Diversion Diversion - the Router Ad-Blocker

[JaimeZX]

@thelonelycoder ... would it be trivial to add a breakdown of stats by client? (Mainly to figure out TLS errors) Or is that more challenging to log than it seems on the surface?

 

[PeterR]

Yes, I did all that. Should I re-create the CA cert?

That's not required. You state that you imported the certificate into the Firefox certificate store, but did you also import the certificate into the Windows certificate store (I assume you're using Windows)?

 

[jadog]

That's not required. You state that you imported the certificate into the Firefox certificate store, but did you also import the certificate into the Windows certificate store (I assume you're using Windows)?

Hmm. It doesn't appear so based on my certificates. I also did a search from the top level for anything that contains "pixel" and it returned nothing.

I followed the steps as outlined below:

Windows: Chrome/Edge/IE
The follow procedure will import your CA cert and trust it system wide.

1. Open your browser. Visit http://pixelserv ip/ca.crt. Make sure you replace pixelserv ip with the actual IP address of pixelserv.
2. Find the downloaded file, ca.crt.
3. Double click on `ca.crt' to view the certificate.
4. Click "Install Certificate.." and select "Local Machine".
5. Click "Place all certificate in the following store" on next screen.
6. Click "Browse..." and select "Trusted Root Certification Authorities".
7. Click "Next" and then "Finish" on next screen.

Restart browser to take effect.
-------------------------------------------

I also just tried to manually import using MMC using this Windows guide. I must have taken a wrong step somewhere.

 

[dony71]

i just buy RT-AC68U and install asus merlin ng, amtm, skynet and diversion
i enable diversion, use pixelserv-tls and standard+ blocking
then once i turn on ad-blocking, my internet is gone
am i missing something here?

 

[dave14305]

i just buy RT-AC68U and install asus merlin ng, amtm, skynet and diversion
i enable diversion, use pixelserv-tls and standard+ blocking
then once i turn on ad-blocking, my internet is gone
am i missing something here?

Did dnsmasq restart successfully?

Check output of command:

tail /opt/var/log/dnsmasq.log

 

[Zastoff]

I just did an M&M reset on RMerlin's 384.13 firmware and added Jack Yaz's uiDivStats so I can see blocked domains in the routers GUI.

I've been using Diversion and uiDivStats for a long time and never seen the entry that keeps popping up and growing. It's DHCPREQUEST(br0).

I don't believe it's supposed to be there as I have never seen it before. Anyone have any ideas what it is and how to stop it from being in my top 10 requested domains list?

attached a photo:

Test with changing (a guess)LAN/DHCP-Server/Hide DHCP/RA queries=yes

 

[thelonelycoder]

I just did an M&M reset on RMerlin's 384.13 firmware and added Jack Yaz's uiDivStats so I can see blocked domains in the routers GUI.

I've been using Diversion and uiDivStats for a long time and never seen the entry that keeps popping up and growing. It's DHCPREQUEST(br0).

I don't believe it's supposed to be there as I have never seen it before. Anyone have any ideas what it is and how to stop it from being in my top 10 requested domains list?

Test with changing (a guess)LAN/DHCP-Server/Hide DHCP/RA queries=yes

That's the reason, set Hide DHCP/RA queries to Yes.

 

[thelonelycoder]

@thelonelycoder ... would it be trivial to add a breakdown of stats by client? (Mainly to figure out TLS errors) Or is that more challenging to log than it seems on the surface?

It would complicate the stats function considerably if it would need to gather these additional data points.

 

[SomeWhereOverTheRainBow]

That's the reason, set Hide DHCP/RA queries to Yes.

I see someone else found away to make dnsmasq logs to grow infinitely large in a short period of time.

 

[dave14305]

That's the reason, set Hide DHCP/RA queries to Yes.

This struck me as odd, since I log my DHCP queries and haven't seen this problem in regular Diversion stats reports. So I went poking and it seems this particular stats compilation can be broken by DHCP requests in the log as well as dnsmasq log-extra being enabled since the client LAN IP appears in every line. Would it work for @thelonelycoder and @Jack Yaz to grep for only query lines?

