Adblockers have become very popular and are now an indispensable tool to keep your sanity while navigating the web. Pop-up windows, multiple flashing ads, the list goes on and really, every person that surfs the web has encountered at least a single occurrence when they had to close multiple small windows to actually manage to read the content. So, when Google announced that it wants to block generic adblockers on the Google Chrome browser in favour of implementing its own filters, I thought why not block ads at a router level across all your devices and fix the problem in its infancy.
Don’t get me wrong, I do think that ads are important and if nobody would watch them, then I doubt many blogs would survive, but some websites have gone overboard with ad placement and I do think that users should have the control over which websites get their ads blocked and which do not. That being said, I have already explored a specific option using the Linksys WRT3200ACM and OpenWRT (along with the adblock addon), which has delivered some interesting results (YouTube ads have proven to be tricky, but that was to be expected), so I decided to see what do the Asus routers have to offer in this regard.
Similarly to the Linksys WRT3200ACM, you’re going to need to use a third-party firmware and in this case, it’s ASUSWRT-Merlin, a software that keeps the look and the feel of the original firmware, but it further enhances its capabilities by adding a lot more advanced features (usually suitable for professionals). Furthermore, the ASUSWRT-Merlin can’t block ads by default, so you’re going to have to install a nifty tool called Diversion (previously known as AB-Solution) and install it via SSH. As can be seen in the title, I am going to use the ASUS RT-AC86U, but this method should work with any Asus routers that are compatible with ASUSWRT-Merlin (sorry, RT-ACRH17 and RT-ACRH13).
To install the Merlin firmware, you need to go to the official website, download the suitable software release and simply add it manually as you would with any other regular firmware (Administration > Firmware Upgrade > Upload) and wait until it gets successfully installed (at the end, you will be asked to manually restart the router).
Afterwards, go to the Diversion tool official website and read the requirements. The ASUSWRT-Merlin and the JFFS custom scripts enabled are supported by the RT-AC86U, so the next requirement is a USB drive (formatted with ext2, ext3 or ext4 file system – the latter for ARM devices) that has to be permanently plugged into the router. While the WRT3200ACM didn’t require external drives, I have seen a similar system with the Synology RT2600ac, so it is not that uncommon.
Obviously, most USB drives aren’t ext formatted and you will need a third-party tool to do it (Windows OS doesn’t seem to have anything built-in for this job), but you can use the amtm software to format the disk (also available on the Diversion website) or, if you’re not that familiar with the SSH terminal, there are a number of free tools available on the web that will quickly do the job (I used the MiniTool Partition Wizard). After inserting the USB drive, you’ll have to install the Diversion software and to do so, you’re going to have to use the SSH terminal – to access it, there are several programs that you can use, but I chose PuTTY for Windows.
Before accessing the terminal, you need to enter the router’s interface, then go to Administration, System and under Service, you need to enable SSH (I chose LAN + WAN), use the SSH service port 22 (the default, but you can choose any other unused port), set Allow SSH password login to Yes and Enable SSH Brute Force Protection to Yes; at the Authorized Keys section, you can generate a public key using PuTTY Key generator tool (comes along with the PuTTY bundle): after you opened the tool, press Generate and simply copy the Public key and paste it in the router interface. After that, click Apply and wait for the changes to take effect.
On the next step, open PuTTY and at the Host Name, insert the IP address of the router (in my case, it was 192.168.1.1), check if the Port is correct (it should be 22) and click open. This will summon a new window, where you’ll have to login using the router’s credentials and, afterwards, simply insert curl -0s https://diversion.ch/install && sh install and press Enter to start the installation process, which will guide you through configuring the way the software will work: you can choose the preferred theme, the Diversion Edition (it can be Lite or Standard – I prefer the latter since it is a lot more comprehensive) and you have to reserve an IP address for the pixelserv-tls (I chose 192.168.1.2 and I had to adjust the IP Pool Starting Address to start from 192.168.1.3 – can be done in LAN > DHCP Server).
