Menu
What's new
By:
Filters Better Search

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Would this be a symptom that I need to purge regen my certs? : www.icloud.com times out, i've disabled Diversion, Skynet, started in firefox safe mode, cleared cache. Certificate is 2048 generated by pixelserv 2.3.0. If I switch to a VPN connection it loads fine.
 
Last edited:
Centrifuge said:
Would this be a symptom that I need to purge regen my certs? : www.icloud.com times out, i've disabled Diversion, Skynet, started in firefox safe mode, cleared cache. Certificate is 2048 generated by pixelserv 2.3.0. If I switch to a VPN connection it loads fine.
Click to expand...
Doesn't seem like it. Once you've disabled Diversion pixelserv is out of the picture and the certs don't matter. If skynet is stopped that is the other thing that could block the ip. Sounds more like a stubby/DNS problem
 
EmeraldDeer said:
I used /opt/etc/init.d/S80pixelserv-tls to stop and start.
I did some extra steps before starting pixelserv-tls, however it only makes sense to do these steps after you upgrade to diversion 4.1.8.
Backup your current key and cert from entware/var/cache/pixelserv (Pixelserv cache directory)
Delete all of the old certs created by the old key and cert in your Pixelserv cache directory.
Delete the old key and cert in your Pixelserv cache directory.
Run Asad Ali's instructions to generate an Apple-compliant key and certificate. I ran this from a directory on my external drive and copied the results to the Pixelserv cache directory.
Code: 
cat /etc/openssl.cnf > /jffs/openssl.cnf
sed -i "/\[ v3_ca \]/aextendedKeyUsage = serverAuth" /jffs/openssl.cnf
openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA" -config /jffs/openssl.cnf
rm /jffs/openssl.cnf
The following from Kvic makes it easy to use the pixelserv-tls key and cert for the router GUI https
Code: 
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
Install ca.crt in Windows and iOS devices.
Click to expand...
What does this add over using Diversion to purge/regenerate and amtm to fire off the helper script?
 
Centrifuge said:
Would this be a symptom that I need to purge regen my certs? : www.icloud.com times out, i've disabled Diversion, Skynet, started in firefox safe mode, cleared cache. Certificate is 2048 generated by pixelserv 2.3.0. If I switch to a VPN connection it loads fine.
Click to expand...

FWIW, this is exactly the scenario that I have found myself in....(and actually just posted in it's own thread!). Are you able to access System Update?

There is something that is gumming up access to Apple domains and I have yet to track down what.....like you, VPN connection clears the issue, but back to DoT/Div/Skynet standard System Update times out.....a minor thing really, the scripts are awesome and I'd much rather have them operational than not.
 
elorimer said:
What does this add over using Diversion to purge/regenerate and amtm to fire off the helper script?
Click to expand...
Probably nothing when an Entware pixelserv-tls 2.3.1 comes out. I moved 2.3.1 in manually. I would not know whether Diversion would handle everything gracefully under the circumstances.
 
SuperDuke said:
FWIW, this is exactly the scenario that I have found myself in....(and actually just posted in it's own thread!). Are you able to access System Update?

There is something that is gumming up access to Apple domains and I have yet to track down what.....like you, VPN connection clears the issue, but back to DoT/Div/Skynet standard System Update times out.....a minor thing really, the scripts are awesome and I'd much rather have them operational than not.
Click to expand...

For pages timing out.

On the Wan - Internet connection tab set it to this below and try them again.

DNS-over-TLS Profile Strict Opportunistic

It was timing out or very slow for me until I set that on www.icloud.com
 
Last edited:
EmeraldDeer said:
Probably nothing when an Entware pixelserv-tls 2.3.1 comes out. I moved 2.3.1 in manually. I would not know whether Diversion would handle everything gracefully under the circumstances.
Click to expand...
I'm sure it would, and it does.
 
nixballs said:
Thanks @jrmwvu04 - that makes perfect sense now. The kids iPhones are hitting snapchat and instagram like there's no tomorrow, so that would explain what you mentioned above.

I use R7000 with WiFi disabled and Unifi NanoHD and it does the job for now, however I might need to upgrade to some of the newer ASUS models soon.
Click to expand...

My pixelserv-tls was getting hammered with slu's - [tens of thousands over a few days] - which also seemed to push up RAM consumption. Somewhere in the thousands of posts in either the Diversion thread or this one - I came across a lifesaver [for me anyway].

In essence I used switch -l2 on pixelserv-tls to identify the incessant slu's - added those domains to my Diversion whitelist - while at the same time adding them to a "hosts.add" file [pointing each to 0.0.0.0] which I dropped in to the JFFS/configs folder and set permission properties to 666. Restart pixelserv-tls or better yet - reboot the router after changes done.

For e.g. hosts.add file format ...
Code: 
0.0.0.0    ade.googlesyndication.com
0.0.0.0    ads.api.vungle.com
0.0.0.0    adservice.google.com
0.0.0.0    analytics.localytics.com
0.0.0.0    api.mixpanel.com
0.0.0.0    api.segment.io
etc ...

I only bothered with the heavy hitters [39 of them] - but after that my slu's hit list dropped significantly and RAM no longer got chewed up unnecessarily.

