21 Jan

OpenWRT Adblock with Pixelserv


There’re many ways of doing this. The scenario and configuration is flexible enough, depending on what you want to achieve.

The easy way

My review: Provide the simplest method, poisoned DNS record will be redirected to Longer page load due to no content served in (wait until connection timeout). However this script let you manually control on white list and black list domain.

My review: The script will attempt to create another interface alias and run pixelserv (simple webserver serving 1×1 pixel transparent gif) on that interface. However, you’ll not be able to manually control on white/black list as previous script.

My method

Again, this might not be the best way, but it served my requirements. I’ll be using the same script except that i tweaked it to suit my environment.

Step 1: Create interface alias
I need my pixelserv to run in different ip address (let say my LAN ip is i want pixelserv to run on so that my uhttpd can listen on for LuCI. Add below interface to /etc/config/network

#nano /etc/config/network
config interface 'lan2'
	option ifname 	'eth0'
	option proto	'static'
	option ipaddr 	''
	option netmask	''

Restart network interfaces
#/etc/init.d/network restart

Verify new interface alias created

root@OpenWrt:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:  Bcast:  Mask:
          RX packets:629 errors:0 dropped:0 overruns:0 frame:0
          TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73752 (72.0 KiB)  TX bytes:393608 (384.3 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:  Bcast:  Mask:
          RX packets:633 errors:0 dropped:0 overruns:0 frame:0
          TX packets:769 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:82836 (80.8 KiB)  TX bytes:528224 (515.8 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:9C:1E:FF
          inet addr:  Bcast:  Mask:
          RX packets:157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15482 (15.1 KiB)  TX bytes:13962 (13.6 KiB)

lo        Link encap:Local Loopback
          inet addr:  Mask:
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1648 (1.6 KiB)  TX bytes:1648 (1.6 KiB)

root@OpenWrt:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         UG    0      0        0 eth1        *        U     0      0        0 eth1     *        U     0      0        0 br-lan    *        U     0      0        0 eth0

Step 2: Pixelserv setup
We already have a web server installed on the router (serving LuCI), we just need to configure a new uHTTPd server instance.

mkdir /www_pixelserv
wget -O /www_pixelserv/blank.gif http://probablyprogramming.com/wp-content/uploads/2009/03/tinytrans.gif

Edit /etc/config/uhttpd

config uhttpd 'main'
list listen_http ''
list listen_https ''
option home '/www'

config uhttpd 'pixelserv'
list listen_http ''
option home '/www_pixelserv'
option error_page '/blank.gif'

Restart uhttpd

/etc/init.d/uhttpd restart

Step 3: Adblock for dnsmasq
Follow installation instruction at https://gist.github.com/teffalump/7227752
For adblock.sh, add following lines to with

#Download and process the files needed to make the lists (add more, if you want)
wget -qO- "http://adaway.org/hosts.txt"|grep "^" >> /tmp/block.build.list

#Replace with
sed -i 's/' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/\t/g' /etc/black.list >> /tmp/block.build.list


Above mentioned method (creating interface alias) is valid for interface that do not have vlan tagging. For my case, eth0 is tagged with vlan500 and vlan600 (eth0.500 and eth0.600) and I cannot find any documentation for creating alias for tagged interfaces. As workaround, I’ve changed the pixelserv uhttpd to listen to, while for router web ui (LuCI) listened to port 443.

This is my modified adblock.sh

#Put in /etc/adblock.sh

#Script to grab and sort a list of adservers and malware

#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts

#Download and process the files needed to make the lists (add more, if you want)
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| sed 's/' |grep "^" > /tmp/block.build.list
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|grep "^" >> /tmp/block.build.list
wget -qO- "http://hosts-file.net/.\ad_servers.txt"|grep "^" >> /tmp/block.build.list
wget -qO- "http://adaway.org/hosts.txt"|grep "^" >> /tmp/block.build.list

#Replace with
sed -i 's/' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/\t/g' /etc/black.list >> /tmp/block.build.list

#Sort the download/black lists
sed -e 's/\r//g' -e 's/^[ ]\+/\t/g' /tmp/block.build.list|sort|uniq > /tmp/block.build.before

if [ -s "/etc/white.list" ]
    #Filter the blacklist, supressing whitelist matches
    sed -e 's/\r//g' /etc/white.list > /tmp/white.list
    grep -vf /tmp/white.list /tmp/block.build.before > /etc/block.hosts
    rm -f /tmp/white.list
    cat /tmp/block.build.before > /etc/block.hosts

