Diversion vs Pi-hole

[menaceinc]

Did anyone have a chance to compare both?

I have been running Diversion on my Asus AC66U B1 for a while and very happy with the results. I recently got an AC68U and setup the AiMess, Pi-hole was setup to replace Diversion (due to the stock firmware requirement for AiMess). If Diversion does a better job, I will give Pi-hole to my friend. My WiFi coverage is good without AiMess.

Thanks in advance!

 

[martinr]

Did anyone have a chance to compare both?

I have been running Diversion on my Asus AC66U B1 for a while and very happy with the results. I recently got an AC68U and setup the AiMess, Pi-hole was setup to replace Diversion (due to the stock firmware requirement for AiMess). If Diversion does a better job, I will give Pi-hole to my friend. My WiFi coverage is good without AiMess.

Thanks in advance!

Comparing objectively or scientifically, no. But I used to run a setup very similar to PiHole on a Raspberry Pi connected to my router. Perhaps a year ago I ditched it in favour of Diversion (AbSolution, then) and Skynet and I haven’t looked back. My system now is so much more elegant, and, there’s one less mains adapter and less junk hanging off the router and cluttering up the space behind the tv. Everything now is far more professional: automatic updates, maintained by first-class coders on this forum..... if you make the change, you’ll probably kick yourself for not having done it sooner. I nearly forgot: and experts on this forum ready to answer just about any question you might have on the topic.

 

[Protik]

I have tried both and let me give my two cents.

• Personally I prefer diversion. Because is diversion runs on the router, that means diversion is up when the router is up. Which means better reliability. Because Pi-hole runs on Raspberry Pi (RPi), it's a totally separate system which causes reliability issue. If it goes down, it takes your whole network down. You can loose connectivity to your RPi, your RPi can go down due to power adapter issues or maybe you were doing some tinkering and messed your RPi up. So you will not realize before it's too late. Imagine you are out at work and your DNS server goes down. You cannot bring that back until you are back home because you cannot SSH to it. Good luck explaining that to your wife (if you are lucky to have one yet).
• Because Raspberry Pi has higher clock speed than Asus router (at least compared to my AC-68U), Raspberry Pi performs better for ad blocking. BUT, if the RPi is not connected to your router through Ethernet, it adds latency to every request. While for diversion, it's almost instantaneous due to the fact that it's basically in the same device.
• I like how well pixelserv-tls integrates with diversion. Pixelserv-tls does a really good job of blocking ads and it does that with extreme efficiency. Pixelserv-tls returns a pixel for HTTPS ads and returns DNS requests gracefully. On the contrary, Pi-hole just blocks the request. I don't understand the nitty-gritty details, but the way Pi-hole works might extend load time of a web page with HTTPS ads. There is a way to add pixelserv-tls to Pi-hole, but that's not natively supported and not very straight-forward.
• Also installing Pi-hole requires too much tinkering in the router configurations. As Murphy's law states, whatever can go wrong will go wrong. So in case I have to reconfigure everything, using diversion has less overhead compared to Pi-hole.

If you are adventerous, then you can install Pi-hole in a docker. And manually configure DNS of one or two device of your network and see for yourself the performance. But be advised that, configuring IPv6 in a docker container is not straightforward. And that might effect Pi-hole's ability to block ads served through IPv6.

Did anyone have a chance to compare both?

I have been running Diversion on my Asus AC66U B1 for a while and very happy with the results. I recently got an AC68U and setup the AiMess, Pi-hole was setup to replace Diversion (due to the stock firmware requirement for AiMess). If Diversion does a better job, I will give Pi-hole to my friend. My WiFi coverage is good without AiMess.

Thanks in advance!

 

[bluzfanmr1]

I have run both Pi-hole (on a Pogoplug Pro with Debian) and Diversion.

The people at Pi-hole are amazing and so helpful and its a great product but I concluded that because I have an Asus router loaded with Diversion (and other great stuff from here) in one nice package (the router with a USB), it just works better for my needs.

I still have the Pi-hole running and sometimes use it to tinker around but Diversion is my full time ad blocker.

 

[menaceinc]

I have run both Pi-hole (on a Pogoplug Pro with Debian) and Diversion.

The people at Pi-hole are amazing and so helpful and its a great product but I concluded that because I have an Asus router loaded with Diversion (and other great stuff from here) in one nice package (the router with a USB), it just works better for my needs.

I still have the Pi-hole running and sometimes use it to tinker around but Diversion is my full time ad blocker.

Very good feedback.

Pi-hole is almost maintenance free, I mean "almost" where you can hunt for good block files. My Pi-hole sits far away from my router in the basement "sever room". Like I said before, AiMesh isn't really needed but why not? I don't want to throw away a good and old router.