BTW - I use MobaXterm for SSH and SFTP access to the router - has built in editor and many more useful features :D.
 
kernol said:
In essence I used switch -l2 on pixelserv-tls to identify the incessant slu's - added those domains to my Diversion whitelist - while at the same time adding them to a "hosts.add" file [pointing each to 0.0.0.0] which I dropped in to the JFFS/configs folder and set permission properties to 666. Restart pixelserv-tls or better yet - reboot the router after changes done.
Click to expand...
Important to restart dnsmasq to update the hosts file with your updates.
 
SuperDuke said:
FWIW, this is exactly the scenario that I have found myself in....(and actually just posted in it's own thread!). Are you able to access System Update?

There is something that is gumming up access to Apple domains and I have yet to track down what.....like you, VPN connection clears the issue, but back to DoT/Div/Skynet standard System Update times out.....a minor thing really, the scripts are awesome and I'd much rather have them operational than not.
Click to expand...
Do you have any time discrepancy between the router and iPad?
 
SuperDuke said:
Are you able to access System Update?
Click to expand...
Yes, apple.com, the store, it's just www.icloud.com. Setting DoT profile to opportunistic made no difference @Makaveli . I started looking at the NTP setup and it says "Reminder: The System time zone is different from your locale setting." I'm getting out of my depth here.

Code: 
PING www.icloud.com (104.87.146.10): 56 data bytes

--- www.icloud.com ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
Code: 
; <<>> DiG 9.10.6 <<>> www.icloud.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52592
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.icloud.com.            IN    A

;; ANSWER SECTION:
www.icloud.com.        1143    IN    CNAME    www-cdn.icloud.com.akadns.net.
www-cdn.icloud.com.akadns.net. 106 IN    CNAME    www.icloud.com.edgekey.net.
www.icloud.com.edgekey.net. 4742 IN    CNAME    e4478.a.akamaiedge.net.
e4478.a.akamaiedge.net.    12    IN    A    104.87.146.10

;; Query time: 310 msec
;; SERVER: 192.168.50.1#53(192.168.50.1)
;; WHEN: Sat Dec 28 12:27:32 HST 2019
;; MSG SIZE  rcvd: 269

edit: As @dave14305 suggested in another thread it may be a cloudflare blocking issue, so I switched back to Quad 9 in DoT and that solved it..
 
Last edited:
Centrifuge said:
Yes, apple.com, the store, it's just www.icloud.com. Setting DoT profile to opportunistic made no difference @Makaveli . I started looking at the NTP setup and it says "Reminder: The System time zone is different from your locale setting." I'm getting out of my depth here.

Code: 
PING www.icloud.com (104.87.146.10): 56 data bytes

--- www.icloud.com ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
Code: 
; <<>> DiG 9.10.6 <<>> www.icloud.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52592
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;www.icloud.com.            IN    A

;; ANSWER SECTION:
www.icloud.com.        1143    IN    CNAME    www-cdn.icloud.com.akadns.net.
www-cdn.icloud.com.akadns.net. 106 IN    CNAME    www.icloud.com.edgekey.net.
www.icloud.com.edgekey.net. 4742 IN    CNAME    e4478.a.akamaiedge.net.
e4478.a.akamaiedge.net.    12    IN    A    104.87.146.10

;; Query time: 310 msec
;; SERVER: 192.168.50.1#53(192.168.50.1)
;; WHEN: Sat Dec 28 12:27:32 HST 2019
;; MSG SIZE  rcvd: 269

edit: As @dave14305 suggested in another thread it may be a cloudflare blocking issue, so I switched back to Quad 9 in DoT and that solved it..
Click to expand...


Cloudflare is the fastest dns server by far where I am. Unusable though, as you report, some sites seem to break when using it.
Cleanbrowsing-security does the job.:)
 
kernol said:
Will you have link installed in amtm by @thelonelycoder so we can upgrade effortlessly :D?
Click to expand...
Can I suggest not, and that actually it goes the other way? 2.3.1 will be available in the normal pipeline shortly and Diversion/amtm will make it available. When that happens 2.3.0 can be deleted from amtm. It served its glorious, finger-in-the-dike, purpose.

Also the instructions to install 2.3.1 manually are in this thread four or five times. Download, rename, replace /opt/sbin/pixelserv-tls
 
You must log in or register to reply here.

Similar threads

MegaMango
dnsmasq-surrogate for RT-BE88U: Ad Blocking & Security Enhancement
Replies
2
Views
570
MegaMango
MegaMango
L
pixelserv SOLVED - Is PixelServ WebGui script trustworthy at the moment? Redirects to strange website...
Replies
10
Views
4K
gspannu
gspannu
thelonelycoder
Diversion Need help with selecting new set of filter lists / block lists for Diversion 5.0
2
Replies
21
Views
4K
thelonelycoder
thelonelycoder
blacksheep
pixelserv Does "How to best run Pixelserv tls on asuswrt" still apply?
Replies
3
Views
3K
elorimer
E
garycnew
Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD
Replies
13
Views
3K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
C Diversion Pixelserv replacement Asuswrt-Merlin AddOns 2
L Is Diversion better than NextDNS, PiHole or AdGuard Home? Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 883 (members: 16, guests: 867)
Top