1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Diversion issues only on some clients (newbie)

Discussion in 'Asuswrt-Merlin' started by bitoiu, Feb 19, 2020.

  1. bitoiu

    bitoiu Occasional Visitor

    Joined:
    Jan 2, 2020
    Messages:
    22
    Hey,

    I've installed Diversion today on my ax88u and I started running some tests on popular services the family uses. I noticed on my Macbook Pro I wasn't able to load any of the following (tested on diff browsers as well):
    - Youtube (ad video loads but it doesn't play)
    - IGN.com (can't see any videos, ad doesn't load)
    - Twitch.tv (web and desktop app) cannot see any streams probably because the site is testing if the video played

    Now the curious thing is that if I jump onto my iPhone, I can first of all load all video ads with no problem. I know this can be down to the application code, but I'm wondering if it could be something else. I checked the blocked domains on the terminal, and for twitch for example I get the following on the laptop (web and apps):

    11:54:42 blocked by blockinglist cdn.branch.io
    11:54:43 blocked by blockinglist pagead46.l.doubleclick.net
    11:54:43 blocked by blockinglist c.amazon-adsystem.com
    11:54:45 blocked by blockinglist www-google-analytics.l.google.com
    11:54:46 blocked by blockinglist ssl.google-analytics.com
    11:54:46 blocked by blockinglist s.amazon-adsystem.com
    11:54:46 blocked by blockinglist fastly-insights.com
    11:54:46 blocked by blockinglist sb.scorecardresearch.com
    11:54:46 blocked by blockinglist secure-dcr.imrworldwide.com

    But on the mobile, I only get:

    11:56:28 blocked by blockinglist cdn.branch.io

    Which probably tells me, the code is different for mobile and desktop browser/native app. For youtube website on Laptop I get the following blocked:

    11:57:27 blocked by blockinglist ade.googlesyndication.com
    11:57:27 blocked by blockinglist googleads.g.doubleclick.net
    11:57:28 blocked by blockinglist tpc.googlesyndication.com
    11:57:29 blocked by blockinglist ad.doubleclick.net
    11:57:29 blocked by blockinglist pagead46.l.doubleclick.net
    11:57:31 blocked by blockinglist static.doubleclick.net

    But the same link on mobile:

    11:58:31 blocked by blockinglist s.youtube.com
    11:58:34 blocked by blockinglist app-measurement.com
    11:58:35 blocked by blockinglist ssl-google-analytics.l.google.com
    11:58:39 blocked by blockinglist pagead46.l.doubleclick.net
    11:59:27 blocked by blockinglist googleads.g.doubleclick.net

    ---

    I fear that if I whitelist things like `googleads.g.doubleclick.net` or `amazon-adsystem.com` then those alone will open the floodgates for other sites that use adwords and amazon ads. Any suggestions are deeply appreciated, I searched the forum for `twitch` `youtube` to see if I could see comments similar to mine but nothing on the nose.

    Thank you.
     
    Last edited: Feb 19, 2020
  2. bitoiu

    bitoiu Occasional Visitor

    Joined:
    Jan 2, 2020
    Messages:
    22
    Important Update: I've tested all those websites on another MacBook Air and it plays everything. No issues and mostly no ads even, works like a charm. So I'm going to restart the router and the original MacBook Pro to see if it fixes it.
     
  3. bitoiu

    bitoiu Occasional Visitor

    Joined:
    Jan 2, 2020
    Messages:
    22
    I also started looking at the Chrome console for client side errors and when I found `net::ERR_CERT_AUTHORITY_INVALID` error, I thought I had made a mistake with the cert. I followed the guidelines here: https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices and the error disappeared but still can't watch anything on those sites on the MBP.

    I also didn't need to add the CERT on the MacBook Air or iPhone, as it currently plays all this content.
     
  4. bitoiu

    bitoiu Occasional Visitor

    Joined:
    Jan 2, 2020
    Messages:
    22
    SOLVED: A simple restart of the MBP fixed the issue.

    However, I read that installing the pixel cert is required, but I have no issue in other devices. I hate to do changes for the sake of doing changes, so wondering what is the up to date recommendation. Install the cert or not? Even if everything seems to be working ok?
     
  5. Mutzli

    Mutzli Senior Member

    Joined:
    Dec 22, 2014
    Messages:
    491
    If you can, install the certificate on every system to avoid client/server handshake errors. You can see these errors in the pixelserv -tls serverstats page (http://192.168.1.2/servstats.txt) under the slu value. You can find more info about this at the developers FAQ here and here.