What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

The command line description is the intended behavior and sounds more reasonable. So I changed the code. Shall be available in version Ki patch level 1. :)

@thelonelycoder Thanks for letting me know!
 
Hi all,

I used an older version of pixelserv on Tomato Firmware 1.28.0000 MIPSR2-138 K26 USB AIO-64K installation with Asus RT-N66U.

However, I could not bring pixelserv-tls to work. It is executable, it runs as process (indeed there are 3 of it running) but if get a connection error from the browser. In german it says "Fehler: Verbindung fehlgeschlagen".

If I try the browser with http://192.168.1.254 as pixelserv IP, same problem.
So https / tls is not even been tested since port 80 already fails to answer.

Can you give some information or help?
Thanks in advance,
Mark
 
And by the way, I got the binary from this file: pixelserv-tls-v35.HZ15.Ki-arm-mips-binaries since I am not able to compile by myself.

There are also no generated certs in the cache directory.
 
Last edited:
@SeaDweller Try to get simple HTTP to work first. Use "netstat -na | grep 192.168.1.254" to check if pixelserv is indeed listening on port 80 and 443. If not..did you start pixelserv with providing the IP address as command line option? Try that if you haven't..
 
Thank you for your replies.

@mstombs:
Of course we generated the cert, however we did this on another machine than the asus router since the asus built in command does NOT allow this "openssl genrsa -out ca.key 1024". Hence, we run the openssl command on a synology device and copied the corresponding two files (ca.key, ca.crt) to the cache path of the router.

The error message comes from the browsers language.

@kvic:
Pixelserv-tls is started with ./pixelserv-tls 192.168.1.254 -l. The binarys location is /opt/bin.
The syslog reports only start but nothing else.

Feb 1 11:16:42 ROUTER daemon.info pixelserv[5165]: ./pixelserv-tls version: v35.HZ12.Ki compiled: Sep 15 2016 23:03:02 options: 192.168.1.254 -l

The netstat command does NOT report anything with the relevant IP address. The ps command reports the following:

5165 root 1424 S ./pixelserv-tls 192.168.1.254 -l
5166 root 1424 S ./pixelserv-tls 192.168.1.254 -l
5167 root 1424 S ./pixelserv-tls 192.168.1.254 -l
 
Okay, one more update. We reinstalled opkg install pixelserv-tls. The size of the executable changed and the syslog now reports two more lines:

Feb 1 11:30:08 ROUTER daemon.info pixelserv[5238]: ./pixelserv-tls version: v35.HZ12.Ki compiled: Dec 25 2016 19:29:43 options: 192.168.1.254 -l
Feb 1 11:30:08 ROUTER daemon.notice pixelserv[5238]: Listening on :192.168.1.254:80
Feb 1 11:30:08 ROUTER daemon.notice pixelserv[5238]: Listening on :192.168.1.254:443


Open brwoser results in:
http://192.168.1.254/test.jpg --> good
https://192.168.1.254/test.jpg --> no connection

Netstat reports as follows:
netstat -na | grep 192.168.1.254
tcp 0 0 192.168.1.254:80 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.254:443 0.0.0.0:* LISTEN

So we are at least half way down the pipe.
 
Firefox reports one of these errors now, if I try some https connections, we get:

SEC_ERROR_UNKNOWN_ISSUER (on real websites which are blocked)

However, the /opt/var/cache/pixelserv directory gets populated now. Or own tow files have the following sizes:

ca.crt 749 bytes
ca.key 887 bytes
 
And problem finally solved. We had to import the ca.crt into our firefox browsers.

Thank you for your help!
This all looks so complicated when you have to get it to work by hand.
Kudos to you. Tomato has it's pro and contra points, as has asuswrt-merlin.
 
Indeed, it could be easier. I also tried Ab-Solution yesterday. It did not even install but aborted with some kind of messages saying router needs reboot and after reboot same thing again and again.
Investigation turned out that the AB-Solution only works with merlin or similar builds. It queries the nvram and if some parameters are not as expected, installation will fail.
So, even if you are quite familar with your routers operating system, you might end up in troubles.

The downside of the current solution with adblock.sh script and pixelserv-tls is clearly the certificates. On one hand you have a solution that is running on the router. Once you set up this, all devices immediately get rid of ads and malware and the router dosn't require much maintenance.

BUT: With the introduction of https / tls support, it really gets more complicated since you also have to keep eye on the different platforms and quite different procedures to import certificates.