#Delete files used to build list to free up the limited space
rm -f /tmp/block.build.before




Incoming search terms:

  • openwrt adblock
  • 192 168 88 1
  • luci-app-vnstat
  • adblock openwrt
  • 192 168 88
  • open wrt block ad
  • openwrt adblock support
  • dd-wrt tew-652brp install pixelserv adblocker
  • open wrt restatr adblock
  • pixelserv
  • abilityqsp
  • adblock test openwrt
  • variousjvw
  • ddwrt block youtube ads
  • doctor8fp
21 Jan

OpenDNS update script on OpenWRT Backfire 10.03.

AUTHOR: drl@MyBSD.org.my

Install ‘curl’ package:

# opkg update
# opkg install curl

Next create a script and call it /root/rc.ddns_opendns.sh :


/usr/bin/curl -4 -k -u username:password "https://updates.opendns.com/account/ddns.php?"

Make the script executable:

# chmod +x /root/rc.ddns_opendns.sh

Next create another script and call it /etc/hotplug.d/iface/100-opendns :


if [ "$ACTION" = ifup ]; then
/root/rc.ddns_opendns.sh > /dev/null 2>&1

This will update your IP with OpenDNS whenever you reboot or reconnect.

One of the benefits of using OpenDNS is their web content filter. Login to your account on OpenDNS
and start configuring the content filter for your network. Choose Custom and select the categories
you want the content filter to apply too for your home/office network.

Click Apply and wait for roughly 5 minutes for it to take effect. Your network is now protected.

Reference: https://lemur.mybsd.org.my/drl/OpenWRT/DDNS_OpenDNS_OpenWRT.txt

Incoming search terms:

  • openwrt ddns opends
  • er-x ddns web-skip
  • opendns openwrt
  • openwrt opendns updater
15 Jan

IOS Tips

A very useful IOS tips from PacketLife

Keyboard shortcuts

These shortcuts can be used to speed up operating with the CLI:

Ctrl+B or Left Move the cursor one character to the left
Ctrl+F or Right Move the cursor one character to the right
Esc, B Move the cursor one word to the left
Esc, F Move the cursor one word to the right
Ctrl+A Move cursor to the beginning of the line
Ctrl+E Move cursor to the end of the line
Ctrl+P or Up Retrieve last command from history
Ctrl+N or Down Retrieve next command from history
Ctrl+T Swap the current character with the one before it
Ctrl+W Erase one word
Ctrl+U Erase the entire line
Ctrl+K Erase all characters from the current cursor position to the end of the line
Ctrl+X Erase all characters from the current cursor position to the beginning of the line
Ctrl+L Reprint the line
Ctrl+C Exit configuration mode
Ctrl+Z Apply the current command and exit configuration mode

Filter output

Most show commands support filtering with the pipe (|) character, allowing a user to display only the information he’s looking for.

Switch# show interface status | include notconnect
Gi1/0/7                         notconnect   1          auto   auto 10/100/1000BaseTX
Gi1/0/9                         notconnect   1          auto   auto 10/100/1000BaseTX
Gi1/0/22                        notconnect   1          auto   auto 10/100/1000BaseTX

Filter options are include, exclude, and begin. The remaining characters after one of these filter types is processed as a regular expression, which could be a simple string (as in the example above) or something a bit more complex. The example below demonstrates filtering for interface numbers and any assigned IP addresses.

Switch# show run | include interface|ip address
interface FastEthernet0
 ip address
interface FastEthernet1
interface FastEthernet2
 ip address
 ip address secondary
interface FastEthernet3

You can also filter by section. Thanks to Carl Baccus to reminding me to include this.

R1# show run | section bgp
router bgp 100
 no synchronization
 redistribute connected
 neighbor remote-as 200
 neighbor remote-as 300
 no auto-summary

Skip through the configuration

You can begin viewing a configuration with the begin filter:

Router# show run | begin interface
interface FastEthernet0/0
 no ip address

You can also skip forward to a certain line once you’ve already begun viewing the configuration by hitting / at the --More-- prompt, followed by the string you want to match:

Router# sh run
Building configuration...

