What's new in Diversion 4.1.4
- Now checks and sets to 'Yes' during installation: "Wan: Use local caching DNS server as system resolver (default: No)".
- New option in b to use a LAN blocking IP address instead of the local pixelserv-tls or NULL IP 0.0.0.0. This is for advanced users only.
- Correctly reverses IP in pointer record (ptr-record) added to Dnsmasq. Thanks dave14305 for reporting.
- Checks for NPT date being synced before generating pixelserv-tls CA certificate.
- Option in ep to re-generate pixelserv-tls CA certificate (ca.crt, ca.key). New CA certificate has a 10 year validity and creates an EKU Extended Key Usage valid certificate.
- Expiry date is now shown in ep, 3 for the pixelserv-tls certificates.
- Option in ep, 6, 3 to install @Jack Yaz pixelserv-tls v2.3.0 which is compatible with new required security settings enforced by Apple and soon other companies.
For iOS 13 and MacOS 10.15 users: Requirements for trusted certificates changed: https://support.apple.com/en-us/HT210176
To be ready, the following steps are required if pixelserv-tls v2.2.1 or older is installed on your router.
- Update Diversion to this latest version.
- Install Jack Yaz's pixelserv-tls v2.3.0 in ep, 6, 3
- Re-generate the pixelserv-tls CA certificate in ep, 3, 2 (all domain certificates will be purged during that step).
- Import the new pixelserv-tls CA certificate (ca.crt) into browsers and devices, replacing the previous certificate. Open the certificate link in a browser with your pixelserv-tls IP address, typically this is 192.168.1.2/ca.crt and import it.
You may update pixelserv-tls to v2.3.0 even if you have no Apple devices. The steps above are still required if you do so.
As of now, there is no concrete feedback from the original developer of pixelserv-tls that an update through the regular Entware channel is in the works. I have had contact through a third party with the developer, but here we are. For this reason, Jack Yaz has taken on that challenge so we all can be compliant with Apples demands.
How to update Diversion
Use u to update to this latest version.
Discussion on the SmallNetBuilder Forum: Diversion