Diversion Diversion - the Router Ad-Blocker

[thelonelycoder]

Oh my, finally! That was it, hahaha! Okay, now to install Diversion.

THANK YOU SO MUCH, everyone!

Edit: ugh, so now I'm getting

#!/bin/sh
#bof

# Diversion is free to use under the GNU General Public License version 3 (GPL-3.0)
# https://opensource.org/licenses/GPL-3.0

# Proudly coded by thelonelycoder
# Copyright (C) 2018 thelonelycoder - All Rights Reserved
# https://www.snbforums.com/members/thelonelycoder.25480/
# https://diversion.ch

# Script Version 4.0.5

if [ -f /usr/sbin/curl ]; then
    cd "$HOME"
    /usr/sbin/curl -Os https://diversion.ch/diversion/4.0/diversion
    chmod 0755 "$HOME/diversion"
    rm -f "$0"
    exec "$HOME/diversion"
else
    echo
    echo " Sorry, wrong platform."
    echo " Diversion cannot be installed on this device."
    echo " Goodbye"
    echo
    rm -f "$0"
    exit 1
fi

#eofsh: can't open 'install'

error.. I'm connected to my Asus RT86U.

If you see all that code, then you do something wrong. Make sure you copy the whole install command line and paste it into the SSH terminal.

 

[caseykc1992]

Might want to actually read the requirements for Diversion first: https://diversion.ch/diversion/requirements.html

But mine is the RT-AC86U, which is listed there..

I tried again and this time, it didn't show any of those code. I type 1 for install and it still showed:

 [ Error ] No compatible device(s) found to install
 Diversion on. A device formatted with one of
 these file systems is required:
 ext2, ext3, ext4

 

[DAVID LONG]

Do you have this?

A permanently plugged in USB device on the router, formatted with ext2, ext3 or ext4 file system (ext4 ARM devices only), ext2 highly recommended

 

[caseykc1992]

Do you have this?

A permanently plugged in USB device on the router, formatted with ext2, ext3 or ext4 file system (ext4 ARM devices only), ext2 highly recommended

oh... no... Sorry, I didn't see this in the installation instructions..

okay, will have to try this some other time I guess.

Thank you.

 

[thelonelycoder]

oh... no... Sorry, I didn't see this in the installation instructions..

okay, will have to try this some other time I guess.

Thank you.

Until then. And please take the time to read the instructions and requirements carefully.

 

[Rhialto]

The second blocking list coming thing, isn't a kind of major change? Enough to call it 4.1.0 maybe instead of 4.0.6 which let me believe it's 4.0.5 with more fixes/tuning?

 

[Jack Yaz]

The second blocking list coming thing, isn't a kind of major change? Enough to call it 4.1.0 maybe instead of 4.0.6 which let me believe it's 4.0.5 with more fixes/tuning?

It's only a beta feature at the moment, I imagine it'll go to 4.1/0 for release

 

[thelonelycoder]

The second blocking list coming thing, isn't a kind of major change? Enough to call it 4.1.0 maybe instead of 4.0.6 which let me believe it's 4.0.5 with more fixes/tuning?

The Alternate blocking file feature (thanks again @john9527 for the fitting name suggestion) is a major step forward for Diversion. I am not aware that any other router based ad-blocker has such a feature built in and so easily configurable.

If I had no other ideas for the Diversion future, this new beta feature would surely be reserved for the Diversion 4.1 release. But I have plans waiting to be coded for v4.1.

 

[Skeptical.me]

I can't find it in this topic, so I wanted to share this TrendMicro Telemetry list:
http://www.weatherimagery.com/blog/asus_trendmicro_data_collection/

A big thank, my man. Great article too.

I've been looking to obtain these addresses in order to block them.

I'm so glad you posted.

I wouldn't mind testing pfsense on an old pc sometime, as well.