Current configuration : 601 bytes
version 12.4
interface FastEthernet0/0
 no ip address

Do the do

Exec commands can be issued from within configuration mode via the do command. This can be handy for double-checking the current configuration before applying any changes.

Switch(config-if)# do show run int f0
Building configuration...

Current configuration : 31 bytes
interface FastEthernet0
description Internal LAN
ip address

Insert question marks

You can insert question marks into literal strings (such as interface descriptions) by typing CTRL+V immediately before the question mark. This acts as an escape character and prevents the command line from summoning the help menu.

Switch(config-if)# description Where does this go[ctrl+v]?

The interface description will appear as “Where does this go?”

Disable domain lookup on typos

Don’t you hate it when this happens?

Switch# shrun
Translating "shrun"...domain server (
% Unknown command or computer name, or unable to find computer address

You can disable automatic DNS lookups with no ip domain-lookup, which will remove the delay before returning a new console prompt. However, this will also prevent you from referencing remote hosts by name, for example when telneting.

Switch(config)# no ip domain-lookup
Switch# shrun
Translating "shrun"
% Unknown command or computer name, or unable to find computer address

Another option is to leave DNS enabled, but configure your console ports and vtys to have no preferred transport for logging in to remote devices.

Router(config)# line console 0
Router(config-line)# transport preferred none
Router# asdfxyz
% Invalid input detected at '^' marker.


You can no longer telnet by typing an IP address on the console, instead use the “telnet” or “ssh” commands for connecting to the desired hostname or ip address.

Synchronous logging

When logging to the console is enabled, a Cisco device will often dump messages directly to the screen. This can become irritating when it interrupts you in the midst of typing a command. (FYI, you can continue typing normally and the command will still take, but this still throws some people off.)

Synchronous logging can be enabled to “clean up” the CLI when this happens, outputting a fresh prompt below the message, along with any partially completed command.

Switch(config)# line con 0
Switch(config-line)# logging synchronous
Switch(config)# line vty 0 15
Switch(config-line)# logging synchronous

Revert a configuration to its default

The default command, called from global configuration, can be used to revert any part of a configuration to its default value (which is often nothing). For example, it can be used to remove all configuration from a particular interface:

Switch(config)# default g1/0/5
Interface GigabitEthernet1/0/5 set to default configuration
Switch(config)# ^Z
Switch# show run int g1/0/5
Building configuration...

Current configuration : 38 bytes
interface GigabitEthernet1/0/5

Show only applied access lists

For reasons unknown to me, IOS doesn’t include a command to view what interfaces have ACLs applied. The closest we can get is drudging through the entire output of show ip interface. But, with a little ingenuity and the help of regular expressions, we can summon an efficient view of where our ACLs are applied.

Switch# sh ip int | inc line protocol|access list is [^ ]+$
FastEthernet0 is up, line protocol is down
FastEthernet1 is up, line protocol is up
  Inbound  access list is prohibit-web
FastEthernet2 is up, line protocol is up
  Inbound  access list is 42
FastEthernet3 is up, line protocol is down
FastEthernet4 is up, line protocol is up

For those curious, the regex above matches a line which either a) contains the string “line protocol”, or b) contains the string “access list is ” followed by a single word. This matches an ACL number or name (which can’t contain spaces) but not “not set”.

Speed up running-config display

When the show running-config command is issued, the output has to be assembled from numerous values in memory into the human-friendly display you see on the CLI. Unfortunately, the longer your configuration is, the more time this takes. IOS 12.3T introduced a feature to cache the running configuration text for quicker output:

Router(config)# parser config cache interface

Changing the break character to Ctrl+C

Router(config)# line vty 0 15
Router(config-line)# escape-character 3
Router(config)# line con 0
Router(config-line)# escape-character 3

Show running configuration with all defaults

Append the full command to show running-config to include all the default statements which are normally hidden for brevity.

Reload command

One of the classic mistakes is to incorrectly update an access-list on an interface when you are connected to the device remotely. And suddenly, the Telnet connection is dropped to the router because of a forgotten list entry that would permit your incoming connection.

When you are doing something tricky, you can use the following feature of the reload command, which causes the router to reboot in a certain number of minutes. For example, let’s tell the router to reboot in three minutes.

Router# reload in 3
    Reload scheduled in 3 minutes
Proceed with reload? [confirm]

Now, we have three minutes to do what we need to do. Let’s say we are applying an access-list to serial0.

