Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

AB-Solution - The Ad Blocking Solution (v3.9.1)

Discussion in 'Asuswrt-Merlin' started by thelonelycoder, Feb 15, 2017.

  1. Butterfly Bones

    Butterfly Bones Occasional Visitor

    Joined:
    Apr 10, 2017
    Messages:
    17
    I'm trying to understand the blocking. I use my VPN to watch bicycle racing in Europe since it is not available here in the US. Many of the nasty popups are blocked, but every so often I get one that I try to add to the blacklist. About 4 out of 5 state they are already there like this -
    But they still open a page and display the ad anyway.

    What don't I understand?

    AC68U 380.666_4 AB-Solutions 3.8.1 in Entware on a USB stick.
     
  2. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    That defaults to port 80, the http protocol.
    Use https://www.googleadservices.com to test it. Mine is a solid green padlock, with the pixelserv-tls certificate from the router.
     
    Last edited: May 31, 2017
  3. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    It would help if you post the url you watch the racing on.
     
  4. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    Without having an account there, I'm unable to help in this particular case.
    Some problems are expected with the brute force this ad-blocker works.
    Try whitelisting one of the 'frozen' domains. But if that's a common ad provider it may have a negative impact on other websites as well.
     
  5. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    The only solution is to add the certificate to your browser for that domain.
    Also, try reloading it, the first time you visit a https page, pixelserv-tls needs to create the certificate first. This is logged to the Syslog.
     
  6. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    541
    Yeah I watched the logs to see it had been created but still no joy, without pixelserv installed after a clean install of the router it can't see www.googleadservices.com at all and gives a DNS error, after that with pixelserv installed I get the above issue and seem to have no way to get to the site so I am not sure how I get the certificate for it?

    Bit stumped now :(
     
  7. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    You can't get to the site because it is blocked. Accept the certificate while the empty site loads, probably have to add it as an exception. This is browswer dependent.
     
    GoNz0 likes this.
  8. Butterfly Bones

    Butterfly Bones Occasional Visitor

    Joined:
    Apr 10, 2017
    Messages:
    17
    Of course. This is the gateway if you will, then they link to the sites who carry the streams. Some days there are none, like today.

    https://www.vipleague.se/sports/cycling.html

    Thank you for the great application!
     
  9. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    541
    Still stumped, I managed to export the certificate from the page and import it into trusted root and intermediate cert auth both local machine and user and still the same, what am I missing? :(

    *edit, seems I was missing the ca.crt, I imported that and my laptop at least is working.

    With Kaspersky scanning secure connections it spat out the original error until I turned off the bit that blocks SSL 2.0 connections and now it works!

    Outlook doesn't so I am giving up on kaspersky scanning secure connections, not like I use parental controls or safe money!


    Damn, still the same issue on my phone though. I tried importing the ca.crt and it didn't help?
     
    Last edited: May 31, 2017
  10. Irken Skoodge

    Irken Skoodge New Around Here

    Joined:
    Sep 7, 2015
    Messages:
    7
    I have the latest version with pixelserv and when I go to https://www.boston.com/ on my iPad or iPhone I get all ads blocked but on my pc and mac the ads are shown. Other ads are blocked on pc and mac but this site lets them in. Am I doing something wrong?
     
  11. apokrif

    apokrif Occasional Visitor

    Joined:
    Dec 15, 2016
    Messages:
    12
    It was 10.0.0.2...10.0.0.254.
    AFAIR, it didn’t suggest moving upper limit, but only lower one.
    If it did, I’d do it.
    I did move lower and pixelserv-tls got 10.0.0.2.
    Could you tell, how do I move it to 10.0.0.254 instead, please?

    I didn’t suggest to get an IP from DHCP. I suggest reserving it only, so it won’t be given to anything else.
     
    Last edited: Jun 1, 2017
  12. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    If the ads you see on that site are the only ones you see and no other ads are shown on other websites, then try hitting the reload button. This might be a caching issue.
    However, if you see ads on other sites on your Mac or PC then check the DNS Server settings on these devices. They MUST point to your router's IP address.
     
  13. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    I have to be brief with the explanatory text, there's only so much room without it getting cluttered.
    Use your imagination. If you were to lower the upper limit, then AB can suggest to use it. If not then it can't.
    In the ps menu, select '7. Reset pixelserv settings, change PS IP'. Then start the ps install again, only this time lower the upper DHCP limit.
    That is exactly what the DHCP range limitation does.
    It will not prevent other devices from using it if you manually assign an IP outside the DHCP range, but this is described in the help text.
     
  14. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    541
    Any advice before I give up on this? :(
     
  15. Xentrk

    Xentrk Very Senior Member

    Joined:
    Jul 21, 2016
    Messages:
    872
    Location:
    Chiang Mai, Thailand
    To add on to what @thelonelycoder said, the IP address pool on your LAN section of this wiki should be of some help in how to change the IP range as well as context in pixelserv config best practices for ASUS Merlin firmware.
    https://github.com/kvic-z/pixelserv-tls/wiki/How-to-best-run-pixelserv-tls-on-Asuswrt-Merlin
     
  16. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
  17. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    2,922
    Location:
    In the heart of Switzerland
    Clear browser cache if possible, force close browser app, reboot phone, have iOS/Android coder code a fix.
    I never have a problem on my iOS/Android phones.
    On Android, I use Firefox, on iOS iCAB Mobile.
     
  18. Beherit

    Beherit Regular Contributor

    Joined:
    Sep 19, 2016
    Messages:
    64
    I am pretty certain that this happens either because of a change in some obscure OS X/iOS security setting or anti-virus software with "net protection" that insists on doing an extra certificate check. Which, of course, fails, as the certificate is generated and self-signed by pixelserv.

    I had similar errors as @GoNz0 with ESET NOD32 anti-virus on Windows. No matter how many times I imported the certificate (both into windows, the browser(s) and NOD32) or clicked "Always accept this certificate", I couldn't get it to work. In the end, disabling TLS certification check inside NOD32 "fixed" it.
     
  19. Beherit

    Beherit Regular Contributor

    Joined:
    Sep 19, 2016
    Messages:
    64
    If you're saying that you cannot access googleadservices.com from a router that's been factory reset and without AB-solution installed, then your problem has nothing to do with AB-Solution or pixelserv.

    I'm guessing it's either some certificate cache in your browser, or more likely Kaspersky's certificate validation and/or net protection that filters every domain you access through their servers. You might wanna check your browser extensions too if you use any that block/validate/check/secure access in any way.

    Net protection and security validations in anti-virus software is very sensitive and notorious for acting dodgy whenever network changes occur. I find it particularly headache inducing in combination with Windows 10 and WiFi. Trivial changes such as changing to a mobile connection or switching WiFi network forced me to reboot to gain back network access on my Win 10 laptop. In the end, I opted out and disabled net protection in NOD32.
     
  20. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    541
    My final issue after working around the others was android chrome browser still not being able to follow a google ad link, I had it working fine on my laptop.
     

Share This Page