Here is the VPN Adblock Settings that works with the Turris Omnia (I think Mox to):

1. First learn how to use Basic SSH Commands:
   https://www.hostinger.com/tutorials/ssh/basic-ssh-commands
   HowTo Save files:
   https://help.dreamhost.com/hc/en-us/articles/115006413028-Creating-and-editing-a-file-via-SSH
   -> To use nano commands you need to install in Luci->System-Software->download nano
2. Connect with terminal (linux): “ssh root@192.168.1.1” to Turris Omnia and use your Luci Passwort
3. Use the Guide from falkon:
   Adblock package release for turris omnia
   -> To Save hit ESC -> “:wq” and use wget for download & Enable Blacklist (First Blacklist>Repo)

Hi dibdot,

thank you very much for your manual how to set up adblock on Turris Omnia!

Unfortunately, when I followed your steps, it was not very straightforward for me – I’m not very experienced OpenWRT user though I have non-trivial Linux administration experience.That’s why I would like to share my step-by-step guide for other users. Feel free to update your first post if you like it.

So, here we go:

1. [optional] Change current dir to /tmp , so you do not write to the Turris’ (precious) internal Flash memory. But you can use any dir you like…[turris]:/# cd /tmp
2. Download AdBlock packages: adblock and luci-app-adblock . Find the latest version on these pages: adblock package and luci-app-adblock . Use proper links in wget commands below:[turris]:/tmp# wget https://downloads.lede-project.org/snapshots/packages/x86_64/packages/adblock_3.0.2-1_all.ipk
   [turris]:/tmp# wget https://downloads.lede-project.org/snapshots/packages/x86_64/luci/luci-app-adblock_git-17.257.70215-07593d2-1_all.ipk
3. Install both packages:[turris]:/tmp# opkg install adblock_3.0.2-1_all.ipk
   [turris]:/tmp# opkg install luci-app-adblock_git-17.257.70215-07593d2-1_all.ipk
4. Enable module. First of all, check the present state by running:[turris]:/tmp# /etc/init.d/adblock enabled; echo $?
   1

Please note that the script returned 1, which means there was some ‘error’ – this mean, the module is NOT enabled.

Let’s enable it and check the state again:

[turris]:/tmp# /etc/init.d/adblock enable
[turris]:/tmp# /etc/init.d/adblock enabled; echo $?
0

!!! Beware !!! Even though the /etc/init.d/adblock enable script (in version 3.0.2) returns 1 (error code), it seems that it does its job. You can verify it by running /etc/init.d/adblock enabled; echo $? . If the result is “0” (no error), the module is enabled.

5. now, edit the kresd config file:vim /etc/config/resolver

and find the section config resolver 'kresd' . Add the following line:

list rpz_file "/etc/kresd/adb_list.overall"

just after the config resolver 'kresd' line. So the config may looks like this:

config resolver 'common'
    ...  // some global preferences
    .
    .
    .

config resolver 'kresd'
    list rpz_file "/etc/kresd/adb_list.overall"        
    option rundir '/tmp/kresd'
    option log_stderr '1'
    option log_stdout '1'
    option forks '1'
    option dynamic_domains '0'

config resolver 'unbound'
    option outgoing_range '60'
.
.
.

6. Now, go to the LuCI web interface, Services -> Adblock page and make the following changes from the “default” pre-set:

7. make sure “Enable Adblock” is checked

• change “DNS Backend” to “kresd”
• change “Startup Trigger” to “timed”
• check additional Blocklist Sources, e.g.,: adaway, adguard, blacklist, disconnect, ransomware, winspy, yoyo, zeus
• you can check Verbose Debug Logging (if you would like to check everything is working fine)
• check Force Local DNS
• finally, hit “Save & Apply” button

7. Now, verify your setup:

8. Check /etc/init.d/adblock status :

 [turris]:/tmp# /etc/init.d/adblock status
 ::: adblock runtime information
   + adblock_status  : enabled
   + adblock_version : 3.0.2
   + blocked_domains : 82457
   + fetch_utility   : wget (built-in)
   + dns_backend     : kresd (/etc/kresd)
   + last_rundate    : 17.09.2017 01:38:35
   + system_release  : Turris Omnia, OpenWrt omnia 15.05/3.8

2. view log file:

 [turris]:/tmp# cat /var/log/messages | grep "adblock" 

3. check the existence of new definitions-file for kresd:

 [turris]:/tmp# ls -lh /etc/kresd/adb_list.overall
  -rw-r--r--    1 root     root        1.0M Sep 16 23:51 /etc/kresd/adb_list.overall

4. To be sure, it is better to restart the resolver now:

 [turris]:/tmp# /etc/init.d/resolver restart

5. let’s try to resolve some Ad-domain:

 [turris]:/tmp# nslookup securepubads.g.doubleclick.net localhost
 Server:    127.0.0.1
 Address 1: 127.0.0.1 localhost

 nslookup: can't resolve 'securepubads.g.doubleclick.net': Name does not resolve

If you get “Name does not resolve”, the AdBlocking is working correctly.

Well, and that’s all! Happy ad-blocking!

4. After this all things should work after you hit enable -> Save&Apply and you can use repos or your one links in blacklist!

