Diversion Diversion - the Router Ad-Blocker

[jsbeddow]

I think you mix up things. For most Diversion installations, the setting 'Yes' is the correct setting.

Hmm... odd, since I have had no problems whatsoever with Diversion (or anything else), since the change to the new default of "No". Yes, I have seen the occasional complaint about Diversion not working as expected: maybe mine works because I use the enforce DNS through router setting.

 

[Mutzli]

Just so you know in rt-ax88u or maybe other models, when local caching DNS server is set to yes, the NTP does not function @boot time, therefore, any components that rely on exact time doesn't start. This behaviour doesn't happen in my old 68P.

I don't have that issue, I use time.cloudflare.com and it works as expected

 

[bluepoint]

I'm not seeing any such behavior on my RT-AX88U. Make sure you're not using any scripts which interferes with ntp_ready nvram variable.

Enabled
1. DOT (cloudflare)
2. Strict DNSSEC
3. NTP Client/NTP server RMerlin's builtin with DNS intercept
4. amtm
5. Diversion
6. Skynet
7. AIprotection- Two way IDS only

 

[Asad Ali]

Enabled
1. DOT (cloudflare)
2. Strict DNSECC
3. NTP Client/NTP server RMerlin's builtin with DNS intercept
4. amtm
5. Diversion
6. Skynet
7. AIprotection- Two way IDS only

These scripts/settings won't make NTP deamon halt at boot, there's something else in your environment interfering with it.

 

[Makaveli]

I don't believe i've seen this also but i'm using NTP merlin not the built in option.

 

[Mutzli]

Enabled
1. DOT (cloudflare)
2. Strict DNSSEC
3. NTP Client/NTP server RMerlin's builtin with DNS intercept
4. amtm
5. Diversion
6. Skynet
7. AIprotection- Two way IDS only

I have the same settings and scripts running.

 

[bluepoint]

These scripts/settings won't make NTP deamon halt at boot, there's something else in your environment interfering with it.

Nope no other scripts, I think it's a timing thing as the ax88u is too fast but I can not put a finger on it.
These are the same settings and scripts I have with the 68P and it doesn't exhibit the same behaviour.

 

[Mutzli]

Nope no other scripts, I think it's a timing thing as the ax88u is too fast but I can not put a finger on it.

When you boot your router is it the NTP deamon that stops because of a problem or is it stopping because it can't sync the time with the defined NTP Server?

 

[Asad Ali]

Nope no other scripts, I think it's a timing thing as the ax88u is too fast but I can not put a finger on it.

I am testing it on AX-88U as well so it's definitely not hardware issue. Test after completely disabling JFFS partition.

 

[bluepoint]

When you boot your router is it the NTP deamon that stops because of a problem or is it stopping because it can't sync the time with the defined NTP Server?

I'm not sure, I know the NTP does not work when the time stays @default of MAY. Ill be observant when I check later.

 

[Delusion]

I think you mix up things. For most Diversion installations, the setting 'Yes' is the correct setting.

But Merlin himself set it to No by default. I don't , it causes issues for me and for others as well , for instance NTP not syncing sometimes at boot, router connection icon turns off and on after awhile and Skynet shows there is no connection (I can force it by running filter update on Skynet) .. Since 384.13 its 'No' by default. If someone has a solution on how to make everything work well with Local Cache set to 'Yes' , I will be happy

 

[skeal]

Nope no other scripts, I think it's a timing thing as the ax88u is too fast but I can not put a finger on it.
These are the same settings and scripts I have with the 68P and it doesn't exhibit the same behaviour.

Certainly sounds like a race condition to me.

 

[thelonelycoder]

Again, the "Wan: Use local caching DNS server as system resolver" is only set during installation. A Diversion update does not check this and other settings.

 

[bluepoint]

I am testing it on AX-88U as well so it's definitely not hardware issue. Test after completely disabling JFFS partition.

Ok thanks I'll check.

I am testing it on AX-88U as well so it's definitely not hardware issue. Test after completely disabling JFFS partition.

Okay, now we're going somewhere. After disabling JFFS script and unmounting flash, ntp now works but with a little delay(not as fast when dnscache is not used). Then enabled all(JFFS, flash, diversion, skynet) and NTP still works with the same delay as if it's waiting for everything to come up before NTP sync. But at any rate I'm happy. Thanks everyone!

 

[EmeraldDeer]

To be ready, the following steps are required if pixelserv-tls v2.2.1 or older is installed on your router.
1. Update Diversion to this latest version
2. Install Jack Yaz's pixelserv-tls v2.3.0 in ep, 6, 3
3. Re-generate the pixelserv-tls CA certificate in ep, 3, 2 (all domain certificates will be purged during that step)
4. Import the new pixelserv-tls CA certificate (ca.crt) into browsers and devices, replacing the previous certificate.
Open the certificate link in a browser with your pixelserv-tls IP address, typically this is 192.168.1.2/ca.crt and import it.

Afterwards, I used the script config-webgui.sh
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
to replace the router webserver certificate with the new one.

 

[thelonelycoder]

Afterwards, I used the script config-webgui.sh
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
to replace the router webserver certificate with the new one.

Which is built into amtm.

 

[Mutzli]

Afterwards, I used the script config-webgui.sh
sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/config-webgui.sh)"
to replace the router webserver certificate with the new one.

Just use option ps in AMTM and reissue a new certificate.

 

[Mutzli]

I'm not sure, I know the NTP does not work when the time stays @default of MAY. Ill be observant when I check later.

I had similar issues with my old NTP server. It took too long for the router to assign the time and the NTP stopped during the boot cycle. Try a different NTP Server like time.cloudflare.com or some others that are faster syncing. A ping to the time.cloudflare.com shows 8ms and my old server was at 95ms.

 

[bluepoint]

I had similar issues with my old NTP server. It took too long for the router to assign the time and the NTP stopped during the boot cycle. Try a different NTP Server like time.cloudflare.com or some others that are faster syncing. A ping to the time.cloudflare.com shows 8ms and my old server was at 95ms.

I have time.nist.gov set there. I'll try cloudflare, thanks.

 

[Xentrk]

If I recall, I thought a work around fix for the NTP issue for DNS over TLS users is to also add DNS servers in the DNS1 and DNS2 fields on the WAN page. This will allow the router to use the DNS specified in those fields until DoT has chance to start up and resolve the NTP domain name.

Similarly, one could add a server entry in /jffs/configs/dnsmasq.conf.add

server=/us.pool.ntp.org/1.1.1.1