What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Apologies: I did not mean ‘long winded’ in any negative way.
I was just looking if there was a direct command line way to figure out the latest blocked domains by IP address.

I was looking for some direct way... something like
Code:
tail -f /opt/var/dnsmasq.log | grep 'searchvalue'
or something similar.

Is there any unique identifier/ keyword in each individual line item of dnsmasq log that indicates that the domain has been blocked?
Diversion has command switches, one is diversion f as you might know does follow the log with slightly modified easier readable output.
It is the option 1. Unfiltered log in the f menu structure.
There are no further switches built in for the other four options for simplicity.

The full code for 4. Blocked domains, by device IP is this, expecting some variables being set to work:
Code:
tail -F "${LOG_DIR}/dnsmasq.$log" | \
while read line; do
    if echo "$line" | /opt/bin/grep -q "list/blockinglist\|list/blacklist\|list/yt_blacklist\| config .* is $blockingIP" && echo "$line" | /opt/bin/grep -q " $(echo $deviceIP | sed -e 's/\./\\./g')/"; then
        printf "%-43s%s\\n" "${GRAY} $( echo $line | awk '{print $3, "blocked by " $(NF-3)}' | sed 's|/opt/share/diversion/list/||;s|config|wc-blacklist|')${NC} " "${RED}$( echo $line | awk '{print $(NF-2)}')${NC}"
    fi
done
 
Hallo

It looks like the yt blocker is properly installed but i'm still getting a lot of ad's on my Smart TV and iPad. Am I missing something?
diversion.png
 
^^^
Have you forced all your DNS traffic to go thru the router? In some cases, these "SmartA&& apps" hardcode their own DNS servers into the app... to be sure you see their crappy ads. Sometimes there's little you can do about that...

LAN > DNSFilter > Enable DNS-based Filtering > ON --> Router.

1599916709134.png
 
How do I get Diversion to show within the Merlin UI ?
 
How do I get Diversion to show within the Merlin UI ?
It's in beta testing, so nothing's complete. You can enable it in d.
 
Many thanks.

I have now enabled it and also removed Adblock+ extension off my home computers (can't remove it from laptop else I'll be flooded with ads when out and about).
 
Many thanks.

I have now enabled it and also removed Adblock+ extension off my home computers (can't remove it from laptop else I'll be flooded with ads when out and about).
If you have a VPN on your laptop back to your home router, you will benefit from Diversion and CAN remove the AdBlock+ extension.
just an option for you to consider.
 
If you have a VPN on your laptop back to your home router, you will benefit from Diversion and CAN remove the AdBlock+ extension.
just an option for you to consider.

How would I go about setting this up and the laptop is a MacBook Pro running MacOS Catalina 10.15.
 
How would I go about setting this up and the laptop is a MacBook Pro running MacOS Catalina 10.15.
You need to setup a VPN server on the Router.
Login into router....
Go to VPN -> VPN Server -> IPSec
Enable IPSec VPN server
Setup the server and add a user.
Click on the link ‘Mac OS’ for instructions for setting up your MacBook as a client.

An advantage of using IPSec is that you do not need any additional software to install on the Mac or iPhone/IPad as IPSec protocol is natively supported by macOS and iOS.
 
You need to setup a VPN server on the Router.
Login into router....
Go to VPN -> VPN Server -> IPSec
Enable IPSec VPN server
Setup the server and add a user.
Click on the link ‘Mac OS’ for instructions for setting up your MacBook as a client.

An advantage of using IPSec is that you do not need any additional software to install on the Mac or iPhone/IPad as IPSec protocol is natively supported by macOS and iOS.
OK, thank you.

I'm assume I leave everything as is after enabling IPSec VPN server (server IP address shows router's DDNS address), except under Quick Select where it asks for a Pre-Shared key. Can this be anything ?

Then I enter a Username & Password for any clients to access VPN ?
 
OK, thank you.

