Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AB-Solution - The Ad Blocking Solution (v3.11)

Discussion in 'Asuswrt-Merlin' started by thelonelycoder, Feb 15, 2017.

  1. iManuB

    iManuB Regular Contributor

    Joined:
    Apr 24, 2017
    Messages:
    59
    Thanks, thelonelycoder. I'm sorry. :)

    Now I'm quieter!
     
  2. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    24,886
    Location:
    Canada
    And things may still change, even tho I'm nearing the end of the alpha stage. Broadcom/Asus have caused me a few headaches because Broadcom now uses /opt to store some scripts in the flash, so /opt is no longer a symlink to /tmp/opt, but an actual folder (with a bunch of symlinks inside it pointing to the various /tmp/var/* folders). I had to add a bunch of them to fix Entware. I'm not totally dismissing yet the idea of just scrapping Broadcom's /opt/scripts folder, and reverting to a more natural /opt setup.

    So I'd say don't invest too much time implementing solutions yet (exploratory work however is fine).

    BTW, I also considered moving HND to Entware-NG-3x, which is more up-to-date and more optimized for newer kernels. Unfortunately, its maintainer decided on a few things that are deal-breakers for me, especially as it forces the installation of Busybox AND makes /opt/bin have priority over /bin, overriding any of the Asuswrt-Merlin own applet. This means any changes Asus and Broadcom made to busybox are then lost, potentially breaking some of the router's core functionalities. The maintainer didn't seem open into changing this, so I stuck with Entware-NG, and focused on getting it to work on HND.
     
    Alfsu, thelonelycoder and skeal like this.
  3. jimf

    jimf Occasional Visitor

    Joined:
    Nov 17, 2013
    Messages:
    27
    A little off the topic. I'm trying to stream programs from NBC and it's complaining about adblocking. I tailed the logfile and updated the whitelist for domains shown as going to pixelserv. The website still complains. Tailing the logfile again showed different (or slightly different) domains. So it would appear this is a dynamic situation to say the least. Has anyone sucessfully whitelisted nbc.com so shows play? Turning off absolution completely fixes it but I'd rather do a whitelist.

    Alternatively, is there a way to selectively exclude LAN IPs from participating in absolution?
     
  4. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
  5. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
    And this is the reason why these brave early testers cannot install pixelserv-tls.
    HND?
    That seems to make things much more complicated for the average Asuswrt-Merlin user, from https://github.com/Entware-for-kernel-3x/Entware-ng-3x:
     
  6. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
    Since Entware cannot be installed through AB-Solution in the new Asuswrt-Merlin 382.xx (currently only runs on the new RT-AC86U), I have removed the support in the addon pixelserv-tls.add.
    The standard AB-Solution installation is still possible, only the automated install of Entware and pixelserv-tls is disabled.

    In return and for those testing @kvic's latest pixelserv-tls KL-test1 version, the -O option has been added to the available switches in the ps menu.
    There is no version change, enter 12 into the AB-Solution UI to re-download all addons.
     
    kvic, Alfsu and .TT. like this.
  7. .TT.

    .TT. Regular Contributor

    Joined:
    Jul 18, 2016
    Messages:
    72
    AB is up and running on my ac86u.
    Thanks for all the help!! =)
     
  8. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
    I wish I could do more but without a device to tinker I'll leave it at that.
    A standard AB installation (without pixelserv-tls) is far better than no ad-blocking at all.
     
  9. eclp

    eclp Regular Contributor

    Joined:
    May 15, 2016
    Messages:
    143
    I have another question about possible duplicate entries in the syslog. The following is an excerpt after the router restart via AB-Solution entries. Is this behavior normal?

    Code:
    Oct 12 02:38:07 87u: AB-Solution added entries via ab_dnsmasq_postconf.sh
    Oct 12 02:38:08 87u: AB-Solution linked ab_dnsmasq_postconf.sh via /jffs/scripts/dnsmasq.postconf
    Oct 12 02:38:08 87u: AB-Solution created br0:pixelserv 192.168.1.2 via /jffs/scripts/wan-start
    Oct 12 02:38:08 87u: dnscrypt-proxy started for boot services
    Oct 12 02:38:09 87u: AB-Solution added entries via /jffs/scripts/post-mount
    Oct 12 02:38:09 87u: AB-Solution started rc.unslung via /jffs/scripts/services-start
    Oct 12 02:38:09 87u: AB-Solution added entries via ab_dnsmasq_postconf.sh
    Oct 12 02:38:09 87u: AB-Solution linked ab_dnsmasq_postconf.sh via /jffs/scripts/dnsmasq.postconf
    Oct 12 02:38:12 87u: Started ntpd from /jffs/scripts/services-start.
    Oct 12 02:38:13 87u: Started pixelserv-tls (AB-Solution) from /jffs/scripts/services-start.
    Oct 12 02:38:14 87u: Adaptive QOS: Modification Script Started
    Oct 12 02:38:18 kernel: gro disabled
    Oct 12 02:38:18 kernel: gro enabled with interval 2
    Oct 12 02:38:21 87u: AB-Solution added entries via ab_dnsmasq_postconf.sh
    Oct 12 02:38:21 87u: AB-Solution linked ab_dnsmasq_postconf.sh via /jffs/scripts/dnsmasq.postconf
    Oct 12 02:40:05 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
    Oct 12 02:40:07 87u: Start dnscrypt-proxy for normal operations
    Oct 12 02:40:08 kernel: sizeof forward param = 160
    Oct 12 02:40:21 87u: Adaptive QOS: No change required for Unidentified Traffic Container or Custom Rules
    Oct 12 02:40:22 87u: Adaptive QOS: Changing minimum alloted bandwidth per QOS category to user defined percentages
    Oct 12 05:20:05 87u: AB-Solution counted ads and rotated log files (daily cron job)
    Oct 12 05:20:05 87u: AB-Solution blocked 100,860 total 11,400 week 8,100 new ads
    
