Installing Pixelserv-TLS 2.2.1-rc.3 on Tomato Bulld with Adblock

Discussion in 'Tomato Firmware' started by rgnldo, Nov 20, 2018.

  1. rgnldo

    rgnldo Networkin' Nut Member

    Pixelserv-tls 2.2.1-rc.3 (2018-11-15)
    Changes
    • NEW enhance blocking of pop-up ads during playback of YouTube video
    • CHANGE more accurate avg/max processing time, avg and tmx
    • NEW save all cached certs to "CERT_PATH/prefetch" on signal SIGUSR1
    • e.g. killall -SIGUSR1 pixelserv-tls
    • CHANGE save all cached certs on program shutdown (previously top 3/4)
    • CHANGE default "cert cache size" (-c) to 500 (previously 50)
    • CHANGE default "select timeout" (-o) to 1s (previously 10s)
    • CHANGE more accurate max. processing time, tmx
    You must first install the Entware repository.
    Assuming you have the Entware configured, follow the commands:

    Code:
    opkg update
    opkg list | grep "pixelserv"
    opkg install pixelserv-tls
    opkg install wget
    Now we will upgrade to the latest beta.

    Code:
    _binfavor=static sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-beta.sh)"
    Generating the certificates:

    Code:
    mkdir -p /opt/var/cache/pixelserv
    cd /opt/var/cache/pixelserv
    openssl genrsa -out ca.key 1024
    openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"
    chown -R nobody /opt/var/cache/pixelserv
    Activate the interface associated with Pixelserv-tls:
    Code:
    ifconfig br0:pixelserv 192.168.1.3 up
    Edit the /opt/etc/init.d/S80pixelserv-tls file:

    Code:
    #!/bin/sh
    export TZ=$(cat /etc/TZ)
    ENABLED=yes
    PROCS=pixelserv-tls
    ARGS="192.168.1.3"
    PREARGS=""
    PRECMD="ulimit -s 64"
    DESC=$PROCS
    PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    
    . /opt/etc/init.d/rc.func
    In the web gui configuration of Tomato builds, under Configuration -> Scripts -> Wan Up:
    Code:
    ifconfig br0:pixelserv 192.168.1.3 up
    Restart:

    Code:
    /opt/etc/init.d/S80pixelserv-tls restart
     
    Last edited: Nov 20, 2018
  2. davexx

    davexx New Member Member

    i follow the procedure fine, but it didnt work for me, it show me adds on youtube, also it didnt show me a cert error for youtube ads.
    maybe i didnt know how to use the https block using this server.
     
  3. rgnldo

    rgnldo Networkin' Nut Member

    What model of router and compiler Tomato are you using?
     
  4. davexx

    davexx New Member Member

    ac68u, tomato version 2018.4
     
  5. rgnldo

    rgnldo Networkin' Nut Member

     
  6. davexx

    davexx New Member Member

    all the procedure you post i follow without any issue, the problem is it didnt block anything... i need to setup a proxy server pointing to the bridge interface? or it will work with the dnsmasq inside tomato?
     
  7. eTaurus

    eTaurus Connected Client Member

    Sorry for this noob-question, but how do I check that pixelserv is actually working? It started without problems.

    Do I have to do anything else in Tomatousb?
     
  8. phuklok1

    phuklok1 Network Guru Member

    Could someone with the know how and necessary equipment create a static MIPS build of the latest pixelserv for those of us on older routers using jerrm's external adblock script? Thanks in advance!
     
    Last edited: Dec 3, 2018
  9. Beast

    Beast Network Guru Member

    Its been done, check this link, pixelserv for mips by HunterZ. Its like the third iteam down. Also look at the adblock script there, cant remmber if thats and update of jerms. https://tomato-adblock.weebly.com/
     
  10. rgnldo

    rgnldo Networkin' Nut Member

    This solution was absorbed by Tomato, in the native Adblock of FW. The tip I posted is Pixelserv-tls, with support for TLS 1.3, SNI etc. You should not use native Adblock to configure Pixelserv-tls
     
  11. phuklok1

    phuklok1 Network Guru Member

    Beast, thanks for the reply, I had found that link searching around before, but it is an old version (circa 2015). I was hoping for an updated version.