I'm assume I leave everything as is after enabling IPSec VPN server (server IP address shows router's DDNS address), except under Quick Select where it asks for a Pre-Shared key. Can this be anything ?

Then I enter a Username & Password for any clients to access VPN ?
Yes. Just let the defaults be.
Pre-shared key can be anything. Like any good password; make sure it is long enough. I recommend at least 24 chars long.
 
Do I still need to have Adblock extensions installed in my browsers when using Diversion Standard on my Asus RT-AX88U ?
You might still want to install such an extension for cosmetic filtering:

AdGuard said:
This method uses so called cosmetic filtering rules which are used not for blocking ad requests, but for changing the page appearance. Cosmetic rules include adding some special CSS-rules (styles) which hide the unwanted advertisements on a page and mask the removed elements' remains after blocking, such as empty fields in the place of the blocked banner, etc.
 
Yes. Just let the defaults be.
Pre-shared key can be anything. Like any good password; make sure it is long enough. I recommend at least 24 chars long.
I have now done this and got it working on my iPhone. Just got to set it up on my iPad and MacBook Pro now.

You might still want to install such an extension for cosmetic filtering:
Installed 'AdGuard'. How do I get cosmetic filtering ?
 
Last edited:
You need to setup a VPN server on the Router.
Login into router....
Go to VPN -> VPN Server -> IPSec
Enable IPSec VPN server
Setup the server and add a user.
Click on the link ‘Mac OS’ for instructions for setting up your MacBook as a client.

An advantage of using IPSec is that you do not need any additional software to install on the Mac or iPhone/IPad as IPSec protocol is natively supported by macOS and iOS.
What am I missing? On 384.18 RT-AC68U, I go to VPN Server page (General) and I don’t see IPSec. I see OpenVPN and PPTP, but no IPSec. (I have both OpenVPN servers running. I turned one off but still no IPSec.)
 
What am I missing? On 384.18 RT-AC68U, I go to VPN Server page (General) and I don’t see IPSec. I see OpenVPN and PPTP, but no IPSec. (I have both OpenVPN servers running. I turned one off but still no IPSec.)
That is strange. It works fine on my AX88U. Maybe it is hardware specific. Ask in the main asuswrt-merlin thread.

Worst case scenario, use OpenVPN. OpenVPN clients is avilable on iOS/ macOS as free apps as well.
 
That is strange. It works fine on my AX88U. Maybe it is hardware specific. Ask in the main asuswrt-merlin thread.

Worst case scenario, use OpenVPN. OpenVPN clients is avilable on iOS/ macOS as free apps as well.
Thanks, yes, I’ve been using OpenVPN for years, but I was fascinated to read your post and keen to try it. (I have previously put Tunnelblick on a Mac and never knew there was an alternative.)
 

Attachments

  • 2AE7AA23-8E16-4D68-8454-13438D776865.jpeg
    2AE7AA23-8E16-4D68-8454-13438D776865.jpeg
    338.7 KB · Views: 110
Thanks, yes, I’ve been using OpenVPN for years, but I was fascinated to read your post and keen to try it. (I have previously put Tunnelblick on a Mac and never knew there was an alternative.)
I too have been using OpenVPN for many years, but IPSec is faster and almost natively supported by most OS.

WireGuard is the new kid on the block - well not really new, but starting to gain mainstream popularity... and the speeds are absolutely stunning.
My work place is also looking to slowly replace multiple OpenVPN servers with WireGuard.

I have now setup my Asus Router as a WireGuard server and very pleased with the connection and speed.
 
OpenVPN should be somewhat faster and more secure (than IPSec), but as stated above it's not a native application. Getting a bit off-topic in this Diversion thread though.
Meanwhile, MAN stupid YouTube ads are getting aggravating! Wait 5 seconds, click "Skip Ads," have ANOTHER ad pop up, wait another 5 seconds... then sometimes they drop another ad in the middle of a 5-minute song. Grrrr. Don't think there's much we're going to be able to do about this. *sigh*

I remain grateful for what ad-blocking I DO get.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top