Router# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface serial0
Router(config-if)# ip access-group 110 in
Router(config-if)# ^Z

We made the change and everything still works. (Well, at least our connection wasn’t dropped.) Now all we have to do cancel the impending reload with the following command:

Router# reload cancel

If the reload is not canceled, all the changes made will be discarded since they only exist in the running configuration.

Decrypting type-7 passwords in house on a device

A good way to catch trailing spaces within passwords

Router(config)#username user1 password 0 pass1word
Router#sh run | inc username
username user1 password 0 pass1word

Router(config)#service password-encryption
Router#sh run | inc username
username user1 password 7 06160E325F1F1E161713


Router(config)# key chain TEST
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string 7 06160E325F1F1E161713

Router(config-keychain-key)#sh key chain TEST
Key-chain TEST:
    key 1 -- text "pass1word"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

Using command aliases

You can speed up your routine operations in IOS if you create aliases to often used commands, for exmaple:

Router(config)# alias exec sip show ip interface brief
Router(config)# exit
Router#  sip
Interface           IP-Address            OK? Method Status              Protocol
FastEthernet0/0           YES manual up                  up

13 Jan

Playing videos in your Pioneer 2014 Head Unit

avh-x5650bt_rc_rd_ri_green_left_b2When I received my Pioneer AVH-X5650BT 2DIN player, I was struggling to play any video files from any media. In the product manual it provide very brief information on the supported video format. I am very frustrated when I always get “unplayable file” error message. I’m surprised that actually there’re few limitations and requirements for the player to recognized the video files.

Rule of Thumb

  • Maximum height cannot exceed 404pixels or else you will get “resolution not supported”.
  • Some user reported maximum resolution is 720×576. I haven’t tried this.
  • Maximum total bitrate must not exceed 1000kbps.
  • Avoid underscore in filename.

Converting your video files

Download DivX video converter and install it.
Load your video files that need to be converted, and select “HD 720p” profile.
divx profile
Modify resolution, click maintain aspect ratio and adjust the height to 404.
Keep an eye to the Total bitrate, make sure it does not exceed 1000kbps. You can tune the value by adjusting the video bitrate.
divx profile2

Save Presets so that you can load the profile in the future.
divx profile3



Feel free to share your setting or anything that can improve this post.

From the Owner Manual
div5 div1 div div2 div3 div4

Download AVH-X5650BT, AVH-X4650DVD, AVH-X2650BT & AVH-X1650DVD User Manual

Incoming search terms:

  • https://advanxer com/blog/2014/01/playing-videos-in-your-pioneer-2014-head-unit/
  • pioneer car dvd player supported video formats
  • divx converter for pioneer
  • pioneer car dvd player usb video format
  • pioneer video converter
  • pioneer unplayable file usb
  • how to play video on pioneer avh from usb
  • divx converter for pioneer dvd
  • pioneer video format converter
  • pioneer usb video format
  • pioneer car dvd player video format
  • pioneer video resolution not supported
  • pioneer avh video format
  • Pioneer video format
  • pioneer dvd player supported video formats
13 Jan

OpenVPN Access Server Essential Guide


VPN Mode (Layer 2 or Layer 3)


Layer 2 = Use TAP interface, bridge your LAN to VPN Client. VPN client will reside within the same VPN segment. LAN Broadcast will works in this mode. Considered legacy, only Windows  vpn client support this method.

Layer 3 = Use TUN interface, VPN Client will be given a pool of ip address which is different from VPN segment. Better control and most of enterprise VPN deployment use this method.



Create VPN User

By default, OpenVPN Access Server use PAM authentication, to add new vpn client we can just simply add a new user to our LINUX server.

root@advanxer:~# useradd nas
root@advanxer:~# passwd nas
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

If you checked “Allow Auto-login”, your vpn client will be automatically connect to vpn without entering any username/password, useful for automation.

Generate and download OpenVPN profile

Login to https://serverip and select “login”. Login option will allow you to download vpn profile, to connect to vpn server, select Connect.
Click on “Yourself (autologin profile) and keep the profile safely.

Connect to vpn server using CLI

Transfer the client profile to your box (in this example, to my OpenWRT router) via SCP. Your must have openvpn binary files installed prior to this.

root@OpenWrt:~# openvpn --config client.ovpn

If you received Initialization Sequence Completed, that’s mean the tunnel is up. You can verify using ifconfig and you will see new interface tun0 is there.