What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Got it. So it seems to work now, but help me with a bit of a newbie question, please. When I do a DNS leak test, the results come back with the IP and DNS of PIA. That is, they can see the IP address of the VPN and the DNS of PIA. Is there any reason that I should be concerned about that? Am I still browsing anonymously? Any risk? Thanks.
That is the desired outcome. You are doing great.
 
Remember everyone, donations can be sent to @thelonelycoder as a token of your appreciation, just go to the first post of this thread.;):)
 
You can add those to the /jffs/configs/dnsmasq.conf.add file. Just create it if not present, no need to give that file special permissions. Then restart Dnsmasq. This can be done by toggling logging or ad-blocking in the Diversion UI or in the terminal with:
Code:
service restart_dnsmasq

Edit:
Add it in the form of:
Code:
address=/domain.com/127.0.0.1
So, in your case and to test it add this to /jffs/configs/dnsmasq.conf.add:
Code:
address=/manifest.googlevideo.com/172.217.13.254
address=/manifest.googlevideo.com/172.217.13.255
address=/manifest.googlevideo.com/172.217.15.64
address=/manifest.googlevideo.com/172.217.15.65

umm, can i just manually key them into the dnsmasq.conf.add
like this then restart dnsmasq
 

Attachments

  • 2018-11-22 12_13_34-C__Users_Terence_Desktop_dnsmasq.conf.add - Notepad++.png
    2018-11-22 12_13_34-C__Users_Terence_Desktop_dnsmasq.conf.add - Notepad++.png
    38.2 KB · Views: 327
Got it. So it seems to work now, but help me with a bit of a newbie question, please. When I do a DNS leak test, the results come back with the IP and DNS of PIA. That is, they can see the IP address of the VPN and the DNS of PIA. Is there any reason that I should be concerned about that? Am I still browsing anonymously? Any risk? Thanks.
Didn't you want to use PIA to have privacy, i.e. mask your IP? So, if the result is the IP of PIA, doesn't that mean things are working properly?

umm, can i just manually key them into the dnsmasq.conf.add
like this then restart dnsmasq
That's right. But read carefully the guide by the OP on reddit. You should use one IP only, many lines are useless and may make your youtube videos load slowly!
 
Didn't you want to use PIA to have privacy, i.e. mask your IP? So, if the result is the IP of PIA, doesn't that mean things are working properly?


That's right. But read carefully the guide by the OP on reddit. You should use one IP only, many lines are useless and may make your youtube videos load slowly!

right, thanks.. i'll go over and have a look..
 
Well latest Diversion update solves all my issues, everything is running great.

Thanks thelonelycoder
 
Hey guys, after a reinstall of AMTM and Diversion i get this error message when trying to send a test mail:

Continue? [1=Yes e=Exit] 1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 275 0 0 100 275 0 187 0:00:01 0:00:01 --:--:-- 187
curl: (6) Could not resolve host: 5
✖ sending testmail failed
Note the curl: error above and check your settings

The mail actually gets sent and delivered correctly, but what is this curl error?
WAN DNS is 1.1.1.1 and 1.0.0.1
DNSCrypt is pointing to Cloudfare 1.1.1.1

Before i reinstalled Diversion it worked without curl error message, exact same config

edit: google is your friend, found the solution in another post on this forum, just had to press enter when choosing SSL flag and it set --insecure and now it doesnt give me error message, i would delete the post all together but maybe someone else finds this usefull :)

Thanks for AMTM! @thelonelycoder
 
Last edited:
Just want to say, long-time Merlin user that just recently looked into at-depth about Diversion (and Skynet); installed both tonight on my AC56U, disabled Adblock Origin in my browser, refreshed everything and:

OMFG...why did I wait so long to do this?

Kudos to thelonelycoder and Adamm for their respective programs; as long as they are around and updated, I will be definitely using them on any Asus router I have with Merlin on it in the future.

I've preferred the KISS (keep-it-simple-stupid) approach to routers for a while. Don't turn on crap you don't need, turn all all the security-issue stuff and stick with quality over flash. That's why I resisted tinkering with all the "nice addons" This is also why I've stuck with ASUS + Merlin's firmware for many years now and believe me I've tried many brands of routers and alternative firmware (DD-WRT, Tomato, ...). I'm also firmly in the must be secure and it must work reliability camps. There's noting like getting a call from home, while at work, that the "internet is broken..."

I'm trying to wrap my head around why using Diversion on my RT-AC1900P or RT-AC88U is killer. I've read thru more than 1/2 of this thread and your OMG post really stopped me cold. Could you, or the other members elaborate on why? I'm a tech guy and I just may be missing something? Thanks!
 
I've preferred the KISS (keep-it-simple-stupid) approach to routers for a while. Don't turn on crap you don't need, turn all all the security-issue stuff and stick with quality over flash. That's why I resisted tinkering with all the "nice addons" This is also why I've stuck with ASUS + Merlin's firmware for many years now and believe me I've tried many brands of routers and alternative firmware (DD-WRT, Tomato, ...). I'm also firmly in the must be secure and it must work reliability camps. There's noting like getting a call from home, while at work, that the "internet is broken..."

I'm trying to wrap my head around why using Diversion on my RT-AC1900P or RT-AC88U is killer. I've read thru more than 1/2 of this thread and your OMG post really stopped me cold. Could you, or the other members elaborate on why? I'm a tech guy and I just may be missing something? Thanks!
No offense, just curious as you say you're a tech guy but you don't know the benefit of blocking ads/malicious hosts?
On the opposite, as I'm not techie, I was hesistant to install Diversion as I was afraid that if something is broken I wouldn't know how to fix it. I wish I was a tech guy so that I could try all these good scripts.
 