After that, I also enabled the Logs, I acknowledged that some domains deserve to be whitelisted (SmallNetBuilder.com) and I installed Entware (64-bit). And that’s all, you have successfully installed Diversion on your Asus RT-AC86U router (if you close the terminal, you can easily regain access to the program commands by opening PuTTY, going to the router IP and simply inserting diversion in the terminal). Obviously, you may want to add some new websites on the Whitelist (for example, Google Analytics will be blocked by default) and, to do so, after accessing the Diversion tool, you need to insert el command (edit lists) and select 1.
Here, you’ll be able to see all the added domains and you can edit the list: Add or Delete domain, Process the whitelist, Sort and verify it, Restore whitelist from backup or Set domain to active or inactive. We’re going to choose 1 and enter the preferred domain – I like that if you don’t know which are all the related domains, you can simply insert the general website (such as google.com) and the software will display them automatically, allowing you to add all of the domains in one go. After you’re done adding the domains, you have to process it (insert 3 at the whitelist menu). The same steps need to be followed if you want to add a specific domain to the blocklist.
The Diversion adblock tool will work for all the connected clients, but what if you want some of your devices to still display ads? You’re going to have to change the DNS server of that specific client. To accomplish this, head back to the Asus router UI and, under the Advanced Settings, go to LAN > DNSFilter to Enable the DNS-based Filtering. Next, leave the Global Filter Mode to No Filtering and configure one of the Custom (user-defined) DNS profiles (can be the default 8.8.8.8 – Google DNS). Under Client List and Client MAC address, select the device you want to not be filtered by the Diversion and, under the Filter Mode, select the Custom profile that you previously configured. Lastly, press Apply and you should be done.
OK, I’m not going to sugarcoat it, the installation is not simple and it requires a bit more steps than the OpenWRT, but in the end it is worth it because the developers did a great job at making the commands as intuitive as possible. At the same time, once again, I have to acknowledge that there are awesome routers out there (such as the pcWRT), which can easily do all these things (and more) with only a few clicks, but, if you already have an Asus router flashed with the ASUSWRT-Merlin firmware, then this is a great way to block some of the most obnoxious ads out there.
I am not sure if this post is still active, but I am getting in trouble.
I have gone through the steps thoroughly. I am using PuTTY to access Diversion.
Within Diversion I have installed the adblocker.
But the adblocker doesn’t work as it should.
I am still receiving ads on youtube and other websites/apps.
It also causes problems with my banking-app (I need to disable Diversion to use my banking-app).
I am not sure what to do and how to configure the right settings.
Starting up Diversion it says the following: [93,413] blocked domains by [1] hosts file(s)
How can I adjust this? What prompts needs to be in place to block adds?
I haven’t been using Diversion for about a year (went with PiHole for its modularity), so I am not entirely sure about its current state, but it seems that YouTube has gotten ‘smarter’ and is now circumventing the adblocker. It should still work for other websites though. As for the banking app, you need to whitelist it, so it doesn’t get blocked.
Oh, and I think there may be something new about Google Chrome and adblockers, so I would also try it with other browsers to see if the ads do get blocked. I have to do some tests myself and most likely update the article.
i need your help i going mental !! last step is unclear , when the ask me to reserve a pixel adress i log in in my asus web , go in lan/dhcp/set my routuer ip sart pool and finish range with 3 … but there is no generated ip and in the bottom I need to select a mac adress , i try to set the ip ranges in putty but he reply is not a IP reserved….
Hi, if the router’s IP address is 192.168.1.1, then when you’re prompted to enter a pixelserv-tls, you need to update the LAN DHCP IP Pool Starting Address from 192.168.1.2 to 192.168.1.3 and then enter 192.168.1.2 for the pixelserv. When changing the IP Pool, you need to make sure that 192.168.1.2 is not already reserved for a client and, I would also check the client list to make sure that the IP is not used by a connected device (simply disconnect it for a bit if it does use the IP).
I missing something … i go in the settings and in the start pool it says 192.168.1.1 is not valid adress so i put my start 192.168.2.1 to 192.168.2.3 click apply and go in putty same error says is not a reserved ip adress ? what i do wrong ?
screenshot
https://ibb.co/w0cDnCH
https://ibb.co/cy5SXQc
hope can help me out so close to finish this setup
Ok, I think I understand the issue. Go ahead and set the DHCP pool to start from 192.168.2.3 to 192.168.2.255 (or anything below) and, return and set the pixelserv to 192.168.2.2. It should work now.