Diversion Diversion - the Router Ad-Blocker

[Xsvrg]

Yes, & yes!

Are these settings okay for the WAN DNS page?

 

[dave14305]

Are these settings okay for the WAN DNS page?

No, you either need to fill in the empty DNS server fields or set Connect Automatically to Yes to use your ISP DNS servers.

 

[L&LD]

@Rici larger capacity USB drives simply last longer. Not to mention that the smaller capacity drives 8GB or smaller are either really old today, or, made very cheaply.

 

[Xsvrg]

No, you either need to fill in the empty DNS server fields or set Connect Automatically to Yes to use your ISP DNS servers.

So from what I understand the DHCP page shows what addresses all the clients will use for DNS, leaving it blank = the router will be used.

But the DNS under WAN is what the router will use eventually. So should I put a public DNS server like 8.8.8.8 and 8.8.4.4 there? Will Diversion still work this way?

 

[dave14305]

So from what I understand the DHCP page shows what addresses all the clients will use for DNS, leaving it blank = the router will be used.

But the DNS under WAN is what the router will use eventually. So should I put a public DNS server like 8.8.8.8 and 8.8.4.4 there? Will Diversion still work this way?

Anything that Diversion doesn’t block will be forwarded to the DNS servers you choose on the WAN page (whether a custom DNS like Google or Quad9 or your ISP’s default servers).

 

[Sas]

I have an odd problem with one app, (the Electron version of ) Mattermost (our company's chat system). When I run the Electron app, I will periodically get the following message which will freeze the app until a restart:

There is a configuration issue with this Mattermost server, or someone is trying to intercept your connection. You also may need to sign into the Wi-Fi you are connected to using your web browser.

origin: https://cdn.segment.com
Error: net::ERR_CERT_AUTHORITY_INVALID​

If I run Mattermost in a regular web browser (as opposed to the standalone Electron app), this message never appears. It also SEEMS to only show up where there is embedded content like a youtube video in the chat room in question, but I am not 100% sure this is the cause.

This has only started happening since installing Diversion (standard edition 4.1.10 with pixelserv-tls 2.3.1)

Any suggestions? Thanks!

 

[dave14305]

I have an odd problem with one app, (the Electron version of ) Mattermost (our company's chat system). When I run the Electron app, I will periodically get the following message which will freeze the app until a restart:

There is a configuration issue with this Mattermost server, or someone is trying to intercept your connection. You also may need to sign into the Wi-Fi you are connected to using your web browser.

origin: https://cdn.segment.com
Error: net::ERR_CERT_AUTHORITY_INVALID​

If I run Mattermost in a regular web browser (as opposed to the standalone Electron app), this message never appears. It also SEEMS to only show up where there is embedded content like a youtube video in the chat room in question, but I am not 100% sure this is the cause.

This has only started happening since installing Diversion (standard edition 4.1.10 with pixelserv-tls 2.3.1)

Any suggestions? Thanks!

Install the Pixekserv CA in your client machine following the instructions in the wiki: https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices

Importing the CA is recommended for a smoother experience. The message is saying that the app does not recognize the Certificate Authority that signed the SSL certificate for the blocked domain cdn.segment.com (it’s in the Standard blocklist). Once you import the CA, it will be trusted and the messages should disappear.

If the error persists after doing that you can whitelist cdn.segment.com in Diversion (el option).

 

[HairyA00]

Did malwarebytes just remove all their hosts files? I get redirected to a 404 page: https://www.malwarebytes.com/browserguardpha.txt

Example:
https://hosts-file.net/ad_servers.txt

EDIT:
https://forums.malwarebytes.com/topic/257401-inquiry-regarding-automated-processing-of-hosts-files/

 

[Ubimo]

Can confirm

 

[HairyA00]

Time to Disable + Plus hosts I suppose. I was using a bunch of them, too. I wonder if there are any good replacements (that isn't a 1mm+ hosts list like the "large" one):

https://hosts-file.net/ad_servers.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/exp.txt
https://hosts-file.net/hjk.txt
https://hosts-file.net/mmt.txt
https://hosts-file.net/psh.txt
https://hosts-file.net/wrz.txt
https://hosts-file.net/pha.txt


This will bring me down to only these:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
http://sysctl.org/cameleon/hosts
https://mirror1.malwaredomains.com/files/justdomains
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

 

[dave14305]