Sent from my iPhone using Tapatalk Pro

 

[thelonelycoder]

Diversion 4.0.6 is now available

Whats new in Diversion 4.0.6
- Correctly changes restriction to new IP when virtual IPs are changed and access restriction is enabled in Administration / System.
- Improved install routine, correctly saves Diversion config file when reboot is required after install.
- Eliminated glitch where certain domain names are incorrectly read in stats function.
- Eliminated bug where whitelist was multiple times escaped when more than one hosts file is used and/or fs is enabled. Manually updating the blocking file in b is advised after this update.
- New Beta feature: Alternate blocking file. Two active blocking files are now possible and can be enabled in b. Read what it does and how it works here.

How to update to this latest version
In Diversion, enter d and select Update.

 

[roscoe211]

Noticed all the hosts-file.net lists were failing to download, checked the blocking lists:

 hosts-file.net
 was found in the following list(s):

 adblock.mahakala.is

Tried to whitelist:

 Enter domain  [e=Exit]  hosts-file.net
 was found in the following list(s):

 adblock.mahakala.is____________________________________________________

 no exact match found in blocking file for
 hosts-file.net
 no need to add it to the whitelist

 no near matches found either

I'm having the same problem with Spotify and spclient.wg.spotify.com. Same mahakala.is blocking list. Even if i force the entry in whitelist, i can still see it being blocked when I follow the log.

Any ideas? Thanks.

 

[thelonelycoder]

Noticed all the hosts-file.net lists were failing to download, checked the blocking lists:

 hosts-file.net
 was found in the following list(s):

 adblock.mahakala.is

Tried to whitelist:

 Enter domain  [e=Exit]  hosts-file.net
 was found in the following list(s):

 adblock.mahakala.is____________________________________________________

 no exact match found in blocking file for
 hosts-file.net
 no need to add it to the whitelist

 no near matches found either

I'm having the same problem with Spotify and splint.wg.spotify.com. Same mahayana blocking list. Even if i force the entry in whitelist, i can still see it being blocked when I follow the log.

Any ideas? Thanks.

All hosts file domains are auto-added to a temporary whitelist while the blocking file update runs. Your error might come from the bug I discovered today. It is fixed now in Diversion 4.0.6.

 

[roscoe211]

Ok. Maybe I spoke too soon. I upgraded to 4.0.6 to see if that would allow access to spclient.wg.spotify.com. This is when I noticed hosts-file.net being blocked during the update process to 4.0.6. I even checked by trying to access hosts-file.net in a browser after upgrading- still blocked. Disabled diversion, then I could access it no problem. re-enabled- blocked again.

Rebooted my router, and now I'm able to use Spotify and was able to update my blocking files without issue. All appears to be okay now. Thanks!

 

[Diamond67]

- New Beta feature: Alternate blocking file. Two active blocking files are now possible and can be enabled in b. Read what it does and how it works here.

The alternate and primary blocking file use the same whitelist, blacklist and wildcard-blacklist.

By the way, is there any chance that there would be separate whitelists and blacklists for the primary and alternate blocking files in the future? Or is it impossible to arrange?

 

[thelonelycoder]

By the way, is there any chance that there would be separate whitelists and blacklists for the primary and alternate blocking files in the future? Or is it impossible to arrange?

Impossible? No. But not now and not in the near future. Technically, this is simple but the coding for all the el options is a nightmare.

 

[Xentrk]

To solve the routing & DNS leak issue for my Roku (all Australian Channels, Live TV, Foxtel etc.) which I can only use with my ISP's connection. I'm just going to cascade another router off of the ISP's Modem/Router, that is in bridge mode. Plus I can just connect to it when I want to use my iPhone/iPad with an Aussie IP address.

Don't get too worried out about the DNS Leak issue. You can use Stubby to encrypt DNS queries as a work around.

My understanding of DNS Leak is as follows: When using a VPN connection and having a DNS Leak, the DNS provider can see what web sites you are going to. More than likely, this is your ISP DNS. So, you are losing some of the anonymity that you are trying to achieve when using a VPN tunnel.

You can install Stubby, then set set Accept DNS Configuration to None so the tunnel will use Stubby DNS. The installer script defaults to Cloudflare which has locations around the globe and may actually result in faster DNS queries when compared to using the DNS of the VPN provider. When you run a DNS leak test, it will say you have a leak because the IP address of the DNS is different than the IP address of the VPN tunnel. But with Stubby, the queries are encrypted. Yes, Cloudflare will know what sites you are going to, but your ISP will not.

