Diversion Diversion - the Router Ad-Blocker

[dave14305]

Just starting noticing an error message when I try to click on a Sponsored link at the top of the results page. For instance, search for "Purina One dog food" and you'll get 4 or 5 choices from Chewy.com and Amazon trying to sell you their food. If I click on the Chewy item I get the following error message from Google Chrome:

Your connection is not private

Attackers might be trying to steal your information from www.googleleadservices.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID

Assuming you're using Diversion Standard with pixelserv-tls, have you imported the Pixelserv CA cert into your devices (see https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices )? If yes, is this only affecting Chrome? It might be related to Google not accepting incorrect certificates for its Google-owned properties. In which case, you may want to whitelist that site in Diversion and add a manual hosts entry of "0.0.0.0 www.googleadservices.com".

This brings me to a suggestion for @thelonelycoder to include a "blackhole list" in Diversion that instead of whitelisting a site, you can redirect the hostname from the pixelserv IP to 0.0.0.0 instead. I was experimenting with this trying to investigate and reduce the ush counts in pixelserv serverstats. Just an idea that may or may not have merit.

 

[Eric22]

Assuming you're using Diversion Standard with pixelserv-tls, have you imported the Pixelserv CA cert into your devices (see https://github.com/kvic-z/pixelserv...icate#import-pixelserv-ca-on-client-devices)? If yes, is this only affecting Chrome? It might be related to Google not accepting incorrect certificates for its Google-owned properties. In which case, you may want to whitelist that site in Diversion and add a manual hosts entry of "0.0.0.0 www.googleadservices.com".

This brings me to a suggestion for @thelonelycoder to include a "blackhole list" in Diversion that instead of whitelisting a site, you can redirect the hostname from the pixelserv IP to 0.0.0.0 instead. I was experimenting with this trying to investigate and reduce the ush counts in pixelserv serverstats. Just an idea that may or may not have merit.

And a following question: Should I have installed this CA cert when I installed diversion? If not, does it mean that I have not had any ad blocking on my https route?

 

[dave14305]

And a following question: Should I have installed this CA cert when I installed diversion? If not, does it mean that I have not had any ad blocking on my https route?

It’s really the final step to a smooth pixelserv setup, but it’s technically optional. https ads have still been going to pixelserv, but not as smoothly as they could. There’s a mind-numbing array of stats in pixelserv at http://192.168.1.2/servstats (replace .2 with your actual pixelserv IP). The lack CA cert installed on your clients would be tallied under the uca stat on that page.

 

[Eric22]

It’s really the final step to a smooth pixelserv setup, but it’s technically optional. https ads have still been going to pixelserv, but not as smoothly as they could. There’s a mind-numbing array of stats in pixelserv at http://192.168.1.2/servstats (replace .2 with your actual pixelserv IP). The lack CA cert installed on your clients would be tallied under the uca stat on that page.

Great. So I am gonna install it in a bit.

Suggestion: I can't remember if it was mentioned in Diversion setup or not, but I would suggest to have a statement and a link to the Wiki as a recommendation at the very end step or even after installation of Diversion. Or even further improvement could be having the CA cert installed in a folder so it can be accessed effortlessly (if it can be automated and would not be a headache).

 

[Jack Yaz]

Great. So I am gonna install it in a bit.

Suggestion: I can't remember if it was mentioned in Diversion setup or not, but I would suggest to have a statement and a link to the Wiki as a recommendation at the very end step or even after installation of Diversion. Or even further improvement could be having the CA cert installed in a folder so it can be accessed effortlessly (if it can be automated and would not be a headache).

Go to pixelservIP/ca.crt in a browser

 

[sl4fko]

Question:

I manage to install Diversion on my router, installation goes well, choosing swap file, pixelsrv etc...

However when I then want to run it via SSH with "diversion" command, I get "Diversion not insatlled"


What gives?

 

[Marin]

Question:

I manage to install Diversion on my router, installation goes well, choosing swap file, pixelsrv etc...

However when I then want to run it via SSH with "diversion" command, I get "Diversion not insatlled"


What gives?