    I hope in the future we see pixelserv implemented directly in the tomato firmware as an enhancement to the built in adblock. This is the main reason I still use an external script solution.
     
  12. eTaurus

    eTaurus Connected Client Member

    Did you answer to my question? Today I suceeded to get pixelserv-tls up and running, but how do I check if it actually is working?

    Since you seem to have quite a lot of knowledge on the topics of Stubby, Adblock and pixelserv I would like to ask you some questions:
    1. Does pixelserv work with DNS-over-TLS? I activated Stubby using Cloudflare and it's working well.
    2. Is pixelserv an Adblock solution or merely a complement to Tomatos built-in Adblock?
    3. What does the following, found here, mean?
    I'm in the process of learning and understanding Tomatos Adblock, Stubby and pixelserv and I would definitely appreciate if you can answer my question. If you know of online resources concerning these topics you can point me to them.
     
  13. rgnldo

    rgnldo Networkin' Nut Member

    Code:
    root@rgnldo-lan:/tmp/home/root# netstat -lnpW
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address                                       Foreign Address                                     State       PID/Program name   
    tcp        0      0 0.0.0.0:9091                                        0.0.0.0:*                                           LISTEN      1613/transmission-d
    tcp        0      0 0.0.0.0:8200                                        0.0.0.0:*                                           LISTEN      1813/minidlna
    tcp        0      0 10.0.30.1:139                                       0.0.0.0:*                                           LISTEN      1138/smbd
    tcp        0      0 127.0.0.1:5453                                      0.0.0.0:*                                           LISTEN      5345/stubby
    tcp        0      0 10.0.30.3:80                                        0.0.0.0:*                                           LISTEN      5038/pixelserv-tls
    tcp        0      0 10.0.30.1:80                                        0.0.0.0:*                                           LISTEN      1982/httpd
    tcp        0      0 0.0.0.0:6800                                        0.0.0.0:*                                           LISTEN      1811/aria2c
    tcp        0      0 0.0.0.0:81                                          0.0.0.0:*                                           LISTEN      1092/nginx
    tcp        0      0 0.0.0.0:53                                          0.0.0.0:*                                           LISTEN      5320/dnsmasq
    tcp        0      0 0.0.0.0:22                                          0.0.0.0:*                                           LISTEN      966/dropbear
    tcp        0      0 10.0.30.3:443                                       0.0.0.0:*                                           LISTEN      5038/pixelserv-tls
    tcp        0      0 0.0.0.0:51515                                       0.0.0.0:*                                           LISTEN      1613/transmission-d
    tcp        0      0 10.0.30.1:445                                       0.0.0.0:*                                           LISTEN      1138/smbd
    tcp        0      0 ::1:5453                                            :::*                                                LISTEN      5345/stubby
    tcp        0      0 :::53                                               :::*                                                LISTEN      5320/dnsmasq
    tcp        0      0 :::22                                               :::*                                                LISTEN      966/dropbear
    tcp        0      0 :::23                                               :::*                                                LISTEN      965/telnetd
    tcp        0      0 :::51515                                            :::*                                                LISTEN      1613/transmission-d
    udp        0      0 0.0.0.0:42000                                       0.0.0.0:*                                                       1294/eapd
    udp        0      0 10.0.0.179:54066                                    0.0.0.0:*                                                       1813/minidlna
    udp        0      0 0.0.0.0:53                                          0.0.0.0:*                                                       5320/dnsmasq
    udp        0      0 0.0.0.0:51515                                       0.0.0.0:*                                                       1613/transmission-d
    udp        0      0 0.0.0.0:67                                          0.0.0.0:*                                                       5320/dnsmasq
    udp        0      0 127.0.0.1:5453                                      0.0.0.0:*                                                       5345/stubby
    udp        0      0 239.255.255.250:1900                                0.0.0.0:*                                                       1813/minidlna
    udp        0      0 0.0.0.0:38000                                       0.0.0.0:*                                                       1294/eapd
    udp        0      0 10.0.30.255:137                                     0.0.0.0:*                                                       1136/nmbd
    udp        0      0 10.0.30.1:137                                       0.0.0.0:*                                                       1136/nmbd
    udp        0      0 0.0.0.0:137                                         0.0.0.0:*                                                       1136/nmbd
    udp        0      0 10.0.30.255:138                                     0.0.0.0:*                                                       1136/nmbd
    udp        0      0 10.0.30.1:138                                       0.0.0.0:*                                                       1136/nmbd
    udp        0      0 0.0.0.0:138                                         0.0.0.0:*                                                       1136/nmbd
    udp        0      0 127.0.0.1:38032                                     0.0.0.0:*                                                       1296/nas
    udp        0      0 10.0.30.1:23447                                     0.0.0.0:*                                                       1813/minidlna
    udp        0      0 10.0.30.3:27800                                     0.0.0.0:*                                                       1813/minidlna
    udp        0      0 0.0.0.0:57825                                       0.0.0.0:*                                                       1613/transmission-d
    udp        0      0 0.0.0.0:43000                                       0.0.0.0:*                                                       1294/eapd
    udp        0      0 :::53                                               :::*                                                            5320/dnsmasq
    udp        0      0 ::1:5453                                            :::*                                                            5345/stubby
    udp        0      0 :::123                                              :::*                                                            2222/ntpd
    raw   120624      0 0.0.0.0:2                                           0.0.0.0:*                                           2           1947/igmpproxy
    raw        0      0 0.0.0.0:2                                           0.0.0.0:*                                           2           1947/igmpproxy
    raw        0      0 0.0.0.0:255                                         0.0.0.0:*                                           255         1947/igmpproxy
    I have not tested it yet. Please check and let us know.
    complement. With TLS support...
     