Time to Disable + Plus hosts I suppose. I was using a bunch of them, too. I wonder if there are any good replacements (that isn't a 1mm+ hosts list like the "large" one):

https://hosts-file.net/ad_servers.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/exp.txt
https://hosts-file.net/hjk.txt
https://hosts-file.net/mmt.txt
https://hosts-file.net/psh.txt
https://hosts-file.net/wrz.txt
https://hosts-file.net/pha.txt


This will bring me down to only these:

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
http://sysctl.org/cameleon/hosts
https://mirror1.malwaredomains.com/files/justdomains
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

I stopped using the plus hosts a few weeks ago (more or less). They added nearly 500K hostnames to an otherwise manageable Standard list. I once checked a week's worth of dnsmasq logs and no actual blocks on my network ever came from the hosts-file.net sources, only StevenBlack. So I felt comfortable disabling them.

 

[HairyA00]

I stopped using the plus hosts a few weeks ago (more or less). They added nearly 500K hostnames to an otherwise manageable Standard list. I once checked a week's worth of dnsmasq logs and no actual blocks on my network ever came from the hosts-file.net sources, only StevenBlack. So I felt comfortable disabling them.

I was only using them because Diversion suggests you do once you install Skynet. Are there side-effects of NOT using them other than less domains are blocked? Do you get more false positives without them?

 

[dave14305]

I was only using them because Diversion suggests you do once you install Skynet. Are there side-effects of NOT using them other than less domains are blocked? Do you get more false positives without them?

I believe Skynet dropped the ipset lists that contained these destinations once the Plus hosts option was available, because there were too many false positives in Skynet back in the day. I don't think Skynet changes its behavior today if you do or don't have Plus hosts enabled. Maybe @Adamm can offer the history of that transition.

 

[HairyA00]

I believe Skynet dropped the ipset lists that contained these destinations once the Plus hosts option was available, because there were too many false positives in Skynet back in the day. I don't think Skynet changes its behavior today if you do or don't have Plus hosts enabled. Maybe @Adamm can offer the history of that transition.

Down to 93,470 blocked domains! We'll see how this goes, but I'm operating under the assumption it'll be fine.

 

[Butterfly Bones]

Down to 93,470 blocked domains! We'll see how this goes, but I'm operating under the assumption it'll be fine.

I'm Standard + and have 66,081 domains. Only 18 in my blacklist. I'm curious why the big difference between yours and mine?

 

[HairyA00]

I'm Standard + and have 66,081 domains. Only 18 in my blacklist. I'm curious why the big difference between yours and mine?

I am using those bottom 5. Same lists as Pi-hole out-of-the-box:
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-288#post-565121

 

[Butterfly Bones]

I am using those bottom 5. Same lists as Pi-hole out-of-the-box:
https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-288#post-565121

Ah, I see, I did not read carefully enough. No Pi-hone or addition domains for my setup. Thank you for the reply.

 

[GregS]

Then there is something missing. They should add up to 100%. What was the other item with numbers? I am guessing NIC.

Just happened again, with DNSPrivacy disabled. Looks like the missing cpu is showing as io. Any way to get more details on that?

Here's the full top output:
Mem: 873288K used, 30284K free, 32K shrd, 160K buff, 3672K cached
CPU: 0.0% usr 1.9% sys 0.0% nic 63.5% idle 34.4% io 0.0% irq 0.0% sirq
Load average: 4.63 4.74 4.52 2/181 3991
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
1130 1 admin S 3040 0.3 0 0.9 /usr/sbin/bsd
2048 2 admin DW 0 0.0 3 0.2 [usb-storage]
3031 1 admin D 47416 5.2 1 0.1 dnsmasq --log-async
1234 1 admin S N 9056 1.0 2 0.1 networkmap --bootwait
231 2 admin SW 0 0.0 1 0.1 [bcmsw_rx]
37 2 admin SWN 0 0.0 1 0.1 [kswapd0]
2769 1102 admin S 2608 0.2 1 0.0 dropbear -p 192.168.1.1:22 -j -k
8605 1 admin S < 14692 1.6 1 0.0 dcd -i 3600 -p 43200 -b -d /tmp/bwdpi/
1326 1 admin S 12076 1.3 1 0.0 cfg_server
1245 1 admin S 10164 1.1 2 0.0 mastiff
1147 1 admin S 4736 0.5 3 0.0 /usr/sbin/wlceventd
3972 2787 admin R 3476 0.3 0 0.0 top
2620 1 admin S 2112 0.2 1 0.0 mini_snmpd -i br0,eth0,eth2,eth5,eth6,eth7,wl0.1,wl1.1 -D RT-AX88U -L xxx -C xxx
225 2 admin SW 0 0.0 1 0.0 [fc_task]
24 2 admin SW 0 0.0 3 0.0 [ksoftirqd/3]
2718 2703 admin S 299m 33.8 3 0.0 syslog-ng
1370 1 admin S 60600 6.7 3 0.0 amas_lib
2650 1 nobody S 50324 5.5 0 0.0 pixelserv-tls 192.168.1.3
321 1 admin S 18524 2.0 2 0.0 /bin/swmdk
1307 1 admin S 14620 1.6 1 0.0 conn_diag
1085 1 admin S 14620 1.6 3 0.0 /sbin/netool
3148 1 admin S 13628 1.5 3 0.0 wred -B
1 0 admin S 13588 1.5 1 0.0 /sbin/init
1165 1 admin S 12572 1.3 1 0.0 watchdog
1167 1 admin S 12572 1.3 2 0.0 sw_devled
1058 1 admin S 12572 1.3 2 0.0 /sbin/wanduck
2007 1 admin S 12572 1.3 0 0.0 usbled
3332 1 admin S 12572 1.3 3 0.0 bwdpi_wred_alive
1253 1 admin S 12572 1.3 0 0.0 pctime
1166 1 admin S 12572 1.3 0 0.0 check_watchdog
1249 1 admin S 12572 1.3 2 0.0 hour_monitor
2382 1 admin S 12572 1.3 1 0.0 disk_monitor
944 1 admin S 12572 1.3 2 0.0 console
1121 1 admin S 12572 1.3 3 0.0 wpsaide
1246 1 admin S 12572 1.3 0 0.0 bwdpi_check
3169 1 admin S 11944 1.3 3 0.0 /usr/sbin/smbd -D -s /etc/smb.conf
3125 1 admin S 11776 1.3 1 0.0 /usr/sbin/nmbd -D -s /etc/smb.conf
1204 1159 admin D 11748 1.3 3 0.0 vis-dcon
1083 1 admin S 11180 1.2 3 0.0 nt_monitor
2703 1 admin S 10112 1.1 1 0.0 {syslog-ng} supervising syslog-ng
1155 1 admin S 9972 1.1 3 0.0 httpd -i br0
1098 1 admin S 9284 1.0 2 0.0 nt_center
1267 1 admin S 7820 0.8 2 0.0 nt_actMail
2008 1 admin S 7700 0.8 3 0.0 u2ec
1117 1 admin S 7192 0.8 2 0.0 hostapd -B /tmp/wl0_hapd.conf

And here's what the cpu graph looked like about 30sec after I disabled Diversion via amtm which I feel shows something was happening which may not be fully reflected via the top output.

Looking at the dnsmasq.log file I'm seeing some patterns. In rough terms a page worth of log data in the hour before the issue would cover 3-20sec. Then around the start of the issue there are several minute gaps of no data followed by an increasing number of dnsmasq-dhcp entries (request + ack). The occasional dns request shows up and is forwarded to the external servers (ie 1.1.1.1), but mainly just the same few domains, like for time sync, dns based connection check. But what's most interesting is that there are bursts (dozens of pages worth) all with the same timestamp, then nothing for a minute or two and then another burst. At this point most requests, event the dhcp, are duplicates, eg 9 DHCP requests from the same ip (these are static mappings).

It's anecdotal but I feel I can get into this state much faster (daily) when I run Diversion with pixelserv, while I last ran a full week w/o issue with pixelserv disabled. Technically I don't think I've seen the issue with pixelserv disabled, I normally get bored waiting, thinking the underlying issue has been resolved and then enable pixelserv and a day later the issue returns.

What should I try next ?

 

[Rici]

Since USB sticks attached to the router are dying frequently: How to backup the relevant configuration e.g. of Diversion (and SkyNet) - e.g. whitelists - in a way that I can restore in to a new USB stick in case my current dies again?

 

[Butterfly Bones]

Since USB sticks attached to the router are dying frequently: How to backup the relevant configuration e.g. of Diversion (and SkyNet) - e.g. whitelists - in a way that I can restore in to a new USB stick in case my current dies again?

Check the menus of each, they have built in backup functions.