Jack Yaz
Part of the Furniture
Merlin also included 1.1.1 in the firmware for some applications as well
pixelserv pixelserv - A Better One-pixel Webserver for Adblock
- Thread starter kvic
- Start date
Jack Yaz
Part of the Furniture
Which router? Fancy testing an updated version?
DonnyJohnny
Very Senior Member
Jack Yaz
Part of the Furniture
I've just uploaded the ipks here: https://github.com/jackyaz/pixelserv-tls/releases/tag/2.3.0
Download the ipk, then place on your router using WinSCP or similar. Next run opkg install, e.g.
Code:
opkg install /jffs/pixelserv-tls_2.3.0-1_aarch64-3.10.ipkDonnyJohnny
Very Senior Member
i purged cert,
do we need to regen ca cert using below?
https://www.snbforums.com/threads/p...server-for-adblock.26114/page-151#post-512669
and reload ca.crt in ios 13?
Jack Yaz
Part of the Furniture
Best to, yes
DonnyJohnny
Very Senior Member
If i am not using ca crt for router web server,
I can ignore this?
https://www.snbforums.com/threads/p...server-for-adblock.26114/page-151#post-512762
can just use this?
Code:
cd /opt/var/cache/pixelserv
openssl genrsa -out ca.key 2048
openssl req -key ca.key -new -x509 -days 720 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"Edit:
Yeah... thanks... No more (other TLS handshake errors) from my IOS 13.1 beta
Last edited:
XIII
Very Senior Member
RT-AC86U.
I just noticed I have problems on cellular as well. Looks like iCab Mobile is not ready for iOS 13 yet.
I still plan to test your version of pixelserv though.
Makaveli
Very Senior Member
what router models does your version support?
Jack Yaz
Part of the Furniture
Butterfly Bones
Very Senior Member
I dl'ed and installed the ipk (aarch64 - AC86U) with no issues, generated new crt and key as DonnyJohnny shows above, and imported it into my iPhone (replaced old Pixelserv CA cert), iPad (running iPadOS 13.1 beta) and MacBook Air.
I added the new Pixelserv CA cert to my AC86U using the script from @kvic in this post #1352, and all seems well. I see no errors in the iPad with iOS 13.1 beta or the iPhone on 12.4.1 or MacBook Air (stable Catalina).
I just cannot get Safari to show my router webgui as trusted in any of those three devices. I had my main computer (Ubuntu Linux with Chrome) showing the padlock. I was gone for six weeks and the Ubuntu is still in the box as I unpack into the renovated apartment, and the Mac OSX is new and different enough though it is based on Linux, I still have a learning steep-ish curve.
I've been searching and scanning all the early pages of this thread when we were all installing, configuring and testing the many releases that kvic was actively making at that time. I just cannot find how to get Safari to trust my AC86U. I'm cross-eyed and half blind at this point. Anyone know what I'm missing here (aside from arthritic grey matter
)
Protik
Senior Member
I installed Jack's ipk and created new certs. Now I'm getting the following error,
I used the static binary provided by Kvic before as Entware didn't provide libopenssl 1.1.1 before. As of now Entware still provides 1.0.2p-1 . If I install that, will that be good enough?
Code:
Starting pixelserv-tls (Diversion)... failed
pixelserv-tls: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directoryI used the static binary provided by Kvic before as Entware didn't provide libopenssl 1.1.1 before. As of now Entware still provides 1.0.2p-1 . If I install that, will that be good enough?
Jack Yaz
Part of the Furniture
You should probably run
Code:
opkg update
opkg upgradeDonnyJohnny
Very Senior Member
I dl'ed and installed the ipk (aarch64 - AC86U) with no issues, generated new crt and key as DonnyJohnny shows above, and imported it into my iPhone (replaced old Pixelserv CA cert), iPad (running iPadOS 13.1 beta) and MacBook Air.
