diversion and Skynet work great however...

 

[loveleeyoungae]

Some guy on reddit has posted some new method of creating your own hosts file to block youtube ads. I'm testing it and it seemed to be working. Anyway, what I'd like to ask is: Usually, a hosts file must only use 127.0.0.1 and 0.0.0.0 so that Diversion can redirects the domains to pixelserv IP:
0.0.0.0 domain-to-be-blocked
127.0.0.1 domain-to-be-blocked

But for this new method, the hosts file will contain rows like these:

172.217.13.254 manifest.googlevideo.com
172.217.13.255 manifest.googlevideo.com
172.217.15.64 manifest.googlevideo.com
172.217.15.65 manifest.googlevideo.com

So, if the method actually works, would you be able to implement a function for Diversion to enable the use of those special rules?

 

[unclebuk]

hello,

Question: if/when I update Merlin FW, perform a restore or initialize, will i need to reinstall Diversion? Are there any specifics I should do with Diversion prior to updating FW?

Thanks in advance.
bUk

 

[Asad Ali]

Some guy on reddit has posted some new method of creating your own hosts file to block youtube ads. I'm testing it and it seemed to be working. Anyway, what I'd like to ask is: Usually, a hosts file must only use 127.0.0.1 and 0.0.0.0 so that Diversion can redirects the domains to pixelserv IP:
0.0.0.0 domain-to-be-blocked
127.0.0.1 domain-to-be-blocked

But for this new method, the hosts file will contain rows like these:

172.217.13.254 manifest.googlevideo.com
172.217.13.255 manifest.googlevideo.com
172.217.15.64 manifest.googlevideo.com
172.217.15.65 manifest.googlevideo.com

So, if the method actually works, would you be able to implement a function for Diversion to enable the use of those special rules?

All you need to do is add "manifest.googlevideo.com" in Diversion blacklist to do the blocking, I did the same and so far it looks like it's working for 95+% of ads in YouTube iOS app.