Diversion Diversion - the Router Ad-Blocker

[Skeptical.me]

I ‘think’ using IPv6 automatically doubles the number of blocked domains?

I think it does. I'm not using IPv6

 

[^Tripper^]

And I converted my 4K+ hosts list to just 549 WildCard entries and me and my router are both happy and ads-free [emoji1787][emoji1787][emoji1787]

I’ve realised that’s what I’ve been slowly doing over time too; converting hosts list domains to more and more wild card entries. Heck, even ended up blocking whole TLDs and except for the occasional whitelist addition, things have been working great.
What’s the official word on too many domains being....umm, too many?

 

[Skeptical.me]

And I converted my 4K+ hosts list to just 549 WildCard entries and me and my router are both happy and ads-free [emoji1787][emoji1787][emoji1787]

I block *a lot* of porn sites, I have nieces and nephews come over, so I try to block as much rubbish as possible. I also block as many tracking domains as I reasonably can.

I may use Wildcard entries more in the future though.

 

[XIII]

The general consensus in the scripting community may be to check for the linked path before creating your link.

 [ -d /opt/sbin ] && ln -sf "{{.Executable}}" "/opt/sbin/{{.Name}}"

I think you might be still risking a conflict by referring to /tmp/opt/sbin.

You might be right, as NextDNS 1.4.27 unfortunately still broke Diversion/Entware at reboot.

@Olivier Poitrey Can you please have a look?

 

[SomeWhereOverTheRainBow]

I took some hosts lists from NextDNS and now have 1.999Million domains in Diversion lol

another weird number

 

[kfahoo]

It is just pre-compiled from several sources that are known not to break anything, I white list as needed. This has a mixture of places that has ads,malware, and trackers. I will update once a week.

if a site is safe and it's on the list should I add it to white list or report it somewhere?

 

[SomeWhereOverTheRainBow]

if a site is safe and it's on the list should I add it to white list or report it somewhere?

add it to the whitelist. there is some reason it is listed on one of those list though. Your call.

 

[SomeWhereOverTheRainBow]

another weird number
View attachment 21162
View attachment 21163
View attachment 21164

Yea and Diversion isn't why i am idling at 83 percent. i idle between 70 and 73 with diversion and I have "my stuffs" turned off.

 

[Skeptical.me]

Yea and Diversion isn't why i am idling at 83 percent. i idle between 70 and 73 with diversion and I have "my stuffs" turned off.

I also run an OpenVPN profile (ExpressVPN) 99% of the time, I don't appear to have any issue with the router/RAM (touch wood).

 

[dave14305]

Don't forget to honour existing entries in /jffs/configs/dnsmasq.conf.add

I ended up moving all my dnsmasq.conf.add entries to dnsmasq.postconf as pc_append statements once I saw how they clobber that config file.

 

[JemTheWire]

I block *a lot* of porn sites, I have nieces and nephews come over, so I try to block as much rubbish as possible. I also block as many tracking domains as I reasonably can.

I may use Wildcard entries more in the future though.

Spoil sport. [emoji3]

 

[Asad Ali]

What’s the official word on too many domains being....umm, too many?

Well, I prefer quality over quantity. A carefully curated list depending on your network needs is way better than bulk blocking of millions of entries which I'm pretty sure 80-90% of it won't even get used on a daily basis and it'll just stay there consuming precious router resources day and night.

 

[Olivier Poitrey]

You might be right, as NextDNS 1.4.27 unfortunately still broke Diversion/Entware at reboot.

@Olivier Poitrey Can you please have a look?

How? Nothing is done at reboot anymore. Did the upgrade update the init script correctly so the symlink creation is no longer there?

 

[XIII]

Did the upgrade update the init script correctly so the symlink creation is no longer there?

That's indeed gone from /jffs/nextdns/nextdns.init.

I'm not sure what happened then. Will see at the next reboot (when new beta/final firmware arrives).

 

[SomeWhereOverTheRainBow]

I ended up moving all my dnsmasq.conf.add entries to dnsmasq.postconf as pc_append statements once I saw how they clobber that config file.

something nasty must be going on, you have always been the .add first .postconf last type of person.

 

[dave14305]

do you ever reboot...
or is this a masters of the universe are exemption clause?

I rebooted tonight to test nextdns. It felt so Microsoft-y to reboot.

 

[L&LD]

@dave14305 I guess then I'm Microsoft-y through and through as I reboot many systems daily. Whether or not they're Windows-based.

 

[doczenith1]

Forgive me is this has already been answered (I've read every single page of this thread but my memory is not great). Back when the 2.3.x work around versions came out for the new iOS versions I thought I remember seeing some instructions to remove and recreate certs. And then also there was some talk on how to handle this on clients. Is there anything I need to do with pixelserv-tls or my Android clients when upgrading to the official 2.3.1? Thanks!

Edit: I have some regular iPhone users. I have not had them add the cert in the past. Do I need to do anything special in Diversion before having them import the cert once 2.3.1 is installed?

 

[L&LD]

@doczenith1, if you followed this post,

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-253#post-546210

Then verified that the pixelserv-tls compiled date is January 31, 2020 (and not December 19, 2019) in the GUI (if using uiDivStats),

https://www.snbforums.com/threads/p...server-for-adblock.26114/page-168#post-546289

And, if it's not on that version, the only way I got it to upgrade was by using this post by @martinr,

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-254#post-546433

And then uninstalling and then re-installing diversion and letting it use the backup file created above.

Finally, at this point, repeat what @thelonelycoder recommended (first link above) and then import the newly created ca.crt file into your devices.

Whew!

Looking forward to being corrected as needed!

 

[doczenith1]

@doczenith1, if you followed this post,

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-253#post-546210

Then verified that the pixelserv-tls compiled date is January 31, 2020 (and not December 19, 2019) in the GUI (if using uiDivStats),

https://www.snbforums.com/threads/p...server-for-adblock.26114/page-168#post-546289

And, if it's not on that version, the only way I got it to upgrade was by using this post by @martinr,

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-254#post-546433

And then uninstalling and then re-installing diversion and letting it use the backup file created above.

Finally, at this point, repeat what @thelonelycoder recommended (first link above) and then import the newly created ca.crt file into your devices.

Whew!

Looking forward to being corrected as needed!

Perhaps I didn't phrase my question very well. I have just yesterday upgraded to 2.3.1 without issue (from the previous entware version 2.2.1 I think?). My concern was whether or not I need to do anything special with the certs whether on my router and/or client devices.

Sounds like I need to ep 3 2 to re-generate the certificate? And then do I delete the current cert off clients first before importing the new cert or does it overwrite the old cert. Again, I apologize as I do remember seeing this info a while back but I can't even imagine what to search for to find my answers without returning many, many hits in this very large thread.