What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Dear friends, I have changed everything, but still not working... !
On 4.1.3, on 2x2GBpartition Ext2 everything worked fine and with no problems! Even with my whitelist and blacklist from the start.
Now, after upgrade, fresh reinstalling all, and FW update still baffled... not working!
I will modify my whitelist...
If someone has a backup of 4.1.3... please PM me!
 
Last edited:
Dear friends, I have changed everything, but still not working... !
On 4.1.3, on 2x2GBpartition Ext2 everything worked fine and with no problems! Even with my whitelist and blacklist from the start.
Now, after upgrade, fresh reinstalling all, and FW update still baffled... not working!
I will modify my whitelist...
If someone has a backup of 4.1.3...

I know I am late here but, why are you not using EXT4 with Journaling turned ON?

Why: "2x2GBpartition Ext2"?
 
Small blocking list worked! But none of the rest! Sad! Still no one has 4.1.3 backup?

Why not try my other suggestion?offloading the whitelisting work to a PC and only import the final list, it may fix your issue.
 
Why not try my other suggestion?offloading the whitelisting work to a PC and only import the final list, it may fix your issue.
Using which software? Any particular one doing this? Still looking for it...
But worked nicely till 4.1.3!
Now tried everything...
Wish someone could give me a backup of 4.1.3, the version that worked so nicely even on my ancient FW!
Why not let users choose which version to use?
 
@thelonelycoder can you ad DNSCrypt 1.0 to AMTM for those who rely on old HW like me? It would be nice for all of us.
And somehow amtm tries to install 2.0 over 1.0... and also shows version "v" instead of 1.0!

solved part with "v"
DNSCRYPT_VER=1.0.0 added as 3rd line in script :)
 
Last edited:
Hi @thelonelycoder,
  1. Trying to look into Diversion a bit further, it seems like the description on the following pages is a bit misleading (at least for new Diversion users):
    https://diversion.ch/diversion/installation.html

    Diversion Lite installs Diversion and Entware, using the IP address 0.0.0.0 to divert blocked domains.
    The Lite Edition blocks http domains.

    Diversion Standard installs Diversion, Entware and its pixelserv-tls package, using the selected IP address to divert blocked domains to pixelserv-tls.
    The Standard Edition blocks http and https (secure) domains.

    https://diversion.ch/faq-reader/what-does-pixelserv-tls-do.html

    Diversion Lite Edition blocks HTTP ads, meaning they were served from a Web-server running the HTTP protocol.
    It may leave gaps in the web page where the blocked ad would show.
    Diversion Standard Edition installs pixelserv-tls and with it the capability to block HTTP and HTTPS ads.
    And not only that, it fills the space left by blocked content where possible with a pixel-sized image, hence the pixelserv name.

    From what I can tell, The Lite and The Standard Edition both can block http AND https domains,
    but The Standard Edition with pixelserv-tls can additionally fill the space left by blocked content (only if the pixelserv-tls' certificate is manually imported into clients),
    and, at least according to @kvic's manually performed tests
    https://kazoo.ga/pixelserv-tls-more-is-less/

    https://kazoo.ga/new-features-in-pixelserv-tls-2-1-0/

    the pages with blocked content could load faster with pixelserv-tls.

  2. My own testing includes running amtm and Diversion on two RT-AC66U routers. One runs 380.70, the other johns LTS fork firmware. They're not dead yet.
    Do you use the original (MIPS-based) RT-AC66U or RT-AC66U_B1? What edition of Diversion do you use/recommend for such MIPS-based routers?

    According to your comment
    https://github.com/kvic-z/pixelserv-tls/issues/18#issuecomment-456516745
    the last pixelserv-tls version for MIPS-based routers is v2.0.1, and the URL http://<pixelserv ip>/ca.crt is not working,
    so have you found the way to import this pixelserv-tls cert?
    Do you use Diversion Standard without this cert or Diversion Lite?