     
  10. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
    The two entries at 5:20 is the rotate-logs.add addon doing its scheduled daily job.

    The 2:38 entries were probably triggered by QOS or dnscrypt restarting dnsmasq, possibly twice.
    Restarting dnsmasq runs /jffs/scripts/dnsmasq.postconf and with it the linked file for AB.
    From my (AB-Solutions) point this is all normal and has nothing directly to do with what AB does.
     
  11. eclp

    eclp Regular Contributor

    Joined:
    May 15, 2016
    Messages:
    143
    Thank you for your enlightening answer, a quick and great support here! :)
     
  12. 2992

    2992 Regular Contributor

    Joined:
    Oct 13, 2017
    Messages:
    61
    Can AB-Solution be configured to run on the TUN interface (as well)?
    I need it mostly for to block the ads over the OpenVPN connection.
    Best would be to run on all interfaces and block the ads/trackers on every each internet connection.
    Thank you!
     
  13. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,043
    Location:
    Chiang Mai, Thailand
    OpenVPN Client or Server?

    There are some settings on the client side that can cause ABS not to work over the VPN tunnel.

    Are you using Policy Rules, All Traffic, None? What is your setting for Accept DNS Configuration?
     
    Last edited: Oct 13, 2017
  14. 2992

    2992 Regular Contributor

    Joined:
    Oct 13, 2017
    Messages:
    61
    OpenVPN Client.
    I am now considering switching from Tomato to XWRT (I have a R7000), but before doing it, I need to understand what's possible with ABS and what's not.
    Now, Tomato can do adblocking, but not over the TUN VPN client, therefore, I need to understand whether ABS can block the ads over the TUN interface. (The plan is to have some IP clients routed to connect using the VPN TUN client, and some other not over TUN but directly to WAN/internet)
    I am open to receive configuration recommendation for the VPN client for to make ABS working over TUN - as long as the TUN can stay up and route the traffic and get no DNS leak from ABS or something else..
     
  15. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,043
    Location:
    Chiang Mai, Thailand
    You don't need to specify interface to get ABS working over the vpn. The second link will have the settings needed to make ABS work over VPN tunnel.

    https://www.snbforums.com/threads/t...for-asus-merlin-380-65-380-65_2-part-i.38281/

    https://www.snbforums.com/threads/t...or-asus-merlin-380-65-380-65_2-part-ii.38282/

    https://www.snbforums.com/threads/t...r-asus-merlin-380-65-380-65_2-part-iii.38283/

    I have since found some other settings when combined using scripts to perform selective routing that allows some mods to these settings. See if the suggestions help and let me know.
     
  16. 2992

    2992 Regular Contributor

    Joined:
    Oct 13, 2017
    Messages:
    61
    Thank you, that looks promising!
    But, isn't the Accept DNS Configuration set to "Strict" going to be a risk for DNS Leak? I've been reading about that here:
    http://www.linksysinfo.org/index.php?threads/using-adblock-script-vpn-client-tunneling.72110/
     
  17. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,533
    Location:
    Switzerland
    Should I add this to the AB-Solution FAQ?
     
  18. 2992

    2992 Regular Contributor

    Joined:
    Oct 13, 2017
    Messages:
    61
    I, as a regular user (noob), would say: definitely yes! It's a great guide!
     
    heysoundude and Makaveli like this.
  19. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,043
    Location:
    Chiang Mai, Thailand
    Yes, the DNS will leak. I need to add that caveat to the guide on the next update. from the research I did, DNS leak with policy rules appears to be a common issue not only with Asuswrt-Merlin, but with other firmware as well. We had a discussion about this recently as to why this occurs. The relevant links are below.


    I recently experimented with using ipset, fwmarks and iptables to perform selective routing rather than using the web GUI menu to do it. I find I can then set Accept DNS Configuration to exclusive and have ABS work over the VPN tunnel. But DNS can still leak!

    I then found a hack. If I change from Policy Rules to No Traffic, my script will still route traffic to the tunnel and the DNS will not leak. However, being able to route traffic to the vpn client when No Traffic setting is turned on has not worked 100% of the time. I think it is a combination of settings and the number of clients in use.

    How many vpn clients are you running?
     
    Last edited: Oct 13, 2017
  20. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    1,043
    Location:
    Chiang Mai, Thailand
    Probably a good idea as I have seen the question/issue come up several times recently.
     

Share This Page