^^^ No problem at all. I should have explained better. I was just thinking that at some point we may be asking these awesome routers to do more than they are originally designed. It's the debate about separate components vs. do-it-all receivers. His "OMG" remark stands out that Diversion might be worth a closer look!

Yes sir! FWIW, I have ad blockers active in the 3 major browsers. I also have ad-blocking enabled via Untangle which fronts the main internet connection along with using IBM's QUAD 9.9.9.9 for some additional layering on the DNS front. For me, security is all about layering the onion while trying to KISS. For instance, if I think there's a problem with Untangle, I can simply bypass the whole unit by moving a cable...and the family is not screaming about an internet outage. :) After the OMG, it got me thinking to consider another pass at simplifying the setup while keeping it ultra-reliable. Thanks.
 
Last edited:
^^^^Morning! I've read this entire thread as well as a couple of others and browsed the Diversion and amtm sites. You guys are amazing! Creating amtm is the bomb, a stroke of genius or whatever you want to call it.

You guys have "lowered the friction and widened the road" to allow more github supported scripts into the ASUS community! While the technical guys / SMEs just know how to use Putty or MobaXTerm to get to the routers, 80% of the folks out there (guessing) have no clue how to do that, let alone all the linux commands to "make these really cool add-ins" just work! amtm solves most of that in a slick, easy to maintain way! kudos!

For years, I had wanted to 'export' my ASUS settings using one of the many "export" scripts and then re-import them after a full wipe. But I found it way too painful to always make sure I had the latest script. So I just resorted to notes. Then the platforms were plagued by USB stick issues. I finally just disconnected the USB sticks b/c the routers would just lock up or I had to remove them to perform a firmware upgrade or else it might blow up or fail. And NOW, there's a script to address the USB issue as part of amtm too! It's what is making Diversion reachable by a much wider and diverse audience.

My advice after reading this thread is to consider composing a "how-to" page with links for the ssh tooling. Putty, Windows 10 native, MobaXterm (really cool to open multiple windows), WinSCP, FileZilla (be very careful with the ad-ware version), BeyondCompare (awesome comparison tool, but paid). Because there are so many just make a top 3 or 4 recommendations or reference one of these sites It lowers the friction further for the less-technical and allows many "Windows natives" get their toes wet, especially if they are tired of the *(@*@* ads!

Like here -> https://www.smarthomebeginner.com/best-ssh-clients-windows-putty-alternatives/
Link here -> https://www.slant.co/topics/149/~best-ssh-clients-for-windows

Overall, superb job. You guys rock. Later.
 
^^^ No problem at all. I should have explained better. I was just thinking that at some point we may be asking these awesome routers to do more than they are originally designed. It's the debate about separate components vs. do-it-all receivers. His "OMG" remark stands out that Diversion might be worth a closer look!

Yes sir! FWIW, I have ad blockers active in the 3 major browsers. I also have ad-blocking enabled via Untangle which fronts the main internet connection along with using IBM's QUAD 9.9.9.9 for some additional layering on the DNS front. For me, security is all about layering the onion while trying to KISS. For instance, if I think there's a problem with Untangle, I can simply bypass the whole unit by moving a cable...and the family is not screaming about an internet outage. :) After the OMG, it got me thinking to consider another pass at simplifying the setup while keeping it ultra-reliable. Thanks.


What’s the “OMG post” you’re referring to?
 
Hello everyone.
I'm using Diversion for the last couple of days, and it is amazing.
I went through the entire thread, and can't find anything about blocking ads on mobile device.
The blocking on my laptop is working fine, but when I connect to my wifi network via my mobile device - ads aren't blocked.
Any solution? Is it even possible to block ads on mobile device with Diversion?
Thank you!
 
Hello everyone.
I'm using Diversion for the last couple of days, and it is amazing.
I went through the entire thread, and can't find anything about blocking ads on mobile device.
The blocking on my laptop is working fine, but when I connect to my wifi network via my mobile device - ads aren't blocked.
Any solution? Is it even possible to block ads on mobile device with Diversion?
Thank you!
Check 3 things:
  1. Your mobile device is using the router’s IP (e.g. 192.168.1.1) as its DNS server in your WiFi settings.
  2. Check that you are not using Merlin’s DNSFilter feature to force your client’s DNS to an external DNS service. Or, use a global filter of Router to force all clients to use the router DNS (and hence Diversion).
  3. Do not enter any DNS servers on the LAN - DHCP server page. Instead, advertise the router IP using the radio button on the same page.
 
Check 3 things:
  1. Your mobile device is using the router’s IP (e.g. 192.168.1.1) as its DNS server in your WiFi settings.
  2. Check that you are not using Merlin’s DNSFilter feature to force your client’s DNS to an external DNS service. Or, use a global filter of Router to force all clients to use the router DNS (and hence Diversion).
  3. Do not enter any DNS servers on the LAN - DHCP server page. Instead, advertise the router IP using the radio button on the same page.

1. Not sure I understood. How do I check it?
2. The "DNS-based Filtering" option is OFF.
3. The DNS servers on the LAN - DHCP are both empty, and the "Advertise router's IP in addition to user-specified DNS" is set to YES.
I'm using Cloudflare DNS and set the DNS servers under "WAN DNS Setting".
 
1. Not sure I understood. How do I check it?

It depends on your device (Android or iOS). On iOS I would go to Settings - Wi-Fi and tap the i icon to the far right of my WiFi network name. Then scroll to the DNS section to verify “Configure DNS” is set to Automatic. Then tap automatic and it should show you the IP being used.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top