• ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

eugenezh

New Around Here
I have successfully installed and configured Diversion Standard on my Asus AC86U.
Everything seems to be working fine, as expected. However, I was not able to figure out how to to customize my configuration in a certain way. One client in my network (a TV) does not seem to work smooth with pixelserv method of blocking. For this particular client I would like to block using the 0.0.0.0 address method, while the rest of clients should still use pixelserv method.
I managed to setup an alternate blocking list, but it seems that both primary and alternate list can either be set to pixelserv blocking or to NULL address blocking. The only way to use NULL-address blocking is to disable pixelserv, which automatically sets this blocking method for both lists. This configuration flexibility can be achieved in general, but there is no way to customize things from the diversion console menu, or am I missing something?
Thanks in advance for any insights.
 

Treadler

Very Senior Member
I have successfully installed and configured Diversion Standard on my Asus AC86U.
Everything seems to be working fine, as expected. However, I was not able to figure out how to to customize my configuration in a certain way. One client in my network (a TV) does not seem to work smooth with pixelserv method of blocking. For this particular client I would like to block using the 0.0.0.0 address method, while the rest of clients should still use pixelserv method.
I managed to setup an alternate blocking list, but it seems that both primary and alternate list can either be set to pixelserv blocking or to NULL address blocking. The only way to use NULL-address blocking is to disable pixelserv, which automatically sets this blocking method for both lists. This configuration flexibility can be achieved in general, but there is no way to customize things from the diversion console menu, or am I missing something?
Thanks in advance for any insights.

Welcome to the forum!

Personally, I don’t bother with Pixelserv, just have it disabled. No apparent issues seen here with that.:)
 

eugenezh

New Around Here
Hi Treadler,

Personally, I don’t bother with Pixelserv, just have it disabled. No apparent issues seen here with that.:)

Well, now it is disabled in my configuration too, but maybe I'm missing some benefits of pixelserv (or will be missing them in future). I also have an "academic interest" in such a setup: technically it is doable.
 

5stringdeath

Regular Contributor
Are there issues with the server today? AMTM tells me there is an update but it fails. All other updates ran fine.

Code:
! Diversion: diversion.ch unreachable
 Script update(s) available!

Actually this won't update either:
Code:
 Entware packages    -> upd avail
- libncursesw            6.1-5       -> 6.2-1
 
Last edited:

Mutzli

Very Senior Member
Are there issues with the server today? AMTM tells me there is an update but it fails. All other updates ran fine.

Code:
! Diversion: diversion.ch unreachable
 Script update(s) available!

Actually this won't update either:
Code:
 Entware packages    -> upd avail
- libncursesw            6.1-5       -> 6.2-1
Use this command from the SSH prompt:
opkg install --force-reinstall libncursesw
 

L&LD

Part of the Furniture
No issue checking for updates here. But it did show a fair bit of Entware updates which I proceeded with.

Everything seemed fine until I checked for updates again 'u'. Shows update available for Unbound-daemon from 1.9.6-1 to 1.10.0-2.

I tried to update and it seems like there is no issue doing so, but checking for updates again 'u', it shows the update is still available.

Unbound is also not working now. :(

Just a data point here for the above poster. I will be posting this issue in the Unbound thread too. :)
 

vertigo888

Occasional Visitor
Pixelserv-tls will not start - Any ideas?

Code:
Apr 12 01:34:23 Diversion: restarted Dnsmasq to apply settings
Apr 12 01:34:25 avahi-daemon[3662]: Registering new address record for 192.168.1.9 on br0.IPv4.
Apr 12 01:34:25 Diversion: created br0:pixelserv-tls for 192.168.1.9
Apr 12 01:34:25 pixelserv-tls[30964]: pixelserv-tls 2.3.1 (compiled: Mar 23 2020 07:23:17 flags: tls1_3) options: 192.168.1.9
Apr 12 01:34:37 Entware (armv7sf-k2.6): Failed to start pixelserv-tls (Diversion)
Apr 12 01:34:39 Diversion: created br0:pixelserv-tls for 192.168.1.9
Apr 12 01:34:40 Entware (armv7sf-k2.6): Started pixelserv-tls (Diversion)
 

L&LD

Part of the Furniture
That last line in your code box says otherwise? :)
 

vertigo888

Occasional Visitor
That last line in your code box says otherwise? :)

But the GUI and install log says otherwise

Code:
Diversion upgrade log Sun, 12 Apr 2020 01:33:31 +0800
[31m____________________________________________________[0m

 [42m i [0m Checking router
 [42m ✔ [0m Asuswrt-Merlin
 [42m ✔ [0m Wireless router mode
 [42m ✔ [0m dos2unix
 [42m ✔ [0m Netstat
 [42m ✔ [0m Compatible device(s)
 [42m ✔ [0m Internet
 [42m ✔ [0m NTP date is synced
 [42m i [0m Router check complete

 [42m i [0m Checking dnsmasq.conf.add entries
 [42m ✔ [0m dnsmasq.conf.add
[31m____________________________________________________[0m

 [42m ? [0m Select Diversion Edition to upgrade to

[90m 1. Diversion Lite        SSH UI, Entware,
                          blocks only http ads[0m

 2. Diversion Standard    SSH UI, Entware,
                          package pixelserv-tls,
                          blocks http and https ads[0m