I added the new Pixelserv CA cert to my AC86U using the script from @kvic in this post #1352, and all seems well. I see no errors in the iPad with iOS 13.1 beta or the iPhone on 12.4.1 or MacBook Air (stable Catalina).
I just cannot get Safari to show my router webgui as trusted in any of those three devices. I had my main computer (Ubuntu Linux with Chrome) showing the padlock. I was gone for six weeks and the Ubuntu is still in the box as I unpack into the renovated apartment, and the Mac OSX is new and different enough though it is based on Linux, I still have a learning steep-ish curve.
I've been searching and scanning all the early pages of this thread when we were all installing, configuring and testing the many releases that kvic was actively making at that time. I just cannot find how to get Safari to trust my AC86U. I'm cross-eyed and half blind at this point. Anyone know what I'm missing here (aside from arthritic grey matter
in IOS, u done the Certificate Trust setting?
https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate
Try to also delete the old cert. then do a browser Clear Cache.
Also do a purge cert in pixelserv and do a restart of pixelserv
DonnyJohnny
Very Senior Member
I dl'ed and installed the ipk (aarch64 - AC86U) with no issues, generated new crt and key as DonnyJohnny shows above, and imported it into my iPhone (replaced old Pixelserv CA cert), iPad (running iPadOS 13.1 beta) and MacBook Air.
I added the new Pixelserv CA cert to my AC86U using the script from @kvic in this post #1352, and all seems well. I see no errors in the iPad with iOS 13.1 beta or the iPhone on 12.4.1 or MacBook Air (stable Catalina).
I just cannot get Safari to show my router webgui as trusted in any of those three devices. I had my main computer (Ubuntu Linux with Chrome) showing the padlock. I was gone for six weeks and the Ubuntu is still in the box as I unpack into the renovated apartment, and the Mac OSX is new and different enough though it is based on Linux, I still have a learning steep-ish curve.
I've been searching and scanning all the early pages of this thread when we were all installing, configuring and testing the many releases that kvic was actively making at that time. I just cannot find how to get Safari to trust my AC86U. I'm cross-eyed and half blind at this point. Anyone know what I'm missing here (aside from arthritic grey matter
Are u using pixelserv CA to access router GUI?
if so, your issue for router web server may be due to this
https://www.snbforums.com/threads/p...server-for-adblock.26114/page-151#post-512762
maybe need to wait for new firmware to come up. unless u are able to compile your own firmware
Butterfly Bones
Very Senior Member
Yes - used that instruction page to verify
Yes - before and after generating new cert All 3 devices
Yes - before the install of the new ink and again after the new ink was installed
edit - I'm still on 384.12 since I moved home. Since I'm only one version back and the router was offline while I was gone, I was in no hurry to move to .13 until I'm more settled.
I'll move that upgrade priority higher on my (long) to-do list.
Last edited:
heysoundude
Part of the Furniture
I’m sure @thelonelycoder is following along and testing, so he can update amtm...
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
Butterfly Bones
Very Senior Member
Yeah, I just realized this. (insert embarrassed emoji). I searched for that in Diversion since that is what utilizes PS. I just exited Diversion in my terminal and saw that in AMTM. My precise logic trips me often.
Installed the arm7 binary to my 87U, used diversion to purge the certificates and restart pixelserv (separate steps). Seems to be working fine.
I did NOT regenerate ca.crt and key so I didn't have to reimport those. Only one iOS device, in the hands of the the Spouse, who will not permit touching of the Device, so I don't know if she has upgraded to 13.
I did NOT regenerate ca.crt and key so I didn't have to reimport those. Only one iOS device, in the hands of the the Spouse, who will not permit touching of the Device, so I don't know if she has upgraded to 13.
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
| C | Diversion Pixelserv replacement | Asuswrt-Merlin AddOns | 2 | |
| L | Is Diversion better than NextDNS, PiHole or AdGuard Home? | Asuswrt-Merlin AddOns | 10 |
Similar threads
-
-
Is Diversion better than NextDNS, PiHole or AdGuard Home?
- Started by Logi
- Replies: 10