Just out of curiosity...would https connection requests on clients without the Pixelserv CA certificate installed be registered under the "# of dropped HTTPS requests (client disconnect without sending any request)" category?
We cannot rule out there are genuine clients behaving like that. For example, during rapid browsing, you switch to a new page (or close the page) while the previous page is still being loaded.
Given that said, you're right that a majority of counts, if not all, registered under slc shall belong to clients without Pixelserv CA cert imported.
Note that such counts for HTTPS are also registered under cls. But such counts for HTTP only register in cls not slc.
slh 1205 # of accepted HTTPS requests
slm 122 # of rejected HTTPS requests (missing certificate)
sle 0 # of rejected HTTPS requests (certificate available but bad)
slc 565 # of dropped HTTPS requests (client disconnect without sending any request)
slu 690 # of dropped HTTPS requests (unknown error)
sct 69 ssl cache: # of cached cert
sch 1777 ssl cache: # of cache hit
scm 191 ssl cache: # of cache miss
scp 0 ssl cache: # of purge to free up slots
Thanks. Note that in both @Makaveli and your cases, near 90% (slc/req) of ad requests are HTTPS. But seems both of you don't have the CA cert imported in your main browsing devices (like desktop or phone). That's perfectly fine.
Though with the CA cert imported, you might notice a smoother browsing experience, especially on desktop with ad heavy sites such as CNN, Foxnews and Daily Mail..
Perhaps consider spending sometime over the weekend to go through this guide Import ca.crt into clients.
It is easy to forget how far the responsiveness has come, let alone the utility. Was not so long ago that it was quite different, with response times in the 100s of ms.In chronological order of additions into pixelserv-tls, we have
- cache certificates on disk (~2.5 yrs ago; initial version)
- cache connections as persistent connections (~3 mths ago; v2.0)
- cache certs and TLS sessions in the latest ssl cache
If you don’t import certs, you’re forfeiting a lot of the benefits of pixelserv-tls. Also those warning notifications will get tedious not only for yourself, but also for any less tech savvy users who may be on your WiFi. Trust me. It is a bit of a pain, but the payoff is worth it.Great to know, thanks. Installing the ps certs on all the fam's devices is still a work in progress
Not that I mind, but it seems as though you might be in the wrong spot.AB-Solution 3.11.2 is now available
These updates are all because of upcoming pixelserv-tls changes.Not that I mind, but it seems as though you might be in the wrong spot.
No problem. I appreciate your thorough testing and reporting here. And your keen eye!Edit: perhaps not. carry on, friend.
I pieced it together after I saw the post was already in the AB thread. While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?These updates are all because of upcoming pixelserv-tls changes.
My post targets the audience with AB installed and are likely to browse this thread.
To obscure the ps stats for others. It was requested by a semi-commercial user of pixelserv-tls for his installation.While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?
I pieced it together after I saw the post was already in the AB thread. While you're here, what is the apparent use case for the new -A switch? Options are good, of course, but why would this need to be changed?
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"
New beta version Km-test.4 aka v2.1.0-test.4
Thanks again for all the testing on the prior versions.
This version includes a few new features, notably prefetch ssl cache from disk and save part of ssl cache to disk on exit. All automatic. Once users are familiar with it, can customise the list for prefetch as initial condition.
And added a disk benchmark option '-B'. Pls reead the details on my blog for a demo. Also new is log LEVEL 3 to see what's prefetch into and possibly purged from ssl cache.
For details in this test version and the upcoming v2.1.0 release, pls read the latest on kazoo.ga/pixelserv-tls.
Entware (ARMv7, mipsel, ARMv8) users can use the one liner below as usual or otherwise to install.
Will appreciate any feedback.Code:sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"
Makes sense. I never thought about it that way.With '-A', users can apply firewall rules on what IPs and etc are allowed to access "/log" and "/servstats" and future commands that I might dream up.
Away we go...New beta version Km-test.4 aka v2.1.0-test.4
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!