So you did this and nothing happened: https://diversion.ch/diversion/manual/starting-the-diversion-user-interface.html

Did you install AMTM by any chance? If so, try entering this via SSH:

 /jffs/scripts/amtm

After that you should always be able to pull up it up via SSH by just typing “amtm”. You should then be able to see Diversion there on the list (number 1).



Sent from my iPhone using Tapatalk

 

[Xentrk]

I've added the required OpenVPN Server settings to the FAQ.

I will make a note of this as well and update the blog post on OpenVPN Server Setup Instructions for Asuswrt-Merlin to mention this additional benefit.

Currently, the blog post says is:

Advertise DNS to clients
Instructs the OpenVPN clients to use the router’s LAN IP address as their DNS server

The importance of this setting needs to be emphasized. If one also has Stubby DNS-over-TLS installed, then you get encrypted DNS as a benefit as well. I'll make the updates tomorrow!

 

[Asad Ali]

@thelonelycoder Hey the author of StevenBlack hosts list just removed ( https://github.com/StevenBlack/hosts/commit/3d192fb98cc8d7715ff092468007775cdd3ccd2e ) a major hosts repo from his list on a disagreement for a single domain lol and due to that more than 25,000 domains are no longer in the blocking file. To fix that you can either ad the removed list directly in the default hosts list in Diversion or just fix it cosmetically by simply reflecting the new approximate blocked domains in the pre defined list selection page.

The list Steven removed is this: https://raw.githubusercontent.com/lightswitch05/hosts/master/ads-and-tracking-extended.txt

 

[sl4fko]

So you did this and nothing happened: https://diversion.ch/diversion/manual/starting-the-diversion-user-interface.html

Did you install AMTM by any chance? If so, try entering this via SSH:

 /jffs/scripts/amtm

After that you should always be able to pull up it up via SSH by just typing “amtm”. You should then be able to see Diversion there on the list (number 1).



Sent from my iPhone using Tapatalk

Thank you very much, installing AMTM and through it Skynet and Diversion did the trick!

 

[infamous_pb]

Hello! I am just now trying Diversion for the first time (Yeah me!). I am on an Asus RT-AC88U router with Merlin's 384.8_2 firmware. When I SSH to the router using Putty and ran the Diversion install
curl -Os https://diversion.ch/install && sh install
It says Welcome to Diversion... yada yada... install? Yes 1...
It tries to install but then says:

[ Error ] No compatible device(s) found to install
Diversion on. A device formatted with one of
these file systems is required:
ext2, ext3, ext4

Shouldn't the router be formatted with one of those file systems? Is there a certain setting in Merlin's firmware and need to click on? Am I doing something wrong?
Thanks!

 

[dave14305]

Hello! I am just now trying Diversion for the first time (Yeah me!). I am on an Asus RT-AC88U router with Merlin's 384.8_2 firmware. When I SSH to the router using Putty and ran the Diversion install
curl -Os https://diversion.ch/install && sh install
It says Welcome to Diversion... yada yada... install? Yes 1...
It tries to install but then says:

[ Error ] No compatible device(s) found to install
Diversion on. A device formatted with one of
these file systems is required:
ext2, ext3, ext4

Shouldn't the router be formatted with one of those file systems? Is there a certain setting in Merlin's firmware and need to click on? Am I doing something wrong?
Thanks!

You need a USB stick plugged in.

https://diversion.ch/diversion/requirements.html

 

[sl4fko]

Hello! I am just now trying Diversion for the first time (Yeah me!). I am on an Asus RT-AC88U router with Merlin's 384.8_2 firmware. When I SSH to the router using Putty and ran the Diversion install
curl -Os https://diversion.ch/install && sh install
It says Welcome to Diversion... yada yada... install? Yes 1...
It tries to install but then says:

[ Error ] No compatible device(s) found to install
Diversion on. A device formatted with one of
these file systems is required:
ext2, ext3, ext4

Shouldn't the router be formatted with one of those file systems? Is there a certain setting in Merlin's firmware and need to click on? Am I doing something wrong?
Thanks!

Hi!

Nothing wrong, you just need an usb stick formatted with one of these file systems for swap file, plugged into router permanently (think of it as extended ram...)

