Diversion Diversion - the Router Ad-Blocker

[L&LD]

@doczenith1, yes, please re-read my post again (I think it makes sense. ).

Regenerate the certificate, verify it is actually used by Diversion and then re-import the new certificates into your client devices.

 

[L&LD]

@Treadler, it did change a little.

See the first link in post 5169 above.

 

[Treadler]

@Treadler, it did change a little.

See the first link in post 5169 above.

Ok, it’s back......
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

 

[L&LD]

Yeah, I deleted my post. May have served just to muddy the waters a little.

No! It had good information for Apple users!

I don't like posts disappearing on forums. Makes the following comments seem messy at best.

Like the post from @rgnldo about Auth-Zone that was on page 36 but was gone when I went back to reference it after installing unbound again (Auth-Zone makes a huge difference).

Now, I use a partial post and use 'rs' inside unbound_manager after doing the necessary commands from the post (below).

https://www.snbforums.com/threads/u...-caching-dns-server.58967/page-33#post-541097

 

[doczenith1]

@doczenith1, yes, please re-read my post again (I think it makes sense. ).

Regenerate the certificate, verify it is actually used by Diversion and then re-import the new certificates into your client devices.

I read your post and linked messages multiple times. No mention of how to handle certs after the upgrade. They all seemed to refer to people having issues when upgrading pixelserv-tls from Jack's version or a manual install of the entware version prior to the official release.

And just so I am understanding you correctly, no need to purge before regenerating and reimporting my certs?

 

[L&LD]

@doczenith1, the post that @Treadler deleted had that information. I can't track it down now as fast as I would like.

I would, as a matter of course, purge and regenerate the certificates. Why take chances?

Then, of course, re-import them into all your client devices too.

 

[Treadler]

@doczenith1, the post that @Treadler deleted had that information. I can't track it down now as fast as I would like.

I would, as a matter of course, purge and regenerate the certificates. Why take chances?

Then, of course, re-import them into all your client devices too.

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

 

[Treadler]

I read your post and linked messages multiple times. No mention of how to handle certs after the upgrade. They all seemed to refer to people having issues when upgrading pixelserv-tls from Jack's version or a manual install of the entware version prior to the official release.

And just so I am understanding you correctly, no need to purge before regenerating and reimporting my certs?

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-186#post-516424

 

[doczenith1]

Once last question. When importing into my Android 10 device it brings up "Credential use:" and the choices are 'VPN and apps' or 'Wi-Fi'. I don't remember this choice when I imported the cert last time a year or so ago.

 

[L&LD]

I use WiFi myself. But now you got me thinking? I also use OpenVPN back to my home router, should I import into both?

 

[doczenith1]

Another thing I noticed. The previous cert was located under Settings>Security>Encryption & credentials>Trusted credentials>USER. This time when I imported the cert it asked for a name (can't remember if it did that before but the name in the USER location was Pixelserv CA) and it put it under Settings>Security>Encryption & credentials>User credentials and used the name that I typed in when installing.

 

[doczenith1]

On one of my devices I had the cert installed for wifi only. I went to a site and was getting the grey box with frown face where ads were supposed to be. I then added the cert for VPN and apps the the grey box went away. Seems like the latter is the proper way for web browsing anyway.

 

[L&LD]

@doczenith1 which device was that? Apple, Android, PC or other?

 

[doczenith1]

Android.

 

[Centrifuge]

Does this look right, regarding TLS handshake errors, dropped requests and unknown certs?
pixelserv stats

 

[Asad Ali]

Does this look right, regarding TLS handshake errors, dropped requests and unknown certs?
pixelserv stats

Your "slu" is pretty high. Do you have the Pixelserv-tls cert imported in all your network devices?

 

[SomeWhereOverTheRainBow]

I rebooted tonight to test nextdns. It felt so Microsoft-y to reboot.

did it work?

 

[dave14305]

did it work?

Everything was fine after the reboot. NextDNS was running and Entware /opt was properly linked. I did note that nextdns syslog messages were not respecting the local timezone anymore (logs were in UTC).

But I’m back to Diversion and Unbound now.

Thanks for asking.

 

[Treadler]

Everything was fine after the reboot. NextDNS was running and Entware /opt was properly linked. I did note that nextdns syslog messages were not respecting the local timezone anymore (logs were in UTC).

But I’m back to Diversion and Unbound now.

Thanks for asking.

Unbound + Diversion doing the magic here.

 

[a k]

Hello @thelonelycoder

Diversion is pretty good on what it does. Previously I did a small donation contribution, but now I'm looking for a different kind of contribution.
The alternate blocking list is a pretty good concept but it falls a little short of completely fulfilling my use case.
In addition to the use of a more comprehensive block list for my kids devices I want to be able to blacklist specific sites just for the alternate blocking list.
On vanilla Diversion I can either blacklist a domain for all devices or to none.
To workaround that I created a blacklist2 file and did changes to Diversion to use it (I'm glad you released it as GPL).
I also identified on Diversion the changed needed to implement an alternate balcklist to use with the alternate blocking list.
What I did not find what a GitHub repo to submit a PR, so you could evaluate if worth integrating to Diversion or not (I did find amtm's repo on GitHub).
If you interested in seeing it let me know.