Diversion Diversion - the Router Ad-Blocker

[martinr]

Another benefit of this is my work blocks ports to access the VPN on my home router, yet I can use the NextDNS app fine on my Pixel3.

However whenever I can I connect to my home OVPN and let Diversion do the work.

One of my 2 OpenVPN servers is set to Port 443 TCP, and I’ve recently got into the habit of leaving my iPhone connected to it all the time - even when I’m at home. It doesn’t seem to affect my battery life, and it doesn’t affect any aspect of my Internet activity. The real benefit is that when I leave home and use either 3G4G/public wifi, there’s no chance of my forgetting to go through my vpn.

 

[5stringdeath]

One of my 2 OpenVPN servers is set to Port 443 TCP, and I’ve recently got into the habit of leaving my iPhone connected to it all the time - even when I’m at home. It doesn’t seem to affect my battery life, and it doesn’t affect any aspect of my Internet activity. The real benefit is that when I leave home and use either 3G4G/public wifi, there’s no chance of my forgetting to go through my vpn.

I thought about doing this but I believe it will interfere with my reverse proxy .... so I haven't done it.

 

[Butterfly Bones]

One of my 2 OpenVPN servers is set to Port 443 TCP, and I’ve recently got into the habit of leaving my iPhone connected to it all the time - even when I’m at home. It doesn’t seem to affect my battery life, and it doesn’t affect any aspect of my Internet activity. The real benefit is that when I leave home and use either 3G4G/public wifi, there’s no chance of my forgetting to go through my vpn.

You solution works. There is an iOS app configurable for our own VPN servers, that has one feature that makes it unique. One can set "trusted" network(s) that will automatically disconnect VPN and reconnect VPN when you leave "trusted" network. Full credit to Val.D who posted this in another thread. (He is inactive now.)

It works great having only my home network trusted, and all other mobile or wifi connections use my AC86U VPN server. I run a VPN client on my 86U that all clients use. Like you, I forgot to switch iPhone to VPN when I left home.

It has some paid features, the trusted network only is ~$2 USD. max ~$6 USD that includes many commercial VPN services. It imports .ovpn files for any provider, including one's Asus VPN server.

Apple App Store -> search for Passepartout - OpenVPN Client
More information - https://passepartoutvpn.app/

 

[thelonelycoder]

It's a bug or an unintended result of the hostsfiles containing tab characters instead of spaces. Diversion is searching for "<space>adkami.com" when it's might be stored as "<tab>adkami.com" in the source file. It was this way for one of the tests I did with the SkyNet Plus hosts files. @thelonelycoder can decide if or how he wants to deal with it. Your particular file on pastebin has Windows CR/LF endings which also doesn't let it match the EOL properly either. So two possible issues to consider.

# grep " adkami\.com" /opt/share/diversion/backup/hostsfile_*
/opt/share/diversion/backup/hostsfile_pastebin.com-raw-R3KzqysL:0.0.0.0      adkami.com
# grep " adkami\.com$" /opt/share/diversion/backup/hostsfile_*
# grep -P " adkami\.com\r$" /opt/share/diversion/backup/hostsfile_*
/opt/share/diversion/backup/hostsfile_pastebin.com-raw-R3KzqysL:0.0.0.0      adkami.com

This would work with Entware grep:

/opt/bin/grep -P "\sadkami\.com\r$" /opt/share/diversion/backup/hostsfile_*

Or with standard grep!

/bin/grep -E "[[:blank:]]adkami\.com$(printf '\r')?$" hostsfile_*

Noted, thanks.

 

[thelonelycoder]

Is it acceptable to remove the backup files in the /opt/share/diversion/backup location? When using the option in diversion to check if a domain is present, it's showing host files that no longer exist because it checks the backup location and some of these are not longer being used in my custom host files.

The backup files have multiple purposes.
- As a comparison for the download, if no change it won't.
- As backup when the download of a fresh copy fails during the blocking list update.
- As a searchable file to find out which hosts file blocks a certain domain.

Backup files are overwritten with the latest file or discarded when they're older than 19 days.
As you've found out, the 19 days is not helping when searching for a domain.
The next Diversion update will remove inactive backup files right away.
Thanks for reporting.

 

[thelonelycoder]

Is there a way use Diversion as DNS server for cellphone (aka from outside network device)?

Diversion is not a DNS Server. It uses the built in Dnsmasq to block domains.

Ignore that, I read your question wrong.

 

[Jumpstarter]

“diversion menu will not load only black screen? any advice?” Sum total of your post. My crystal ball is away being recalibrated.

yea well I would have no need for a crystal ball if it had been more verbal in the logs. everything else started. have you found your crystal ball yet?