I think you don’t need this, but use this maybe if there is a error:
https://forum.test.turris.cz/t/adblock-package-release-for-turris-omnia/4912/24?u=omni

EDIT: I resolved this – it’s not a bug, it is a “feature”…

@dibdot I believe there is some bug in processing manual blacklist.

Steps to reproduce:

1. AdBlock web administration
2. on the Overview tab, uncheck all Blocklist Sources
3. hit Save & Apply
4. go to the console and check, that the /etc/kresd/adb_list.overall file is empty (which is expected):

wc -l /etc/kresd/adb_list.overall

0 /etc/kresd/adb_list.overall

5. then go back to the AdBlock web administration → Advanced → Edit Blacklis and add any records, e.g.:u.scdn.co
   6…u.scdn.co
6. hit Save . You can check, that the content of /etc/adblock/adblock.blacklist file is correctly saved
7. go back to Overview tab and hit Save & Apply (so that AdBlock will restart).
8. check the /var/log/messages , that adblock restarted successfully:notice adblock-[3.0.2]: info : block list with overall 0 domains loaded successfully (Turris Omnia, OpenWrt omnia 15.05/3.8)

The problem : file /etc/kresd/adb_list.overall is still empty:

Expected behavior : file /etc/kresd/adb_list.overall would contain those 2 blacklisted domains.

Am I doing something wrong? Or is it a bug that could be fixed in the package?

EDIT: It’s not a bug – it was my fault
The manual blacklist works only if you select blacklist among other Blocklist Sources – which is not very intuitive, but it is how it is.

I have just got my outer recently and trying to get the adblock up and running. Following the guide brought no fruit, but I have some errors coming from the log.

Dec 2 02:18:47 turris adblock-3.8.12[29991]: your adblock config seems to be too old, please update your config with the ‘–force-maintainer’ opkg option
Dec 2 01:54:37 turris updater[27658]: planner.lua:358 (pkg_plan): Requested package luci-i18n-adblock-en that is missing, ignoring as requested.

This is the error I’m getting when trying to install new version of luci

Upgrading luci-app-adblock on root from git-19.281.84184-0b4eebd-1.0 to git-19.334.34838-9b0bc33-1…
Installing luci-compat (git-19.334.34838-9b0bc33-1) to root…
Collected errors:

• opkg_download_pkg: Package luci-compat is not available from any configured src.
• opkg_install_pkg: Failed to download luci-compat. Perhaps you need to run ‘opkg update’?
• opkg_install_cmd: Cannot install package luci-app-adblock.

I have installed latest adblock fine, but the luci package was missing luci-compat package

Can anyone give me hand please?
Thanks

luci-compat is missing/broken on Turris OS 4.0.1. Wait for Turris OS 4.0.2 or switch to HBT branch.

See thread here:

https://forum.test.turris.cz/t/vpn-policy-based-routing-possible/7204/72?u=protree

Hello again. With the new version luci-app-adblock was installed correctly.

However /etc/init.d/adblock status is not supported command and will return nothing.

adblockoptions762×238 32 KB

Also the adblock section in the LuCi is still not showing any data at all as you can see:

adblock1026×781 47.7 KB

ls -lh /etc/kresd/adb_list.overall does no exist

Any advice on how to get this running please?
Thank you

Ok I have some progress. Removed the adblock and reinstalled with --force-maintainer and after enabling the adblock started up as it should, status in terminal is working and the status in the LuCi is also working. Is there anything else what needs to be done at the moment, or is the adblock fully working as it is now?

adblock1108×680 49.1 KB

My nslookup is still resolving tho

Sorry if it feels like spam, let me know and I may remove that.
Just new to Turris, trying to set up everything correctly.

UPDATE: Just installed chromium without any browser and the ads are all over there, doesn’t seem to be working I’d say. Any way how can I test / debug this?

SOLUTION: I have not noticed that the DNS backend has been change from kresd to default, after changing this back to kresd and restarting I seem to be working well!

Thanks

I’m a tad confused and would love to have some more diagnostics than in the original post here. I have it all set up as documented and it passes every single test listed bar the last one:

# nslookup securepubads.g.doubleclick.net localhost
Server:		localhost
Address:	127.0.0.1#53

Name:      securepubads.g.doubleclick.net
securepubads.g.doubleclick.net	canonical name = partnerad.l.doubleclick.net
Name:      partnerad.l.doubleclick.net
Address 1: 216.58.200.98
securepubads.g.doubleclick.net	canonical name = partnerad.l.doubleclick.net

What can do I do further diagnose the cause of this failure?

Actually now it’s blocking:

# nslookup securepubads.g.doubleclick.net localhost
Server:		localhost
Address:	127.0.0.1#53

** server can't find securepubads.g.doubleclick.net: NXDOMAIN
** server can't find securepubads.g.doubleclick.net: NXDOMAIN

But I want to whitelist sites selectively and I add one to the white list and it is still blocked so I’d love to know how that works.

I’m also very curious what the option “Force Overall Sort” does. Clear as mud that one.

Looks like: /etc/init.d/adblock restart fixed it. Odd that Luci doesn’t get adblock to reload data or restart the service when saving files.