Diversion Diversion - the Router Ad-Blocker

[HairyA00]

And here’s what it has caught:

Sent from my iPhone using Tapatalk

The DNS requests originate at the browser, and Brave is running on the browser level. Only if a request clears the Brave filters will it be forwarded to Diversion. Brave acts first, then Diversion.

Brave will stop anything that is in its block lists, regardless of how many blocklists you may have in Diversion.

Using Brave as a daily driver is perfectly fine. But ad-blocking is a multi-tiered approach. Be sure to STILL install uBlock Origin. Redundancy is okay; who cares if the same domains are blocked. But uBlock Origin/Brave will always have higher block stats than Diversion. My suggestion is to disable uBlock Origin for a few minutes and let Diversion go to work, just so you can see the difference and watch Diversion light up (then turn uBlock Origin back on afterwards). Sinkholing domains isn't as 'pretty' as the extra work that uBlock Origin does to make websites look good. But it works nonetheless!

Do some experimenting, but I can tell you that Diversion + uBlock Origin + Brave as your daily driver is a great multi-tier approach.

 

[heysoundude]

This is fantastic...thank YOU!!


Sent from my iPhone using Tapatalk

 

[Jim McCusker]

Hi,

I just updated to 4.1.4 and followed your directions to upgrade pixelserv-tls to Jack Yaz's 2.3.0 version, but now pixelserv-tls say's it's (not running). My pixelserv-tls IP is 192.168.2.2 (in case this helps). I've tried restarting it, but no luck. Any ideas?

Thanks.

 

[Jim McCusker]

Hi,

I just updated to 4.1.4 and followed your directions to upgrade pixelserv-tls to Jack Yaz's 2.3.0 version, but now pixelserv-tls say's it's (not running). My pixelserv-tls IP is 192.168.2.2 (in case this helps). I've tried restarting it, but no luck. Any ideas?

Thanks.

I just noticed that when I try to restart pixelserve-tls error:

pixelserv-tls: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

 

[thelonelycoder]

I just noticed that when I try to restart pixelserve-tls error:

pixelserv-tls: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

Update and upgrade Entware packages in ep, then restart pixelserv-tls.

 

[jmccusker]

Update and upgrade Entware packages in ep, then restart pixelserv-tls.

Worked like a charm! Thanks for the fix!

 

[#TY]

A quick note: I recently did a nuclear reset of my router and a clean install of Diversion and Skynet and everything is running really well. I am also on iOS 13.1.3 and macOS Catalina on all my devices but I have NOT upgraded to Jack's 2.30 version of pixelserv-tls. Yet, everything seems to be working as intended. Am I missing something or rather, should be looking out for something? Thanks for clarifying.

 

[thelonelycoder]

A quick note: I recently did a nuclear reset of my router and a clean install of Diversion and Skynet and everything is running really well. I am also on iOS 13.1.13 and macOS Catalina on all my devices but I have NOT upgraded to Jack's 2.30 version of pixelserv-tls. Yet, everything seems to be working as intended. Am I missing something or rather, should be looking out for something? Thanks for clarifying.

Did you import the pixelserv-tls ca.crt into browsers and devices?

 

[#TY]

Did you import the pixelserv-tls ca.crt into browsers and devices?

I did, yes.

 

[thelonelycoder]

I did, yes.

Do you get the green padlock when visiting the pixelserv-tls stats page?
https://<pixelserv-tls IP>/servstats

 

[#TY]

Do you get the green padlock when visiting the pixelserv-tls stats page?
https://<pixelserv-tls IP>/servstats

Safari warned me about accessing the page at first, so I allowed it and then entered my password. Once that was done, I was able to access the page and it showed the padlock.

 

[thelonelycoder]

Safari warned me about accessing the page at first, so I allowed it and then entered my password. Once that was done, I was able to access the page and it showed the padlock.

View the certificate, what is the expiry date for https://doubleclick.net

 

[#TY]

View the certificate, what is the expiry date for https://doubleclick.net

I'm not sure if this is what you're referring to but I am attaching a screenshot of my certificate details in case it helps.

 

[thelonelycoder]

Once that was done, I was able to access the page and it showed the padlock.

Or use the Diversion built in test address: https://diversion-adblocking-ip.address
You may have to reload the page as the domain certificate needs to be generated first.

 

[#TY]

Or use the Diversion built in test address: https://diversion-adblocking-ip.address
You may have to reload the page as the domain certificate needs to be generated first.

I just get a blank page (not sure if I'm doing this right) but I'm loading/refreshing : https://10.0.10.5 which is the pixelserv-tls IP.

 

[thelonelycoder]

I'm not sure if this is what you're referring to but I am attaching a screenshot of my certificate details in case it helps.

The ca.crt is valid for ten years, this has not changed. The specific domain certificate is the one affected by the new elevated requirements.
Use https://diversion-adblocking-ip.address and view its certificate detail.

 

[thelonelycoder]

I just get a blank page (not sure if I'm doing this right) but I'm loading/refreshing : https://10.0.10.5 which is the pixelserv-tls IP.

See my post above. Click on padlock and look at the options, it will be there on a desktop machine.

 

[#TY]

See my post above. Click on padlock and look at the options, it will be there on a desktop machine.

Oh I see. Sorry about that. Screenshot attached.

 

[thelonelycoder]

Oh I see. Sorry about that. Screenshot attached.

See the red text?
You're welcome. Use the built in pixelserv-tls upgrader as per https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

 

[SomeWhereOverTheRainBow]

Or use the Diversion built in test address: https://diversion-adblocking-ip.address
You may have to reload the page as the domain certificate needs to be generated first.

I tested this and I get NX-Domain.