  14. rgnldo

    rgnldo Networkin' Nut Member

    With Stubby, try this mode in Wan Up script:
    Code:
    cp -R /jffs/scripts/stubby.yml /etc
    sleep 1
    service dnsmasq restart
    ifconfig br0:pixelserv 192.168.1.3 up
    logger -t $(basename $0) "br0:pixelserv 192.168.1.3 created."
    sleep 2
    /opt/etc/init.d/S80pixelserv-tls restart
    sleep 2
    service dnsmasq restart
     
    Last edited: Dec 5, 2018
  15. eTaurus

    eTaurus Connected Client Member

    Thank you, it seems to work.

    I presume that I had to change the IP address because using your example gave me problems with internet access for devices connected with LAN.
     
    Last edited: Dec 5, 2018
  16. rgnldo

    rgnldo Networkin' Nut Member

    @eTaurus

    2.2.1-rc.4 (2018-12-5)
    Changes
    • NEW enhance adblocking during playback of YouTube video
    Notes on Blocking YouTube Adverts
    • You must point "manifest.googlevideo.com" to IP address of pixelserv-tls in order to experience the new way of blocking YouTube ads.

    • For Entware users, you may need "opkg install libcurl" in case you see errors on startup.

    • It's known phenomenon that if you recently spend some time on YouTube, tavmight be skewed to a few hundred milliseconds. Rest assured that pixelserv-tlsruns just as fast as before.

    • Only "dynamic" versions are available for this test release. Hence, TLSv1.3 is not available together with the new enhancement.
    Code:
    sh -c "$(wget -qO - https://kazoo.ga/pixelserv-tls/install-2_2_1-rc_4.sh)"
     
  17. Frequenzy

    Frequenzy Addicted to LI Member

    does this pixelserv version can work with not so lean adblock?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice