Diversion Diversion - the Router Ad-Blocker

[SomeWhereOverTheRainBow]

Working so far, thx... seems addresses 1 and 3 were getting blocked.

i believe the middle domain is for update failures with running update from the software

 

[SomeWhereOverTheRainBow]

Working so far, thx... seems addresses 1 and 3 were getting blocked.

I highly recommend you looking at whitelisted domains from links for this github,
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/referral-sites.txt
https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt

and adding them with
nano /opt/share/diversion/list/whitelist*
copy and paste
run diversion el options for whitelist sort and verify, then process.

the whitelist above usually fixes things that get broken from ad-blockers.

 

[adampk17]

A couple questions for the crowd if I might

1. I currently am using Diversion w/pixelserv, FreshJR, and Unbound with ipv4 enabled on my router.

If I enable ipv6 do I need to reconfigure Diversion or pixelserv?

2. I’ve never bothered importing the pixelserv certificate into any of my devices. What am I missing out on by not doing that?

3. I have the “YouTube video ads blocking enabled” under blocking list options in Diversion. Is there any other steps I need to take to start seeing the benefit? I’ve had it on for days but nothing seems to be different.


Thank you!

 

[SomeWhereOverTheRainBow]

A couple questions for the crowd if I might

1. I currently am using Diversion w/pixelserv, FreshJR, and Unbound with ipv4 enabled on my router.

If I enable ipv6 do I need to reconfigure Diversion or pixelserv?

2. I’ve never bothered importing the pixelserv certificate into any of my devices. What am I missing out on by not doing that?

3. I have the “YouTube video ads blocking enabled” under blocking list options in Diversion. Is there any other steps I need to take to start seeing the benefit? I’ve had it on for days but nothing seems to be different.


Thank you!

i would recommend disabling diversion temporarily before turning on ivp6, then turn it back on. it will automatically configure to ipv6 support. @thelonelycoder is good like that with his predictive analysis of all possible outcomes. With unbound, you may have to edit your unbound.conf uncommenting the ipv6 stuff, or try running the update for the scripts. it may activate in this process. you may want to reconfigure you-tube ad-blocking todo both ipv4 and 6 because host files require both patterns when ipv6 is present.

 

[thelonelycoder]

i would recommend disabling diversion temporarily before turning on ivp6, then turn it back on. it will automatically configure to ipv6 support. @thelonelycoder is good like that with his predictive analysis of all possible outcomes. With unbound, you may have to edit your unbound.conf uncommenting the ipv6 stuff, or try running the update for the scripts. it may activate in this process. you may want to reconfigure you-tube ad-blocking todo both ipv4 and 6 because host files require both patterns when ipv6 is present.

No need to disable Diversion when enabling IPv6, it can and does handle that automatically.
The YouTube feature is best reset, though it would auto-add the IPv6 IP when an IP update is due.

 

[WhyNetworkAtAll]

are you using the newest pihole 5.0? you can regex whitelist for all those whitelisted domains with subdomains you have a bunch of repeated domains for

unfortunately diversion does not support a wildcard whitelisting. at-least not that i know of.

Yes, the current setup is PiHole 5.x based but it's a PITA with local lookups and guest wifi isolation. Diversion seems to use dnsmasq for blocking and I know dnsmasq allows wildcards in the dnsmasq.conf file like

address=/.blacklisted.com/0.0.0.0

This would blacklist *.blacklisted.com but you could be right, the whitelisting isn't clear, esp in a manner that keeps Diversion happy.

@thelonelycoder : Could you help? Original question at https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-322#post-585797

EDIT: dnsmasq should allow whitelisting with # i.e.

address=/.whitelisted.com/#

But yeah, looking for a response from TheLonelyCoder to glue this together "the diversion" way for alternate dns clients.

 

[thelonelycoder]

address=/.example.com/0.0.0.0

Don't add a dot at the beginning of the domain name. The dot is implied by Dnsmasq.

@thelonelycoder : Could you help? Original question at https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-322#post-585797

Diversion is not built for that scenario.

 

[thelonelycoder]

EDIT: dnsmasq should allow whitelisting with # i.e.

address=/.whitelisted.com/#

But yeah, looking for a response from TheLonelyCoder to glue this together "the diversion" way for alternate dns clients.

That's not how whitelisting works in Diversion.

 

[SomeWhereOverTheRainBow]

Yes, the current setup is PiHole 5.x based but it's a PITA with local lookups and guest wifi isolation. Diversion seems to use dnsmasq for blocking and I know dnsmasq allows wildcards in the dnsmasq.conf file like

address=/.blacklisted.com/0.0.0.0

This would blacklist *.blacklisted.com but you could be right, the whitelisting isn't clear, esp in a manner that keeps Diversion happy.

@thelonelycoder : Could you help? Original question at https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/page-322#post-585797

EDIT: dnsmasq should allow whitelisting with # i.e.

address=/.whitelisted.com/#

But yeah, looking for a response from TheLonelyCoder to glue this together "the diversion" way for alternate dns clients.