 

[consorts]

AiMesh isn't really needed but why not?

aimesh isn't of benefit to you - it's asus marketing attempt to maintain old model resale values;

https://www.smallnetbuilder.com/wireless/wireless-reviews/33208-asus-aimesh-reviewed

most large home owners using merlin+apps has evaluated aimesh and found it wanting

 

[Justin Time]

Very good feedback.

Pi-hole is almost maintenance free, I mean "almost" where you can hunt for good block files. My Pi-hole sits far away from my router in the basement "server room". Like I said before, AiMesh isn't really needed but why not? I don't want to throw away a good and old router.

I know this is an ancient thread, but if someone can benefit from others’ insights, I hope it would help. I agree with this reply. I’ve been using Pihole for many years, and it has been very stable. I have a secondary Pihole for load balance and redundancy. I set up a script to automatically update my secondary Pihole with the primary’s gravity files, regex, allowlist rules, etc. Maintenance is minimal. I especially like the amount of flexibility you have with Pihole through a user-friendly UI. I would opt for Pihole since it can scale and adapt to your changing needs relatively quickly.

 

[JGrana]

aimesh isn't of benefit to you - it's asus marketing attempt to maintain old model resale values;

https://www.smallnetbuilder.com/wireless/wireless-reviews/33208-asus-aimesh-reviewed

most large home owners using merlin+apps has evaluated aimesh and found it wanting

If you don’t really need a mesh style network, no AIMesh is of no use.

I will say, as an owner of a rather broad house with another small building close by, AiMesh since the more recent 388 releases has been working quite well. I have an AX88U Pro as the main router and 2 AX58U as nodes.
I do admit that 6-9 months ago it was not the most stable mesh implementation but from the 388 releases on it has been pretty much trouble free.
In fact, I just installed 388.4 beta 1 on all devices - and its running very good.
In fact, the past few months, I rarely even check the WebUI->AiMesh tab. It just quietly works.

 

[Wisiwyg]

I know this is an ancient thread, but if someone can benefit from others’ insights, I hope it would help. I agree with this reply. I’ve been using Pihole for many years, and it has been very stable. I have a secondary Pihole for load balance and redundancy. I set up a script to automatically update my secondary Pihole with the primary’s gravity files, regex, allowlist rules, etc. Maintenance is minimal. I especially like the amount of flexibility you have with Pihole through a user-friendly UI. I would opt for Pihole since it can scale and adapt to your changing needs relatively quickly.

This...

I was an avid user of Skynet and Diversion for years on my AX88U. I eventually was upgraded by Comcast to a 1.2gb incoming line. For some reason I couldn't get above ~6-700mb down. After searching and trying several options, found that shutting down all AMTM scripts would get me ~800-850 and activating LACP from modem to router would get me ~ 1.1-1.2gb. My reasoning is the first bottleneck was the CPU, simply didn't have the umph to run the filtering scripts and everything. The second bottleneck was the 1gb WAN port and hardware limitation.

Today I run a RPi4 and handle add blocking and enhanced firewall on it via country block and filter lists from firebog.net, running about 1.5MM block list. I couldn't do that with Skynet/Diversion. On top of the add lists and malicious sites lissts, I"m blocking about 30 countries including the usual suspects, RU, CN, PK, more.

Overkill? Probably... But now that its all working it makes me happy, getting ~1.15 on a 1.0gb feed through my older AX88U with 1gb ports. If your incoming pipe is less or if you have a newer router with a higher performance CPU or ports, Skynet/Diversion likely works great and probably all you need. Single RPi right now, but have a 2nd, Pi3B+ in waiting. The 1gb port on the Pi4 doesn't seem to hold up anything and has been working flawlessly the last year.

 

[Kingp1n]

Also....Diversion will be getting an update in the near future and we also now have Adguard Home within AMTM to tinker with...

 

[Crimliar]

If you care to start a new thread I'll give my 2 cents worth - this is really too old of a thread to be fully useful IMHO

 

[Gary_Dexter]

This...

I was an avid user of Skynet and Diversion for years on my AX88U. I eventually was upgraded by Comcast to a 1.2gb incoming line. For some reason I couldn't get above ~6-700mb down. After searching and trying several options, found that shutting down all AMTM scripts would get me ~800-850 and activating LACP from modem to router would get me ~ 1.1-1.2gb. My reasoning is the first bottleneck was the CPU, simply didn't have the umph to run the filtering scripts and everything. The second bottleneck was the 1gb WAN port and hardware limitation.

