What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Be that as it may, there are no indications he's still around to solve it. I have not heard from him on any of the various usual channels for months now. So unless something changes, pixelserv will not work as it has in the past for those systems for anyone who doesn't acquire a patched binary.
No-one but kvic knows how the certificates are generated, sadly, so no-one but him can resolve this
 
No-one but kvic knows how the certificates are generated, sadly, so no-one but him can resolve this
Well in fact the fix is pretty easy actually for those so inclined. It’s a matter of changing a 1024 to a 2048 in the source code.

https://github.com/kvic-z/pixelserv-tls/issues/28

But I bring it up here because the diversion crowd is probably not the compile-it-yourself type by and large. I can fix this for myself but I don’t know about grand scale. And I have no idea what all goes into submitting changes to entware packages for instance.

Point is, it will break next month when everyone updates their iPhones and I was just putting it out there that this is why.
 
But I bring it up here because the diversion crowd is probably not the compile-it-yourself type by and large. I can fix this for myself but I don’t know about grand scale. And I have no idea what all goes into submitting changes to entware packages for instance.
Maybe you can post instructions on how to build pixelserv-tls?
 
Well in fact the fix is pretty easy actually for those so inclined. It’s a matter of changing a 1024 to a 2048 in the source code.
^^^ WOW, it really is hard-coded to 1024 and RSA in the pixelserv source. So even manually generating and supplying certs is not going to work. A lot of folks are going to be very broken. Thanks for alerting this thread!
 
^^^ WOW, it really is hard-coded to 1024 and RSA in the pixelserv source. So even manually generating and supplying certs is not going to work. A lot of folks are going to be very broken. Thanks for alerting this thread!
I wonder what performance implications the lower end routers will see with this increase
 
I wonder what performance implications the lower end routers will see with this increase
Yeap, 2x the key lengh is a lot of bits.. The CPUs best be ready.. and CPUS can can do the AES may have advantages. Your gut is right, this is going to cause some waves.. not only for us using pixelserv-tls. :(
 
Yeap, 2x the key lengh is a lot of bits.. The CPUs best be ready.. and CPUS can can do the AES may have advantages. Your gut is right, this is going to cause some waves.. not only for us using pixelserv-tls. :(
Might be offloading this to my FreeNAS server soon.
 
I dont understand. Where can i find that option? I checked the log and noted a lot of dnsmasq**** config error etc..
The Diversion command is ds, it can be seen when expanding the Diversion menu with o for more options.
 
Could it have been a memory problem?
i tried to download my logfile and it was like 500mb sized...
That or your Dnsmasq logfile fills up your USB device.
 
I use the "Shopping" Tab in Google on occasion. How do I add it to the whitelist? Not sure of the URL to use...Is it "googleadservices.com"? What if any issues would happen if I leave it in the whitelist? Thanks!

[ANSWER: Added googleleadservices.com and that works. Still curious what downsides there are for leaving this in the whitelist]
A high percentage of the ads on the majority of websites are served from google.
The effect of having to whitelist a domain name such as googleadservices.com should answer your question.
 
I have a question if Diversion standard is working in the following situation.

My provider doesn't allow that I use my Asus AC68U as my primary router. If I want to use it I have to connect it to the router of my provider and create a DMZ. Do I need to do special things to make Diversion work or doesn't it matter that I have go through the DMZ of the main router?
Thanks!
Give it a go and let us know.
 
@thelonelycoder I posted in the pixelserv thread but things there are sort of dead lately. Just a heads up that there will be an issue for all the new macOS 10.15 and iOS 13 users next month without a change to pixelserv code.
Thanks. I'd like to keep that discussion in the pixelserv-tls thread so it is seen by the relevant contributors/coders.
So pleas all head over there to debate https://www.snbforums.com/threads/pixelserv-a-better-one-pixel-webserver-for-adblock.26114/
 
Might be offloading this to my FreeNAS server soon.
I'm thinking of (re)adding the option to set an external blocking IP. This has been a feature of AB-Solution but I removed it in Diversion.
 
Use DNSFilter for that client and choose one of the DoT providers.
That doesn't mean that you are using DoT. That just means you are using standard DNS traffic on that server Via DNS filter.
 
Last edited:
That doesn't mean that you are using DoT. That just means you are using standard DNS traffic on that server Via DNS filter.

Apologies and that was bad advice on my part.
 
I think maybe what I am trying to do would be achievable if I could do it this way by using alternate blocking list option and to be able to specify the alternate blocking list to not actually use a "blocking list".
Yep that's one way, using the alternate blocking file: https://diversion.ch/diversion/manual/alternate-blocking-file.html

It also gives you an opportunity to still block ads (use the Standard list) and not restrict anything else. That way your LAN device on the alternate blocking file will still listen to your WAN DoT settings. Another option would be as @bluzfanmr1 mentioned, however you won't be using DoT and you would need to go upstream to some other kind of device capable of DoT (such as a Pi-hole). This is the exact quandary I am in at the moment:
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-178#post-510991
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top