Diversion Diversion blocking less than 2%

[Daniel LaRusso]

Diversion seems to be blocking less and less for me recently. At last check, it was blocking less than 2% of ads. I'm running the latest Merlin firmware (384.19) and Diversion is updated to the current version (v4.1.12). IP pool starting address doesn't include pixelserv-tls address and I'm using the "Medium" blocking list with no custom lists. I'm using an Asus RT-AC86U, running ExpressVPN client manually configured at the router level. I've followed the protocol for running a VPN client and Diversion (DNS config set to "exclusive" and policy rules off/force internet traffic through tunnel: yes). Other settings are as follows:

DHCP Server > DNS and WINS Server Setting > DNS Server 1 > blank > DNS Server 2 > blank
Advertise router's IP in addition to user-specified DNS > yes
DNS Filter > Enable DNS-based filtering > on > Global filter mode > router

Doesn anyone have any tips or suggestions?

 

[ColinTaylor]

At last check, it was blocking less than 2% of ads.

Surely that's 1.66% of DNS queries, not ads?

 

[Zastoff]

Maybe this can help

Does Diversion work if traffic is routed trough a VPN tunnel - Diversion

Does Diversion work if traffic is routed trough a VPN tunnel

diversion.ch

 

[Daniel LaRusso]

Surely that's 1.66% of DNS queries, not ads?

I uploaded a screenshot of the stats. Am I reading this wrong? "Percent blocked 1.66%." Is this in reference to DNS queries or ads?

 

[Daniel LaRusso]

Maybe this can help

Does Diversion work if traffic is routed trough a VPN tunnel - Diversion

Does Diversion work if traffic is routed trough a VPN tunnel

diversion.ch

I've read that and don't use policy rules. "Diversion will work over the VPN tunnel when “Accept DNS configuration” is set to “Exclusive” and Policy Rules are disabled by setting 'Redirect Internet Traffic' to 'All'."

I have DNS config set to "Exclusive" and policy rules are disabled, with all internet traffic forced through the tunnel.

 

[glehel]

Accept DNS configuration : disable
Diversion working. Use stubby (DOT), dnscrypt...
but if you redirect all traffic to vpn you can also use unbound. you only need to use the "bind disable" command here. the dns ip address and the external ip address are the same.

 

[Daniel LaRusso]

Accept DNS configuration : disable
Diversion working. Use stubby (DOT), dnscrypt...
but if you redirect all traffic to vpn you can also use unbound. you only need to use the "bind disable" command here. the dns ip address and the external ip address are the same.

So the best way when using a VPN and ad blocking is to use unbound?

 

[doczenith1]

As previously mentioned you need to set
Accept DNS configuration : disable
to have your VPN traffic use Diversion. When you set Exclusive you were telling your VPN traffic to only use the DNS provide by the VPN server and not Diversion.