/opt/bin/grep -a " query.* from $i$" $dnsmasqLog | awk '{print $(NF-2)}' |

 

[Elmer]

After a reboot I get these lines over and over again:

avahi-daemon[2700]: Withdrawing address record for 192.168.1.253 on br0.
avahi-daemon[2700]: Withdrawing address record for 127.0.1.1 on lo.
avahi-daemon[2700]: Withdrawing address record for 127.0.0.1 on lo.
avahi-daemon[2700]: Host name conflict, retrying with RT-AX88U-2197
avahi-daemon[2700]: Registering new address record for 192.168.1.253 on br0.IPv4.
avahi-daemon[2700]: Registering new address record for 192.168.1.1 on br0.IPv4.
avahi-daemon[2700]: Registering new address record for 127.0.1.1 on lo.IPv4.
avahi-daemon[2700]: Registering new address record for 127.0.0.1 on lo.IPv4.

Pixel serve is set to 192.168.1.253, and the DHCP addresses are limited to 192.168.1.2 through 245. What is happening here?

 

[ColinTaylor]

@Elmer
https://www.snbforums.com/threads/384-11_alpha-builds-testing-all-variants.55958/page-9#post-482923

 

[Elmer]

Hmmm, it doesn't happen when I do a power off/on cycle. I only have three things plugged into the router: a switch (with loop back protection), my desk-top computer, and a hardlink to an AImesh unit. Could the AImesh be causing this?

 

[ColinTaylor]

Hmmm, it doesn't happen when I do a power off/on cycle. I only have three things plugged into the router: a switch (with loop back protection), my desk-top computer, and a hardlink to an AImesh unit. Could the AImesh be causing this?

I don't think this is anything to do with Diversion.

In the other thread the messages appeared to be caused by connecting a Media Bridge. An AiMesh node works in a similar manner so could well be the cause.

Are you saying that after power cycling the router you no longer have the problem?

 

[Elmer]

"Are you saying that after power cycling the router you no longer have the problem?"

That is correct. If I do a power off/on cycle it boots up beautifully. I even see the lines that sets pixel server. On the other hand, reboot is a nightmare.

 

[ColinTaylor]

"Are you saying that after power cycling the router you no longer have the problem?"

That is correct. If I do a power off/on cycle it boots up beautifully. I even see the lines that sets pixel server. On the other hand, reboot is a nightmare.

Probably best to open a separate thread about this as there's no particular reason to think it's related to Diversion.

 

[jadog]

Hmm. It doesn't appear so based on my certificates. I also did a search from the top level for anything that contains "pixel" and it returned nothing.

I followed the steps as outlined below:

Windows: Chrome/Edge/IE
The follow procedure will import your CA cert and trust it system wide.

1. Open your browser. Visit http://pixelserv ip/ca.crt. Make sure you replace pixelserv ip with the actual IP address of pixelserv.
2. Find the downloaded file, ca.crt.
3. Double click on `ca.crt' to view the certificate.
4. Click "Install Certificate.." and select "Local Machine".
5. Click "Place all certificate in the following store" on next screen.
6. Click "Browse..." and select "Trusted Root Certification Authorities".
7. Click "Next" and then "Finish" on next screen.

Restart browser to take effect.
-------------------------------------------

I also just tried to manually import using MMC using this Windows guide. I must have taken a wrong step somewhere.

I'm still struggling with this. I re-created the cert and re-imported. Yet it still doesn't appear on any of my computers within the Certificate Manager. I'm about to reset my router and wipe my JFFS so I can start fresh. Before I do though, I'd love to know if there might be something else less nuclear.

 

[elorimer]

@thelonelycoder Are you intending to replace the ep update to include the pixelserv 2.3.1 instead of Yaz's 2.3.0? Just curious about how I should approach this.

 

[dave14305]

I'm still struggling with this. I re-created the cert and re-imported. Yet it still doesn't appear on any of my computers within the Certificate Manager. I'm about to reset my router and wipe my JFFS so I can start fresh. Before I do though, I'd love to know if there might be something else less nuclear.

When I imported the Pixelserv CA into Windows, I chose Current User (since it was on a work computer I didn't want to mess with the Local Machine). It shows up in Control Panel / Internet Options / Content / Certificates / Trusted Root Certificates.

 

[jadog]

When I imported the Pixelserv CA into Windows, I chose Current User (since it was on a work computer I didn't want to mess with the Local Machine). It shows up in Control Panel / Internet Options / Content / Certificates / Trusted Root Certificates.

Ok, so I believe I figured out part of the issue. It appears that the certificate is named "US" instead of Pixelserv. The date 7/27 is also when I originally created the certificate. Why is not showing with the name Pixelserv and should it be re-created? Or else why do I seem to be having the odd issues that others don't seem to?