Diversion Banking application not working

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

miniterror

Regular Contributor
Hi all, after a short step to Ubiquiti im back at the Asus camp with a AX-86U, first thing i did was install diversion to have adblocking again for my internal devices.
On the Ubiquiti i used pihole.
Now the funny thing is, i started with a AC68U and had diversion, misses complained that her banking application didnt work, didnt really looked into it as she could switch to 4G instead of WiFi.
With the UDM and Pihole i used the exact same blockinglists, (so they should be identical between my Asus setup and the former Ubiquiti setup) and the application worked without problems for her.
Last week when i received the AX86U i hooked it up (with diversion active) and the same day i received the conplaint again her banking application doesnt work anymore.
She can login but then everything stays blank.

I have done some investigation in the dnsmasq log and i can not see domains being blocked that contain the banking URL.
After some investigation in tech sites from my country i noticed more complaints about this, funny thing is.
People with Pihole dont have a problem, but people who have android and use the app 'adaway' for example have the exact same problem.
They also posted a solution what they can do in the adaway application to fix it but im not sure how to implement this in Diversion, hope some one can point me in the right direction.
To resolve the problem for users with adaway the have to go into global settings of that app and in the settings they have to disable the webserver option, after that it works for all of them.

I have pixelserv active, i believe that acts as a webserver and might be the problem.
Not sure if possible, but can i redirect certain domains to not use pixelserv?
I think that might actually resolve the problem.


Edit: disabled Pixelserv and the app works again as she expects.
Enable it and its broken again, so its definetly something in pixelserv that is causing the problem, just not sure what part.
 
Last edited:

SomeWhereOverTheRainBow

Very Senior Member
Hi all, after a short step to Ubiquiti im back at the Asus camp with a AX-86U, first thing i did was install diversion to have adblocking again for my internal devices.
On the Ubiquiti i used pihole.
Now the funny thing is, i started with a AC68U and had diversion, misses complained that her banking application didnt work, didnt really looked into it as she could switch to 4G instead of WiFi.
With the UDM and Pihole i used the exact same blockinglists, (so they should be identical between my Asus setup and the former Ubiquiti setup) and the application worked without problems for her.
Last week when i received the AX86U i hooked it up (with diversion active) and the same day i received the conplaint again her banking application doesnt work anymore.
She can login but then everything stays blank.

I have done some investigation in the dnsmasq log and i can not see domains being blocked that contain the banking URL.
After some investigation in tech sites from my country i noticed more complaints about this, funny thing is.
People with Pihole dont have a problem, but people who have android and use the app 'adaway' for example have the exact same problem.
They also posted a solution what they can do in the adaway application to fix it but im not sure how to implement this in Diversion, hope some one can point me in the right direction.
To resolve the problem for users with adaway the have to go into global settings of that app and in the settings they have to disable the webserver option, after that it works for all of them.

I have pixelserv active, i believe that acts as a webserver and might be the problem.
Not sure if possible, but can i redirect certain domains to not use pixelserv?
I think that might actually resolve the problem.


Edit: disabled Pixelserv and the app works again as she expects.
Enable it and its broken again, so its definetly something in pixelserv that is causing the problem, just not sure what part.
are you using skynet as well? Skynet has a history of occasionally blocking ip address's of pay sites or banking logins.
 

SomeWhereOverTheRainBow

Very Senior Member
I am pretty sure Pixel-serv is blocking a domain that you could not otherwise properly block without pixel-serv. That has to be why you are having no issues with pixel-serv turned off. If you can figure out the domain it should fix your issue by whitelisting it.
 
Last edited:

miniterror

Regular Contributor
I am pretty sure Pixel-serv is blocking a domain that you could not otherwise properly block without pixel-serv. That has to be why you are having no issues with pixel-serv turned off. If you can figure out the domain it should fix your issue by whitelisting it.
Thanks for getting back to me.
I guess im am unable to actually tell then wich one it actually is.
I do see blocks when she opens the banking application but none of them have the actual domain of the bank in it.
Sdk.split.io for example, this domain is blocked by multiple blocklists i jave enabled.
Tags.tiqcdn.com is another one, i jave tried adding them to the whitelist and processed the whitelist.
I can see them being allowed afterwards but the application still doesnt work correct for her.
Any tips on how to find the exact URL that is the curlpit causing this problem?

Edit:
Did a follow of the dnsmasq log filtered on the IP of her phone.
Started right before she opend the banking application and stopped when she logged in and reached the white screen.
All i see coming by is below output, the bank itself is called Rabobank and i see bankieren.rabobank.nl as allowed in the logfiles.
Also manually verifying the rabobank domains they do not match any blocklist.

Code:
Jan 14 08:58:42 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
08:58:42 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
Jan 14 08:58:42 dnsmasq[2022]: query[A] events.split.io from 192.168.1.218
08:58:42 dnsmasq[2022]: query[A] events.split.io from 192.168.1.218
Jan 14 08:58:42 dnsmasq[2022]: query[A] bankieren.rabobank.nl from 192.168.1.218
08:58:42 dnsmasq[2022]: query[A] bankieren.rabobank.nl from 192.168.1.218
Jan 14 08:58:42 dnsmasq[2022]: query[A] app-measurement.com from 192.168.1.218
08:58:42 dnsmasq[2022]: query[A] app-measurement.com from 192.168.1.218
Jan 14 08:58:43 dnsmasq[2022]: query[A] tags.tiqcdn.com from 192.168.1.218
08:58:43 dnsmasq[2022]: query[A] tags.tiqcdn.com from 192.168.1.218
Jan 14 08:58:44 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
08:58:44 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
Jan 14 08:58:44 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
08:58:44 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
Jan 14 08:58:47 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
08:58:47 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
Jan 14 08:58:47 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
08:58:47 dnsmasq[2022]: query[A] sdk.split.io from 192.168.1.218
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top