 

[martinr]

yea well I would have no need for a crystal ball if it had been more verbal in the logs. everything else started. have you found your crystal ball yet?

Arrived back today with a calibration cert valid fir the next 12 months.

 

[Asad Ali]

Is there a way use Diversion as a DNS server for cellphone (aka from outside network device)?

If you don't want to go for the VPN route so that you can use your mobile carrier speeds then what you can do is change your DNSmasq configuration file and make it listen to your external IP address ( it's way easier to do if you have a static IP address from your ISP) and you can use your Public IP as a DNS server on your cell phone and all your DNS queries will be redirected through your Router and Diversion will work as well.

 

[V@no]

change your DNSmasq configuration file and make it listen to your external IP address ( it's way easier to do if you have a static IP address from your ISP) and you can use your Public IP as a DNS server on your cell phone and all your DNS queries will be redirected through your Router and Diversion will work as well.

Could you elaborate on this please? Where do I find "DNSmasq configuration file"?
Thank you.

 

[ColinTaylor]

If you don't want to go for the VPN route so that you can use your mobile carrier speeds then what you can do is change your DNSmasq configuration file and make it listen to your external IP address ( it's way easier to do if you have a static IP address from your ISP) and you can use your Public IP as a DNS server on your cell phone and all your DNS queries will be redirected through your Router and Diversion will work as well.

Configuring your home router as a public DNS server is a really bad idea.

https://www.snbforums.com/threads/use-router-as-external-dns-server.56992/

 

[Asad Ali]

Could you elaborate on this please? Where do I find the "DNSmasq configuration file"?
Thank you.

Well, the configuration file is in /etc/dnsmasq.conf but it's dynamically generated by the router on each reboot so we can't use that.
We use an add on file for that called "dnsmasq.conf.add" in your /jffs/configs folder.

You need two entries there:
listen-address=Your Public IP

Interface=Depends on your wan interface and how you're connected to it.

Read DNSMasq MAN page for in-depth knowledge:

http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

You'll also need to open port 53 on your router and redirect it to your router's IP.

 

[Asad Ali]

Configuring your home router as a public DNS server is a really bad idea.

https://www.snbforums.com/threads/use-router-as-external-dns-server.56992/

Its just an idea, good or bad is a decission one should make themselves. Also if you know what you're doing you can restrict the IP's so only your trusted or selected IP addresses can access it.

 

[Jumpstarter]

Configuring your home router as a public DNS server is a really bad idea.

https://www.snbforums.com/threads/use-router-as-external-dns-server.56992/

Alternatively you can just route your VPN as DNS only.

Your Internet connection will still be handled by your Mobile provider while all DNS traffic will be routed through VPN.

 

[elorimer]

Would it work to add block-outside-dns to the client config?

EDIT: Not for Android or Chromebooks. This is a Windows-specific option, and it doesn't seem to work.

 

[SomeWhereOverTheRainBow]

Would it work to add block-outside-dns to the client config?

Give it a try.

 

[elorimer]

Give it a try.

Ya, maybe. Have to haul myself out of the chair and use the wifi at the gym.

See I was thinking @Jumpstarter's suggestion might not work, because the LAN only setting just means the default gateway isn't pushed. So the client still has the mobile provider's DNS and might still go there even if the router's dns is advertised.

 

[SomeWhereOverTheRainBow]

Ya, maybe. Have to haul myself out of the chair and use the wifi at the gym.

See I was thinking @Jumpstarter's suggestion might not work, because the LAN only setting just means the default gateway isn't pushed. So the client still has the mobile provider's DNS and might still go there even if the router's dns is advertised.

I am running right now and my mobile is going through routers dns traffic, but mobile provider ip address is being used for gateway ip. I guess it would depend on the device and not so much the provider.I can't think of any mobile provider that is sophisticated enough to prevent the dns traffic from being filtered through the vpn( or rerouted away from vpn). It is also possible to implement iptable nat rules to force routing of dns traffic or dns filter rules on the router as well. (Don't think it is really necessary though.)

 

[JaimeZX]

Quick blacklist question... there are a couple of domains I've scanned on "sitecheck.sucuri.net" that show "blacklisted by McAfee." Do you know if the McAfee blacklist is available to add to Diversion somewhere/somehow? Because when I do the Blocking List > Find Domain in Host File(s) they never come up.

Thanks!

 

[JaimeZX]

Unrelated question, and not that big a deal. How come sometimes Diversion quits to AMTM, and sometimes it quits to the command prompt?