Imagine you have one or two windows workstations, one iPhone plus one Android device. Just to maintain the certificate import you easily spend some hours on that if you haven't done this before. If you change a device or only install a new browser, you need to do this again.

Having done troubleshooting now for about one day I would say: It was good having made this experience but I am not sure if I would do it again.
 
Indeed, it could be easier. I also tried Ab-Solution yesterday. It did not even install but aborted with some kind of messages saying router needs reboot and after reboot same thing again and again.
Investigation turned out that the AB-Solution only works with merlin or similar builds. It queries the nvram and if some parameters are not as expected, installation will fail.
So, even if you are quite familar with your routers operating system, you might end up in troubles.

The downside of the current solution with adblock.sh script and pixelserv-tls is clearly the certificates. On one hand you have a solution that is running on the router. Once you set up this, all devices immediately get rid of ads and malware and the router dosn't require much maintenance.

BUT: With the introduction of https / tls support, it really gets more complicated since you also have to keep eye on the different platforms and quite different procedures to import certificates.

Imagine you have one or two windows workstations, one iPhone plus one Android device. Just to maintain the certificate import you easily spend some hours on that if you haven't done this before. If you change a device or only install a new browser, you need to do this again.

Having done troubleshooting now for about one day I would say: It was good having made this experience but I am not sure if I would do it again.
Funny you tried to install AB on a non merlin fw router.
I built it specific for that environment and secretly am happy it failed on yours.
One of the next versions may be much more portable than now.
I just have not had the time to do it.

And, on none of my devices have I ever had the need to install the certificate to make it work.
Your setup may be different then.
 
Indeed, it could be easier. I also tried Ab-Solution yesterday. It did not even install but aborted with some kind of messages saying router needs reboot and after reboot same thing again and again.

The downside of the current solution with adblock.sh script and pixelserv-tls is clearly the certificates. On one hand you have a solution that is running on the router. Once you set up this, all devices immediately get rid of ads and malware and the router dosn't require much maintenance.

you could try ublockr think that one can play nice with tomato
 
Funny you tried to install AB on a non merlin fw router.
I built it specific for that environment and secretly am happy it failed on yours.
One of the next versions may be much more portable than now.
I just have not had the time to do it.

And, on none of my devices have I ever had the need to install the certificate to make it work.
Your setup may be different then.

To be honest: We saw the intruction text, whereas your solutions is for Merlin builds. Since we were not aware of the differences, we gave it a try.
But: You could probably check the platform first when starting the installer. Our result was warning messages which did not bring us to the point. Instead it said reboot required. So we tried first to reboot and got the same messages over and over again.

And to certificates: Our solution works without, but depending on the websites you see certificate warnings all over the place if https is the case.

If you have these warnings enbedded with h1 or h2 tags, the apperance of the whole site might then be crap. Youtube.com is an example for this situation.
 
well all you have to do is figure out paths for dnsmasq config files and then set ip of pixelserv in config not sure if tomato uses br0 or br-lan like openwrt. So far its working on padavan firmware and openwrt along with asuswrt, and ive been meaning to make it work for tomato too then i have all major firmware covered :)
 
We might check that as well. However, installing the root certificates on different devices might still be the issue in terms of time and handish support it needs.

Without dealing with certificates, pixelserv-tls will work just like the older pixelserv. SSL connections will fail gracefully. I checked and didn't see certificate errors in Chrome and Safari.

Some browser builds might have tighter defaults to warn more things..
 
It's me again. After testing a while it turned out that the pixelserv-tls throws error messages if the process is started from the routers scripts page (WAN-UP) or schedule page within tomato.
The error reads:

Sending HTTP 501 response for unknown HTTP method or non-SSL, non-HTTP request:

The end of the log messages is ^V^C or ^V^C^C or ^V^C^A or similar.

If I ssh into the router and stop / start my adblocking, everything is ok (i.E. ./adblock.sh stop plus ./adblock.sh )
If I reboot the router, pixelserv-tls is running (under root privilege) but only throwing above mentionned errors.

There are also no certificates generated when I see the 501 errors. I have serious doubt that this is a clients problem.
The ps command for pixelserv shows the following:

/tmp/mnt/optware/bin/pixelserv-tls 192.168.1.254 -u root -z /tmp/mnt/optware/var/cache/pixelserv
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top