AB-Solution - The Ad Blocking Solution

[thelonelycoder]

I'm rather new to Merlin, and not that much more experienced with Bash, so I doubt I'll get very far.

Is it the hosts file or the resolve file AB uses to block things? Happy to move this convo to PM or something if we're getting offtopic for this thread

This discussion very much belongs here, in public.
The blocking_file and blacklist.txt set the IP of the domain to either the pixelserv IP or 0.0.0.0 when dnsmasq is asked to resolve it. The null address is a direct blackhole while pixelserve actually responds.

 

[Jack Yaz]

I use AB solution and it works great (I use it with pixelserv-tls) I also use Cisco OpenDNS with dnscrypt for dnsmasq's upstream

I do not use any dns on the UI:
View attachment 9223

and I also make sure the clients on theLAN use router for dns:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to-destination $(nvram get lan_ipaddr)

My dnscrypt service runs on 127.0.0.1:65053 and the ones that are not ads (not blocked by AB) are sent upstream SSL encrypted:

admin@RT-AC66R-D700:/jffs/scripts# cat /etc/dnsmasq.conf | grep server
server=127.0.0.1#65053

Re. dnscrypt, do I just do this? https://github.com/RMerl/asuswrt-merlin/wiki/Secure-DNS-queries-using-DNSCrypt

 

[redhat27]

yup

 

[Jack Yaz]

I've just realised I might be being a bit dense....cashback tracking relies on cookies, which I'm going to guess AB doesn't interfere with?

https://www.topcashback.co.uk/Help/389

 

[redhat27]

Even if it does (depends on what list you're using), it's very to whitelist

 

[Jack Yaz]

yup

Hm, the below times out before the router has finished mounting the 4 partitions, and I was left without working DNS until I manually ran it. Should I increase the timeout?

RC='/opt/etc/init.d/rc.unslung'

i=30
until [ -x "$RC" ] ; do
  i=$(($i-1))
  if [ "$i" -lt 1 ] ; then
    logger "Could not start Entware"
    exit
  fi
  sleep 1
done
$RC start

 

[redhat27]

try this: Just put this in a tmp script and run one time:

  # Resolve DNS name for NTP server
  >/jffs/configs/hosts.add
  ntp_name=$(nvram get ntp_server0)
  for ip in $(/opt/bin/hostip $ntp_name)
  do
    echo $ip $ntp_name >> /jffs/configs/hosts.add
  done

Then reboot your router

 

[Jack Yaz]

Will that need running again from time to time? Also I'm not sure what I've done wrong but dns crypt has completely broken my internet, can't even ping

 

[redhat27]

Will that need running again from time to time

No, as long as the hosts.add file exists on your /jffs, you should be okay

dns crypt has completely broken my internet

dnscrypt needs accurate time from the timeservers to init the ssl connection. It cannot query the ntp server by hostname, as it itself is doing the dns resolving. The manual addition of the IP addresses of the ntp server will help dnscrypt to resolve that.

Edit: I need to hop off for today, talk to you later.

 

[Jack Yaz]

Opt bin hostip doesn't exist?

 

[Jack Yaz]

Ah i had to install hostip separately. Also fakehwclock doesn't seem to be saving as expected. Am i supposed to tell it to in service stop?

 

[redhat27]

Opt bin hostip doesn't exist?

Just saw this before I was heading out
opkg install hostip
My mistake, I had thought dnscrypt will install that

 

[redhat27]

Also fakehwclock doesn't seem to be saving as expected

It should if it is running and your time is set properly. Just do the
/jffs/configs/hosts.add thing and reboot.

I really need to leave now

 

[Jack Yaz]

Ok. I've noticed cron is throwing messages about time disparity as well

 

[kvic]

- How important is it to actually import the ca.crt certificates on each of my devices? Is there a guide for how to do it on linux? Or do I just double click and then import the certificate?

It's optional to import the CA cert. If you do, you only need to import the CA cert (not individual certs generated for ad domain). Here is a guide on how to do the import on various platforms.

- I have issues with websites using HSTS. This is an example of what happens when I try to access google docs:

Your connection is not private
Attackers might be trying to steal your information from docs.google.com (for example, passwords, messages, or credit cards).


NET::ERR_CERT_AUTHORITY_INVALID

Are you seeing the error on iOS? I'm aware of recent updates to iOS 10 that breaks self-signed CA cert. It seems a widespread issue, for example, discussed here. I haven't seen a fix yet unfortunately.

Latest MacOS/Windows still fine. Linux no problem. Android 6 okay (no chance to check 7 yet).

 

[thelonelycoder]

Are you seeing the error on iOS? I'm aware of recent updates to iOS 10 that breaks self-signed CA cert. It seems a widespread issue, for example, discussed here. I haven't seen a fix yet unfortunately.

Reloading the page always works on my iOS devices.

 

[shooter40sw]

Hi, has anybody use dnscrypt with ab-solution? I used it a long time ago when I started using the ab-solution it was in diapers, now it has matured and its a great tool, but my question with dnscrypt is that if its as easy as following the wiki or there is anything I must consider before installing it?
Thanks

 

[skilledone]

Look at this post, you might have a similar problem with your USB device.
As a first step, delete all files in /tmp/mnt/data/adblocking/addon/
You can do this in your SSH terminal with this command:

rm -f /tmp/mnt/data/adblocking/addon/*.add

Then start the AB UI and try to set the stats function and install ps.

Lonely, Thanks again for your previous help. I left my router for a day or two and came back to pixelserv-tls failing to start or restart? Any clues or should I just remove pixel and reinstall it? If I do attempt to reset it and reinstall I get this:

checking your system

testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing

testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...

this appears to be working, continuing

checking port 443 availability
port 443 is available, continuing

- Entware installed at /tmp/mnt/entware/entware
/tmp/mnt/data/ab-solution.sh: line 1: opkg: not found
/tmp/mnt/data/ab-solution.sh: line 1: opkg: not found
- package pixelserv-tls is not available
-------------------------------------------------

Based on the check above, pixelserv-tls
is not available for install with AB-Solution

I'm not sure why opkg is not available when it clearly was working fine the other day .

 

[thelonelycoder]

Lonely, Thanks again for your previous help. I left my router for a day or two and came back to pixelserv-tls failing to start or restart? Any clues or should I just remove pixel and reinstall it? If I do attempt to reset it and reinstall I get this:

checking your system

testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing

testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...

this appears to be working, continuing

checking port 443 availability
port 443 is available, continuing

- Entware installed at /tmp/mnt/entware/entware
/tmp/mnt/data/ab-solution.sh: line 1: opkg: not found
/tmp/mnt/data/ab-solution.sh: line 1: opkg: not found
- package pixelserv-tls is not available
-------------------------------------------------

Based on the check above, pixelserv-tls
is not available for install with AB-Solution

I'm not sure why opkg is not available when it clearly was working fine the other day .

Check the syslog for error messages regarding your usb device.
I'm about 99% sure that's where your problem is.
Reformat the device, reformat jffs, start from scratch.

 

[redhat27]

Hi, has anybody use dnscrypt with ab-solution? I used it a long time ago when I started using the ab-solution it was in diapers, now it has matured and its a great tool, but my question with dnscrypt is that if its as easy as following the wiki or there is anything I must consider before installing it?
Thanks

I use dnscrypt alongside this with a hostslist named after you (don't know the history there) with no issues. Before you install dnscrypt, make sure you do this one time (it creates some local lookup of ntp server IPs so that router can init the correct time for dnscrypt to use to setup the connection. You may need to install hostip