Today I run a RPi4 and handle add blocking and enhanced firewall on it via country block and filter lists from firebog.net, running about 1.5MM block list. I couldn't do that with Skynet/Diversion. On top of the add lists and malicious sites lissts, I"m blocking about 30 countries including the usual suspects, RU, CN, PK, more.

Overkill? Probably... But now that its all working it makes me happy, getting ~1.15 on a 1.0gb feed through my older AX88U with 1gb ports. If your incoming pipe is less or if you have a newer router with a higher performance CPU or ports, Skynet/Diversion likely works great and probably all you need. Single RPi right now, but have a 2nd, Pi3B+ in waiting. The 1gb port on the Pi4 doesn't seem to hold up anything and has been working flawlessly the last year.

View attachment 52019

What country-block lists are you using?

 

[Gary_Dexter]

Personal preference - I prefer AGH over PiHole and get a good amount of blocking out of it using Hagezi’s blocklists:

 

[Kingp1n]

Personal preference - I prefer AGH over PiHole and get a good amount of blocking out of it using Hagezi’s blocklists:

View attachment 52021

Is this the only blocking list you use or in addition to the default ones automatically added? By any chance do you use any of malware/phishing list as well?

 

[Gary_Dexter]

Is this the only blocking list you use or in addition to the default ones automatically added? By any chance do you use any of malware/phishing list as well?

Hagezis lists are a “compilation” of other popular lists with any duplicates, dead-sites etc. removed.

Personally I use the Ultimate list, which includes blocking of Malware sites etc. from sources like Cisco Talos/Umbrella and others.

 

[Kingp1n]

Hagezis lists are a “compilation” of other popular lists with any duplicates, dead-sites etc. removed.

Personally I use the Ultimate list, which includes blocking of Malware sites etc. from sources like Cisco Talos/Umbrella and others.

Nice and thanks for the info...what's the link to the Ultimate list? I might try it this weekend. Thanks again !

 

[Gary_Dexter]

Nice and thanks for the info...what's the link to the Ultimate list? I might try it this weekend. Thanks again !

Be warned it has a high level of blocking so you’ll likely need to do some heavy whitelisting if you find things stop working or pages don’t load…

GitHub - hagezi/dns-blocklists: DNS-Blocklists: For a better internet - keep the internet clean!

DNS-Blocklists: For a better internet - keep the internet clean! - hagezi/dns-blocklists

github.com

 

[Crimliar]

My experience with Pi-Hole started quite a few years back. We have an adult family member with ASD that used to regularly download software from dodgy sources and mess their computer up. Using Pi-Hole has been enough to reduce the need to reinstall windows from once every 2-3 weeks, to less than yearly. I've since switched to Diversion, simply because I found running Pi-Hole, I really needed to run it on two devices just in case anything happened to one of them. As has previously been stated with Diversion, if the router is up, then Diversion is up.
My experience with AGH has not been so good, so far. AGH is more of an all-in-one solution, I've had issues where it's gone wrong (both running on a Pi and on the router), and troubleshooting is a pain. I'll probably try AGH again in the future, but not right now!

 

[Wisiwyg]

What country-block lists are you using?

I keep this in a txt file for easy copy/paste.

* for Skynet
ae af az bg bh br by cd cn cu ee eg et ge hk il iq ir it kd kp kw ky kz la lb lr ly md mx ng ni nl om pk ps qa ru rw sa sb sc sd so ss su sy tm tr tw ua ug uz ve vn ye zw

* for PiHole as Domain Blacklist Regex
\.(ae|af|az|bg|bh|br|by|cd|cn|cu|ee|eg|et|ge|hk|il|iq|ir|it|kd|kp|kw|ky|kz|la|lb|lr|ly|md|mx|ng|ni|nl|om|pk|ps|qa|ru|rw|sa|sb|sc|sd|so|ss|su|sy|tm|tr|tw|ua|ug|uz|ve|vn|ye|zw)$

 

[Gary_Dexter]

My experience with Pi-Hole started quite a few years back. We have an adult family member with ASD that used to regularly download software from dodgy sources and mess their computer up. Using Pi-Hole has been enough to reduce the need to reinstall windows from once every 2-3 weeks, to less than yearly. I've since switched to Diversion, simply because I found running Pi-Hole, I really needed to run it on two devices just in case anything happened to one of them. As has previously been stated with Diversion, if the router is up, then Diversion is up.
My experience with AGH has not been so good, so far. AGH is more of an all-in-one solution, I've had issues where it's gone wrong (both running on a Pi and on the router), and troubleshooting is a pain. I'll probably try AGH again in the future, but not right now!

What issues have you had with AGH?