Diversion No errors but logging/blocking not working

[fsb]

I just installed Diversion on my RT-AC86U yesterday. I'm running Merlin 386.3_2. I went to the GitHub page and followed the instructions to do the Standard installation. I didn't receive, and still don't have, any errors.

I tried to install uiDivStats and it told me that Diversion logging was disabled. That was strange and when I checked again, it was still enabled and green (logging = dnsmasq.log). I kept Diversion running for an entire day and checked the ads blocked, it's still 0.

When I try to follow dnsmasq (f), I'm told that logging is disabled and I need to enable it.

I've removed, reinstalled, and restarted Diversion but I get the same results. I've searched this sub to ensure my router DNSFilter is set to Router (and all the fields are blank).

In the router's syslog it doesn't show any errors and pixelserv-tls is running on ports 443 and 80, as expected. I opened pixelserv-tls servstats in the browser and it shows 1 error but I can't find it in the log:

Nov 9 07:22:04 Diversion: created br0ixelserv-tls for 192.168.0.2
Nov 9 07:22:04 pixelserv-tls[32193]: pixelserv-tls 2.4 (compiled: Aug 22 2021 06:41:01 flags: tfo tls1_3) options: 192.168.0.2
Nov 9 07:22:04 pixelserv-tls[32193]: Listening on :192.168.0.2:443
Nov 9 07:22:04 pixelserv-tls[32193]: Listening on :192.168.0.2:80
Nov 9 07:22:05 Entware (aarch64-k3.10): Started pixelserv-tls (Diversion)
Nov 9 07:30:43 kernel: pgd = ffffffc01149b000
Nov 9 07:30:43 kernel: [00000000] *pgd=000000001651d003, *pud=000000001651d003, *pmd=0000000010b1d003, *pte=0000000000000000
Nov 9 07:30:43 kernel: CPU: 1 PID: 29620 Comm: dcd Tainted: P O 4.1.27 #2
Nov 9 07:30:43 kernel: Hardware name: Broadcom-v8A (DT)
Nov 9 07:30:43 kernel: task: ffffffc014f2aac0 ti: ffffffc0061dc000 task.ti: ffffffc0061dc000
Nov 9 07:30:43 kernel: PC is at 0xf72f1f44
Nov 9 07:30:43 kernel: LR is at 0x1dd14
Nov 9 07:30:43 kernel: pc : [<00000000f72f1f44>] lr : [<000000000001dd14>] pstate: 600f0010
Nov 9 07:30:43 kernel: sp : 00000000ff9c8c38
Nov 9 07:30:43 kernel: x12: 00000000000a2050
Nov 9 07:30:43 kernel: x11: 00000000f65ff024 x10: 00000000000a23c4
Nov 9 07:30:43 kernel: x9 : 00000000f65ffa28 x8 : 00000000000a287c
Nov 9 07:30:43 kernel: x7 : 00000000f65ffa60 x6 : 00000000000a2876
Nov 9 07:30:43 kernel: x5 : 0000000000000000 x4 : 00000000f65ffa0c
Nov 9 07:30:43 kernel: x3 : 0000000000000000 x2 : 00000000ff9c8c14
Nov 9 07:30:43 kernel: x1 : 000000000007d75a x0 : 0000000000000000

I don't know if it's relevant but I also have ExpressVPN setup on my router so all my devices use the nearest server.

 

[ColinTaylor]

I don't know if it's relevant but I also have ExpressVPN setup on my router so all my devices use the nearest server.

Might be related. What do you have Accept DNS Configuration set to in the VPN client settings?

 

[fsb]

Might be related. What do you have Accept DNS Configuration set to in the VPN client settings?

"Exclusive". I believe I need it set that way to use ExpressVPN.

 

[eibgrad]

You don't need Exclusive because you're using ExpressVPN. ExpressVPN has no idea how you've configured your local DNS settings wrt the DNS server it makes available to the OpenVPN client. Or if you use it at all. That's up to YOU and your intentions.

In the case of Exclusive, this *bypasses* DNSMasq by redirecting those clients bound to the VPN directly to the ExpressVPN DNS server. And if your ad-blocking is based on DNSMasq (which most are, I don't use Diversion, but I assume it does as well), then ad-blocking will have NO EFFECT! In addition, those same clients lose access to all other DNSMasq features too (local name resolution, caching, etc.).

OTOH, if you specify Strict rather than Exclusive, now DNSMasq is used, but it's reconfigured to use the ExpressVPN DNS server *first*. And you regain access to all DNSMasq features. On the downside, *all* clients, whether bound to the VPN or WAN, are now using the VPN's DNS server.

IOW, there is no perfect solution. YOU have to decide which best suits your situation.

 

[fsb]

In the case of Exclusive, this *bypasses* DNSMasq by redirecting those clients bound to the VPN directly to the ExpressVPN DNS server. And if your ad-blocking is based on DNSMasq (which most are, I don't use Diversion, but I assume it does as well), then ad-blocking will have NO EFFECT! In addition, those same clients lose access to all other DNSMasq features too (local name resolution, caching, etc.).

Thanks for this, I wasn't aware of it. I've switched one of my VPN client's settings from Exclusive to Strict and rebooted the router and restarted Diversion. I'm still not getting any indication of ads being blocked.

I did another reinstallation of Diversion and saw these entries which I must've missed the last time. @thelonelycoder can you please help me with next steps on this?

Looks like something is blocking the log entries from being created on the router?

 

[fsb]

Well, no responses so I’m uninstalling Diversion. It’s not working for me, unfortunately.