 Select Edition [2-2 e=Exit]
 [42m i [0m Checking port 443 availability
 [42m ✔ [0m Port 443 is available

[31m____________________________________________________[0m

 [42m i [0m Reserving one IP address for pixelserv-tls

 [42m ! [0m DO THIS NOW: Log into this routers WebUI

 - Go to LAN > DHCP Server
 - Adjust "IP Pool Starting Address" from the
   standard xxx.xxx.xxx.2 (typically 192.168.1.2)
   to xxx.xxx.xxx.3 (e.g 192.168.1.3)
   (xxx.2 would be the reserved address)
 - Make sure the reserved address is not used
   by your other devices
 - Then click "Apply"

 You will need to enter the IP address next

 [42m ! [0m Press Enter to continue when ready
[31m____________________________________________________[0m

 Enter pixelserv-tls IP Address:
 [42m ✔ [0m 192.168.1.9 is a valid IP address
 [42m i [0m checking if 192.168.1.9 is available to use

 [42m ✔ [0m pixelserv-tls IP address set to 192.168.1.9
 [42m i [0m Probing for Entware
 [42m ✔ [0m Entware is already installed

 [42m i [0m Getting Diversion Standard files
     from diversion.ch
 [42m ✔ [0m ash-history.div     integrated
 [42m ✔ [0m functions.div       integrated
 [42m ✔ [0m mount-entware.div   integrated
 [42m ✔ [0m post-conf.div       integrated
 [42m ✔ [0m rc.func.div         integrated
 [42m ✔ [0m rotate-logs.div     integrated
 [42m ✔ [0m S80pixelserv-tls    integrated
 [42m ✔ [0m update-bl.div       integrated
 [42m ✔ [0m write-config.div    integrated

 [42m i [0m Checking white and blacklists
 [42m ✔ [0m Whitelist
 [42m ✔ [0m Blacklist
 [42m ✔ [0m Wildcard blacklist

 [42m i [0m Probing for pixelserv-tls
 [42m i [0m Installing Entware package 'pixelserv-tls'
[90m
Place ca.crt and ca.key to /opt/var/cache/pixelserv before starting HTTPS mode.
Start options can be adjusted via /opt/etc/init.d/S80pixelserv-tls.

See 'pixelserv-tls -h' for details
Installing pixelserv-tls (2.3.1-1) to root...
Downloading http://bin.entware.net/armv7sf-k2.6/pixelserv-tls_2.3.1-1_armv7-2.6.ipk
Configuring pixelserv-tls.
[0m
 [42m ✔ [0m pixelserv-tls installed

 [42m i [0m Creating pixelserv-tls CA certificate
[90m
[0m
 [42m ✔ [0m pixelserv-tls CA certificate created

 [42m i [0m Checking /jffs/scripts entries
 [42m ✔ [0m dnsmasq.postconf
 [42m ✔ [0m mount-entware
 [42m ✔ [0m services-stop
 [42m ✔ [0m unmount (Diversion)
 [42m ✔ [0m unmount (swap file)

 [42m i [0m Initializing Diversion

 [42m ✔ [0m blocking list

 [42m i [0m Restarting Dnsmasq
 [42m ✔ [0m Dnsmasq restarted

 [42m i [0m Checking dnsmasq.conf entries
 [42m ✔ [0m Additional hosts
 [42m ✔ [0m Log facility

 [42m i [0m (Re)starting pixelserv-tls
[90m
 Starting pixelserv-tls (Diversion)... failed
[0m

 [41m ✖ [0m pixelserv-tls not running, restarting...
[90m
 Starting pixelserv-tls (Diversion)... done
[0m

 [41m ✖ [0m pixelserv-tls not running, check Syslog for errors

 [42m ! [0m Press Enter to acknowledge

 [42m i [0m Checking cron jobs
 [42m ✔ [0m cron file found
 [42m ✔ [0m blocking list update
 [42m ✔ [0m Rotate logs
 [42m ✔ [0m Ads counter

 [42m ✔ [0m Diversion Standard v4.1.11 upgrade complete

Starting service manually, I receive the below with not much to go from:

Code:
Starting pixelserv-tls (Diversion)... failed
 

L&LD

Part of the Furniture
Install log is a static report - from the past. Not sure where you see the GUI showing pixelserv-tls not running?
 

Ro berto

Regular Contributor
I switched to small list and now I can log-in to PayPal. The only downside is that some ads are now being shown.
with minimal blocking list I can log in to Android PayPal app and I haven't seen ads, very happy.

EDIT: clarified I'm using android app for PayPal

Sent from my SM-G970F using Tapatalk
 
Last edited:

JemTheWire

Senior Member
My uiDivstats is showing 406% blocked. Can someone please tell me where the actual logfile is located so that I can scrub it and start from fresh?
 

thelonelycoder

Part of the Furniture
My uiDivstats is showing 406% blocked. Can someone please tell me where the actual logfile is located so that I can scrub it and start from fresh?
In the d menu in Diversion.
 

Luizlp10

Occasional Visitor
Diversion is working flawlessly in my AC86U with 384.16 merlin FW installed but I have a question about DoT, which I am using. I am still being able to see all queries from Dnsmasq on SSH client, on Diversion. Pardon me if this is an obvious one but should'nt it be encrypted and not visible from the log?

Thanks in advance.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top