As I mentioned before, streaming media sites are not using your DNS to determine your location. They use the WAN IP address reported when you go to a site like whatismyip.com.

Hope this helps.

 

[Skeptical.me]

Thank you for the reply.

Yes, that clears up things for me.

The main reason I want to keep the tunnel closed is the 2 year meta-data retention laws we have here in Australia. They (the Politicians) promised us only the Government would use this data for reasons of crime and terrorism. But in the real world? This isn't the case, even local councils are, at times, accessing this data. I value my privacy.

However, when I do use Diversion with "policy rules strict" and Accept DNS Configuration set to "Strict". I connect to US ProtonVPN (or ExpressVPN) servers, and the DNS leaks (as we know). Then when I do try to watch US HULU, US Netflix, or US Prime Video I get proxy warnings. Without the DNS leaks I do not have this issue. However, with the DNS leak I can watch DirecTV in my browser, and CNN go etc

So, how I've resolved this issue was to take my ISP's Modem/Router out of Bridge Mode, setup it's WiFi, and I used a TP-Link Range extender at the back of the house for the Roku to connect to in order to access Australian content. Problem solved. No need to route anything else to the WAN.

But I'll still install Stubby and test it. I may need to use it, at times, at some time in the near future.

Edit: By the way, I like your website. It has some great articles.




Sent from my iPhone using Tapatalk Pro

 

[Xentrk]

Thank you for the reply.

Yes, that clears up things for me.

The main reason I want to keep the tunnel closed is the 2 year meta-data retention laws we have here in Australia. They (the Politicians) promised us only the Government would use this data for reasons of crime and terrorism. But in the real world? This isn't the case, even local councils are, at times, accessing this data. I value my privacy.

However, when I do use Diversion with "policy rules strict" and Accept DNS Configuration set to "Strict". I connect to US ProtonVPN (or ExpressVPN) servers, and the DNS leaks (as we know). Then when I do try to watch US HULU, US Netflix, or US Prime Video I get proxy warnings. Without the DNS leaks I do not have this issue. However, with the DNS leak I can watch DirecTV in my browser, and CNN go etc

So, how I've resolved this issue was to take my ISP's Modem/Router out of Bridge Mode, setup it's WiFi, and I used a TP-Link Range extender at the back of the house for the Roku to connect to in order to access Australian content. Problem solved. No need to route anything else to the WAN.

But I'll still install Stubby and test it. I may need to use it, at times, at some time in the near future.

Edit: By the way, I like your website. It has some great articles.

Can you watch US streaming services from any ExpressVPN shared server? If so, then I suspect they are using their DNS to perform a proxy to get around the blocks, which explains the situation you describe. With TorGuard, you can't use a shared server. You have to use a dedicated or private IP. Anyway, I don't want to get to off topic as this is the Diversion thread. Take care and have a Happy New Year!

 

[loveleeyoungae]

The Alternate blocking file feature (thanks again @john9527 for the fitting name suggestion) is a major step forward for Diversion. I am not aware that any other router based ad-blocker has such a feature built in and so easily configurable.

If I had no other ideas for the Diversion future, this new beta feature would surely be reserved for the Diversion 4.1 release. But I have plans waiting to be coded for v4.1.

I'd like to suggest a feature for the 4.1 release: support processing (sub)domains-type blocking lists, i.e. lists that only includes (sub)domains without the 127.0.0.1/0.0.0.0 as in hosts-type.
Example: https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt

I saw Pi-hole and adblock-for-openwrt support both types of blocking lists. I mean, I don't know if their mechanism would support both types natively, or they would just process and merge lists into their own type. But at least they let users just paste links of blocking lists of those two types, which
- doesn't require users to manually retrieve the lists and perform some "find and replace" to add 127.0.0.1/0.0.0.0 to the lists (which is really troublesome for novice users)
- help receiving updates directly from the original sources.
I think that really help us novice users greatly. So I'd hope that Diversion would be able to do that as well.

 

[caseykc1992]

I just successfully installed, but I still see ads on my Youtube. Why is that?