Find an usb stick at home you don't need, at least 4 GB will do. Usb 2 or 3 does not matter...
Then format it with ext2 or ext3 file system (if you have linux installed on your comp then it is no problem, if windows, then you will have to find a program to do that, windows does not support ext file system)

Plug it into your router, if not recognized, reboot the router and you are ready to go!

 

[infamous_pb]

You need a USB stick plugged in.

https://diversion.ch/diversion/requirements.html

Ah! LOL... me and my illiteracy. LOL! Thanks for the heads up. I'll give it a go. Thanks all!

 

[eclp]

In the course of time full memory, sometime then no more access also the router GUI. It only helps to pull the power plug then. I have observed this issue now several times with my router (AC88U). I think it has something to do with Diversion and (or) Skynet. I submitted a swap file (1GB), but it is always unused until shortly before the blackout. A new installation of the two scripts did not help so far.

Is there help for me?

 

[JJohnson1988]

I seem to be experiencing a bug with the blacklist. Every time I update the Standard lists with the plus hosts, duplicate entries are being added for the IPv6 entries (any entry that begins with ":: "). In fact, there were so many duplicate entries built up that I had no idea why the entire router was hanging up every time I went to update the lists again. I eventually had to reinstall Diversion from scratch, and then it was only later that I realized what was going on.

Is anyone else experiencing this?

This is happening on 4.0.6 (non-beta) on the AC86U for me.

Edit: Now that I think about it, I don't even know if the entries in the blacklist that begin with ":: " should even exist at all. What am I missing here? I'll take a screenshot of my blacklist if necessary.

 

[Zonkd]

Hello! I am just now trying Diversion for the first time (Yeah me!). I am on an Asus RT-AC88U router with Merlin's 384.8_2 firmware. When I SSH to the router using Putty and ran the Diversion install
curl -Os https://diversion.ch/install && sh install
It says Welcome to Diversion... yada yada... install? Yes 1...
It tries to install but then says:

[ Error ] No compatible device(s) found to install
Diversion on. A device formatted with one of
these file systems is required:
ext2, ext3, ext4

Shouldn't the router be formatted with one of those file systems? Is there a certain setting in Merlin's firmware and need to click on? Am I doing something wrong?
Thanks!

It is recommended to use the router itself to repartition and format USB flash drives for the purpose of running scripts like diversion. I wrote a guide for people with this question.

https://www.snbforums.com/threads/e...ptions-on-the-router.48302/page-2#post-455723

 

[dave14305]

I seem to be experiencing a bug with the blacklist. Every time I update the Standard lists with the plus hosts, duplicate entries are being added for the IPv6 entries (any entry that begins with ":: "). In fact, there were so many duplicate entries built up that I had no idea why the entire router was hanging up every time I went to update the lists again. I eventually had to reinstall Diversion from scratch, and then it was only later that I realized what was going on.

Is anyone else experiencing this?

This is happening on 4.0.6 (non-beta) on the AC86U for me.

Edit: Now that I think about it, I don't even know if the entries in the blacklist that begin with ":: " should even exist at all. What am I missing here? I'll take a screenshot of my blacklist if necessary.

Do you use IPv6? What is the output of nvram get ipv6_service ? Should be “disabled” to avoid those entries in the blacklist.

 

[thelonelycoder]

Edit: Now that I think about it, I don't even know if the entries in the blacklist that begin with ":: " should even exist at all. What am I missing here? I'll take a screenshot of my blacklist if necessary.

As @dave14305 says, the IPv6 entries are not added when the nvram get ipv6_service is set to disabled. In all other cases, the IPv6 entry "::" is added for each IPv4 domain entry.

 

[thelonelycoder]

In the course of time full memory, sometime then no more access also the router GUI. It only helps to pull the power plug then. I have observed this issue now several times with my router (AC88U). I think it has something to do with Diversion and (or) Skynet. I submitted a swap file (1GB), but it is always unused until shortly before the blackout. A new installation of the two scripts did not help so far.

Is there help for me?

First, find out what uses the memory, then find a way to change the high or increasing usage.
For an overview, use

cat /proc/meminfo

Install Entware package htop:

opkg install htop

Use the command htop and look for the high numbers.