Diversion Diversion - the Router Ad-Blocker

[bluepoint]

Works for me. AC86U, AIProtection, DNS over TLS, Diversion Small+, Pixlserv 2.3.0 all new certs imported into all devices, Skynet, MacBook Air OSX Mojave, iPad iPadOS 13.1, iPhone 11 Pro max iOS 13.1.

MacBook capture.

That's what I'm waiting for , now it looks like Chromium edge Dev 79.029.0 is causing my problem. Maybe, later when the family is not using the 'net I'll try it again with 2.3.0 and another browser. Thanks everyone!

 

[donbru]

When you create the cert and ca from v2.3.0 in diversion(ep, 3, 2) it purges the old cert and keys then create the new one. When downgrading to v2.2.1, I did the extreme, uninstall diversion and entware then install diversion, entware packages that includes pixelserv.
I started this thread not because of the certificates, it's fine I actually use it to access the router securely from a Win10, but because pixelserv is not functioning as it should, it's too aggressive that it causes some sites to get blocked and resulting sites to come up blank, instead of blocking a portion of the site(the ad part), it blocks everything. If you have time please click this https://www.verizon.com/home/myverizon/ while using diversion/pixelserv v2.3.0. I've been wondering if I'm the only one experiencing the results, I've ask two members to do but there are no responses yet.

I am experiencing the same results using Firefox, Microsoft Edge and Internet Explorer although the same websites work fine using Safari or Firefox on my iPhone 10.

 

[elorimer]

On the verizon link, I can see the menus but not the page itself. Chromebook 76.

 

[L&LD]

Can you purge your browser cache then try it again? I assume you're using diversion standard+/pixelserv v2.3.0.

Yes, that is what I'm using.

Never been to that link before, no need to flush the cache.

 

[bluepoint]

That's what I'm waiting for , now it looks like Chromium edge Dev 79.029.0 is causing my problem. Maybe, later when the family is not using the 'net I'll try it again with 2.3.0 and another browser. Thanks everyone!

Update
Alright upgraded back to pixelserv v2.3.0 and guess what, no problem so far, Jack Yaz must have scared the gremlins!
Kidding aside I have no clue what happened and if I can guess it might be the combination of dirty diversion, pixelserv, skynet upgrade from an RT-AC68P to an AX88U plus a beta browser. Happy ending after all!

 

[Gen10]

Ive added googleadservices.com to my whitelist but I still cannot access the shopping tab links when googling things.

I did process all lists, process whitelist, sort and verify whitelist and installed pixelserv cert. Can't think of what else to do to get this working?

 

[Gen10]

I was having the same issue, first, I recommend reinstalling diversion and skynet(there was some odd issue i was having, do ^that guys 30-30-30 setup

Then make sure you check all of the servers for amazon.

aan.amazon-adsystem.com
aax-us-east.amazon-adsystem.com
aax-us-pdx.amazon-adsystem.com
aax.amazon-adsystem.com
amazon.co.uk
amazon.com
amazon.in
amazonaws.com
c.amazon-adsystem.com
completion.amazon.co.uk
fls-na.amazon.com
mads.amazon-adsystem.com
s.amazon-adsystem.com
s3-ap-southeast-1.amazonaws.com
s3-eu-west-1.amazonaws.com
s3-us-west-2.amazonaws.com
s3.amazonaws.com
s3.ap-northeast-2.amazonaws.com
s3.ap-south-1.amazonaws.co
smile.amazon.com
sqs.us-east-1.amazonaws.com

Which are these.

The only ones that can optionally be left un/blocked are the device metrics.

Also as an update to people about my whitelist, I actually was given a full set of free Unifi gear, so I returned my asus, I will however still be updating the whitelist.

YES! This finally fixed my android amazon app issue!!! Not sure which whitelist did it but ill just keep em all in there! Although UPS website still doesn't work.

 

[ScottW]

YES! This finally fixed my android amazon app issue!!! Not sure which whitelist did it but ill just keep em all in there! Although UPS website still doesn't work.

For UPS, try whitelisting this: ups.tt.omtrdc.net

 

[Gen10]

For UPS, try whitelisting this: ups.tt.omtrdc.net

Thank you! It works

Any idea how to identify not obvious blacklist culprits that block websites?

Following dnsmas.log by hitting f in diversion and setting to filtered by blocked domains for instance didn't yield anything to pop up in terminal when I tried to load ups.com

Or am I just using it wrong?

 

[Centrifuge]

Just setup OVPN server for use with remote gadgets, but still was getting ads on them. Searched the forum on how to bring Diversion into play, nothing. Went to the website and bam there's the answer. Donation sent. Is Skynet also active for clients now?

 

[gattaca]

For UPS, try whitelisting this: ups.tt.omtrdc.net

I've had problems with the UPS site not loading for a while too. Pretty soon they will all be doing the same *(@* thing.. along the lines of "if you don't let us spy on you and collect all these metrics, no web site for you..." this is going way beyond a CDN setup. But I digress.

