Asus Merlin Diversion activ?

[Kenji]

Hello my friends. Unfortunately, my english is not very good and I am trying to work with the google translator here. For me it is very difficult to find the right settings with the translation.

I installed Asus Merlin and run a VPN client there. I am completely satisfied and now I would like to install the Adblocker Diversion.

I managed to instal and adjust the diversion via SSH.

But I'm not sure if I have all the settings> Say the DNS stuff correctly so everything works fine.

I uploaded 4 pictures here and hope you can help with that. Unfortunately, I find the homepage there difficult to understand as a beginner.
I want to protect all clients on the router via Adblock


I have already given a donation


https://www.directupload.net/file/d/5404/lpfx82ez_png.htm
https://www.directupload.net/file/d/5404/t3u8ipl7_png.htm
https://www.directupload.net/file/d/5404/dqvctmli_png.htm
https://www.directupload.net/file/d/5404/l7lmfsbu_png.htm

Thank you very much and have a nice evening!

lg. Philipp

 

[EmeraldDeer]

Hello my friends. Unfortunately, my english is not very good and I am trying to work with the google translator here. For me it is very difficult to find the right settings with the translation.

I installed Asus Merlin and run a VPN client there. I am completely satisfied and now I would like to install the Adblocker Diversion.

I managed to instal and adjust the diversion via SSH.

But I'm not sure if I have all the settings> Say the DNS stuff correctly so everything works fine.

I uploaded 4 pictures here and hope you can help with that. Unfortunately, I find the homepage there difficult to understand as a beginner.
I want to protect all clients on the router via Adblock


I have already given a donation


https://www.directupload.net/file/d/5404/lpfx82ez_png.htm
https://www.directupload.net/file/d/5404/t3u8ipl7_png.htm
https://www.directupload.net/file/d/5404/dqvctmli_png.htm
https://www.directupload.net/file/d/5404/l7lmfsbu_png.htm

Thank you very much and have a nice evening!

lg. Philipp

Your settings look correct

 

[Kenji]

okay thank you very much. Say the Ip of Diversion may not be anywhere inside? Do not understand how they should work otherwise

 

[EmeraldDeer]

okay thank you very much. Say the Ip of Diversion may not be anywhere inside? Do not understand how they should work otherwise

If a DNS lookup is on Diversion's blacklist, then the dnsmasq DNS reply will be the Pixelserv-tls IP address (192.168.1.2 in your case).

 

[Xentrk]

@Kenji, In the OpenVPN Client, if you set Accept DNS Configuration = Exclusive and use Policy Rules or Policy Rules (Strict), Diversion will not work for devices connected to the VPN Client as dnsmasq will be bypassed. Diversion requires dnsmasq to work.

My blog site discusses this issue. You can select your native language in the upper right hand corner to translate the post.

TL;DR
You have two options available to resolve the DNS and routing issues when using Policy Rules with Asuswrt-Merlin:

1. Set Accept DNS Configuration to “Strict” and specify the DNS server for the VPN tunnel to use by adding the dhcp-option DNS command in the Custom Configuration section. Without the dhcp-option command, Diversion updates will fail, the Diversion email function will no longer work and the wget command will not able to resolve the domain name.
2. My preferred recommendation is to install Stubby DNS over TLS. Stubby will encrypt DNS queries. To enable the OpenVPN Client to use Stubby, set Accept DNS Configuration to “Disabled”.