  3. Looking through the logs by selecting f follow dnsmasq.log
    and then 2. Unfiltered log extra highlighted (or 3. Filtered by blocked domains)
    I've noticed a small side-effect:
    the log line containing "blockinglist" or "blacklist" will be highlighted as blocked (in red),
    even if the corresponing URL wasn't actually in the blocking list:
    try visiting, for instance, blacklist.reddit.com

    Looking through
    Code:
    /opt/share/diversion/file/functions.div
    it seems to happen because the functions highlighted() and blocked_domains() contain the same line
    Code:
    if echo "$line" | grep -q "blockinglist\|blacklist\| config .* is $blockingIP"; then
    that just checks if the log file line contains specific keywords.
 
Not really sure where to post this, but I'm getting security warnings when previewing links from the built-in browser in the Reddit app (or very occasionally through in-app Safari widgets in other apps). I'm not entirely sure what triggers it, because if I go to r/Diversion, the Diversion homepage doesn't generate this warning, but other links do.

This does not happen in Safari proper, so it's not a total misconfiguration. For now I have changed the Reddit app to use Safari, and it's been mostly okay so far. It is indeed "the answer", but curious if there's any thoughts as to why this would break here.

FPvvRqD.png
 
Not really sure where to post this, but I'm getting security warnings when previewing links from the built-in browser in the Reddit app (or very occasionally through in-app Safari widgets in other apps). I'm not entirely sure what triggers it, because if I go to r/Diversion, the Diversion homepage doesn't generate this warning, but other links do.

This does not happen in Safari proper, so it's not a total misconfiguration. For now I have changed the Reddit app to use Safari, and it's been mostly okay so far. It is indeed "the answer", but curious if there's any thoughts as to why this would break here.

FPvvRqD.png
I believe you need to update pixelserv-tls to version 2.3.0, regenerate a certificate, and install it on your phone.

From the diversion.ch website:

1. Update Diversion to this latest version.
2. Install Jack Yaz's pixelserv-tls v2.3.0 in ep, 6, 3
3. Re-generate the pixelserv-tls CA certificate in ep, 3, 2 (all domain certificates will be purged during that step).
4. Import the new pixelserv-tls CA certificate (ca.crt) into browsers and devices, replacing the previous certificate. Open the certificate link in a browser with your pixelserv-tls IP address, typically this is 192.168.1.2/ca.crt and import it.
 
Good questions. When I added ups.tt.omtrdc.net, Diversion showed an exact match in blocking file. I will test removing it, clear cache and try again later today. It worked Sunday, then Monday was blank white, likely due to the fact I have my Diversion blocking list (Standard+) update Sunday at 0200 my local time.

FWIW, I just had this same issue with the white screen - both mobile and desktop. I noticed the text was physically on the page (I could see my cursor change between links and selectable text).

I ended up blocking another web-bug from 'tags.tiqcdn.com', and the page seemed to come up normally (both mobile and desktop). Not sure if it was caching (and thus coincidence) or whether it actually did something to affect the display.
 
Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).
 
Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).

Not to turn this into a "I use these lists" discussion, but this is a good mix:

Code:
https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
http://sysctl.org/cameleon/hosts
https://hosts-file.net/ad_servers.txt
https://mirror1.malwaredomains.com/files/domains.hosts


Been using those for years and have had to whitelist one website ever.

Another great resource, but I will warn you that picking random lists off of that site will cause breakages: https://firebog.net/
Good whitelist to help with that: https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
 
Anyone have a sample blacklist for domain names of tracking and metrics by media devices such as Amazon Echo Devices, Roku, Firetv etc? Specifically ones not in the "standard" list. I don't want to cripple the device but I'm on limited bandwidth and prefer to nip excessive traffic in the bud (for example device-metrics-us.amazon.com which IS in the standard list but was getting nailed ALL THE TIME when I was using the smaller...exactly how often do devices need to phone home? I had over 50,000 hits during one time period from multiple echo's).
If you have Skynet installed, it has an IoT Blocking setting.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top