The interesting item is when I white listed the above dns name, diversion added it and when I listed what diversion added, it was the pixelserv's IP!

Whoa.. So then I hopped into my work VPN and performed a DNS lookup on ups.tt.omtrdc.net and got 12 IPs: 4 in 130.248.144.x and 8 in the 66.235.147.x ranges. So I assume part of this is I need to turn off pixelserv before whitelisting in Diversion? Sorry, I do not have to whitelist much I followed your recommendations and use the Standard+ blockers.

 

[calzor suzay]

Does anyone know what method/command line Diversion uses to email out?
I'd like to use the same method to send emails from my Asus router rather than start installing more packages etc.
It seems to use my gmail account to send out.

 

[dave14305]

Does anyone know what method/command line Diversion uses to email out?
I'd like to use the same method to send emails from my Asus router rather than start installing more packages etc.
It seems to use my gmail account to send out.

See the curl example here: https://github.com/RMerl/asuswrt-merlin/wiki/Update-Notification-Example

 

[calzor suzay]

Thanks, that also has pushover which I have

 

[thelonelycoder]

Does anyone know what method/command line Diversion uses to email out?
I'd like to use the same method to send emails from my Asus router rather than start installing more packages etc.
It seems to use my gmail account to send out.

I'm using Curl to send and makemime to attach files.

 

[ScottW]

Thank you! It works

Any idea how to identify not obvious blacklist culprits that block websites?

Following dnsmas.log by hitting f in diversion and setting to filtered by blocked domains for instance didn't yield anything to pop up in terminal when I tried to load ups.com

Or am I just using it wrong?

Following the log for blocked domains is the correct way, but it can be challenging. For one thing, a page may refer to many blocked domains while only (1) of them is actually "breaking" the page. Trial and error is the only good way to solve that, as far as I know. Another problem is that if you already have the page opened in your browser, then try to reload it, the resolution request may never get to the router because the local machine's cache handles it. To deal with that, I usually close the browser, clear the machine's DNS cache, start following the log from Diversion, THEN open the browser and attempt to load the page.

 

[thelonelycoder]

Following the log for blocked domains is the correct way, but it can be challenging. For one thing, a page may refer to many blocked domains while only (1) of them is actually "breaking" the page. Trial and error is the only good way to solve that, as far as I know. Another problem is that if you already have the page opened in your browser, then try to reload it, the resolution request may never get to the router because the local machine's cache handles it. To deal with that, I usually close the browser, clear the machine's DNS cache, start following the log from Diversion, THEN open the browser and attempt to load the page.

In most browsers CTRL-F5 force reloads a webpage, omitting the cache.

 

[ScottW]

In most browsers CTRL-F5 force reloads a webpage, omitting the cache.

That bypasses the browser's own cache. But I don't think it bypasses the OS cache? On windows, I usually run "ipconfig /flushdns" at command prompt to get rid of the OS's dns resolver cache.

** EDIT **
Ok, searched but couldn't find a definitive answer on this so I did some tests. This is on Windows with Chrome 77.0.3865.90. I haven't tested on other OS or browsers.

Chrome has it's own DNS cache. Even after clearing the machine's cache ("ipconfig /flushdns"), chrome still didn't recognize changes to Diversion whitelist/blacklist. Using ctrl-f5 did NOT help; I believe ctrl-f5 is bypassing Chrome's "data / image cache" but is clearly NOT bypassing or clearing Chrome's (or the machine's) DNS cache.

So to fully reflect a Diversion change in Chrome on Windows, I had to:
1) Clear the OS resolver cache with "ipconfig /flushdns".
2) Clear the Chrome resolver cache by doing one of:
2a) Close and reopen Chrome, or
2b) In chrome address bar, enter "chrome://net-internals/#dns" and then
press the resulting "Clear host cache" button.

After doing that, the whitelist/blacklist change in Diversion was reflected on the next attempt at loading the page.

 

[thelonelycoder]

That's why Diversion never had support for AdBlock-style block-lists: Because they don't work in a DNS based ad-blocker.
The release notes:
https://pi-hole.net/2019/09/21/pi-hole-4-3-2-release-notes/
The specifics:
https://github.com/pi-hole/pi-hole/pull/2912

 

[DonnyJohnny]

That's why Diversion never had support for AdBlock-style block-lists: Because they don't work in a DNS based ad-blocker.
The release notes:
https://pi-hole.net/2019/09/21/pi-hole-4-3-2-release-notes/
The specifics:
https://github.com/pi-hole/pi-hole/pull/2912

Never play with Pi-hole or raspberry PI before. Just wondering is there anyway to remove YouTube ad effectively like ublock, Adblock extension/add-on for browser?
I mean via server/router level.