They have a couple of features in the works for pi hole 5.x that could be a game changer. For example they can already specify group of list that gets used per subnet on their client group management which allows (customizable guest network blocking 192.168.2.0/24, 192.168.3.0/24, etc.) This can be extended to offsite vpn subnets as well.. There is currently feature development for client group management per mac address and hostname in the works, but these devices must be within one hop.

 

[WhyNetworkAtAll]

Don't add a dot at the beginning of the domain name. The dot is implied by Dnsmasq.

Diversion is not built for that scenario.

Thanks @thelonelycoder . Would you take up a feature request to support that scenario ?

 

[HairyA00]

Thanks @thelonelycoder . Would you take up a feature request to support that scenario ?

I have a similar setup; DNSFilter a few MAC addresses to a Pi-hole that go upstream to a different DNS provider (cleanbrowsing family). If I take off the Pi-hole and just go upstream to cleanbrowsing family, then they lose ad-blocking. If I setup an Alternative Blocklist in Diversion, then I lose cleanbrowsing family's aggressive adult filtering.

Would love for everyone to go through the same set of blocklists, but you can filter by MAC address a device to go upstream somewhere other than what is defined on the WAN. Having a Pi-hole has been working out for me so far and I really don't mind having a second device, would just be nice for Diversion to be my one-stop shop!

I think @Jack Yaz tried to help me out with this in the past but I stumbled face first and went back to Pi-hole for my handful of cleanbrowsing family clients.

 

[Cleanev]

Hello @thelonelycoder - i am a new user to ASUS routers and merlin flavor in general. Have 2 68U (used in AP mode only not AIMesh) and 1 AC88U (main)
My question is around webgui that I understand is coded by @Jack Yaz
I can see 10 blocked domains block and 10 requested domains block.
- Is it possible to increase more domains in either block?
- How do i go about checking blocked domains for a particular client?

Appreciate you help

 

[dave14305]

Hello @thelonelycoder - i am a new user to ASUS routers and merlin flavor in general. Have 2 68U (used in AP mode only not AIMesh) and 1 AC88U (main)
My question is around webgui that I understand is coded by @Jack Yaz
I can see 10 blocked domains block and 10 requested domains block.
- Is it possible to increase more domains in either block?
- How do i go about checking blocked domains for a particular client?

Appreciate you help

Questions about the uiDivStats page should be asked here: https://www.snbforums.com/threads/uidivstats-webui-for-diversion-statistics.56393/

Otherwise, you can customize the Diversion stats report via the c menu in Diversion.

 

[Martin_D]

Need help when I have Diversion Standerd It stops NTP from working trying to find the problem but am having real trouble pinpointing it

 

[New2This]

Everything is still working here, give the kid a laptop and watch YT and test it

 

[thelonelycoder]

Need help when I have Diversion Standerd It stops NTP from working trying to find the problem but am having real trouble pinpointing it

Which NTP server(s) are you using? Diversion comes up later than the router's NTP sync attempts. The block or failure to resolve would therefore happen before Diversion comes into play.

 

[thelonelycoder]

Everything is still working here, give the kid a laptop and watch YT and test it

View attachment 23597

That does not show any YouTube blocking stats yet.

 

[thelonelycoder]

Thanks @thelonelycoder . Would you take up a feature request to support that scenario ?

Diversion is a software to blocks ads, with benefits for your router that are closely related to it.
Your idea, summarized as:
1. block any Internet access and
2. allow only limited domain resolution for a list of domains and
3. limit this to selected devices

This sounds like a job for a parental control software.
There are readily available options out there, one is already built into your router.

 

[WhyNetworkAtAll]

Diversion is a software to blocks ads, with benefits for your router that are closely related to it.
Your idea, summarized as:
1. block any Internet access and
2. allow only limited domain resolution for a list of domains and
3. limit this to selected devices

This sounds like a job for a parental control software.
There are readily available options out there, one is already built into your router.

I don't agree with that. The default on the routers are broad category based so, for example, I couldn't disable Netflix without disabling Zoom (needed for online learning). Anyway, I went ahead and created Guiderails, which gives very tight whitelisting controls (like Safari with Screentime enabled on iOS/macOS). This lets one use Diversion as the network wide primary DNS and Guiderails as the auxiliary DNS for little kids studying online. Everything is built on top of dnsmasq. The actual logic was a few minutes but getting everything with Merlin's (excellent) framework was all new stuff for me.

I've announced Guiderails on a separate thread here and the GitHub page is here. @HairyA00 , you can check it out if you want.

 

[Livin]

Guys... Diversion is blocking the Amazon Shopping Android App from working. Browser shopping on PC works fine. I've seen many posts here but is there an easy way to whitelist these? Seems like there should be a built-in option for Diversion to not break one of the most popular sites on the Internet?

thx