What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thank you for your quick reply! I do have stable 100Mbps internet connection (just ran a ookla speed test). Could there be an issue caused by my running an OpenVPN Client as well as Pi-hole? My DNS was set to my VPN's DNS servers, but my internet seems to be working just fine.

I previous had to unselect the DNS-over-TLS option under "DNS Privacy Protocol" under the WAN DNS Settings in order for the dnscrypt installation to even begin. Is there a reason I should not be using this DoT menu option, but instead install/use dnscrypt? If so, could you recommend if it would be beter to install dnscrypt on the router or on the raspberry pi (zero W)?
Ok
For some reason the installer could not download the files for servers, I suggest try re run option 1
edit:
Or retry with a complete uninstall of the dnscrypt-proxy and install it again and check so you dont get errors on downloaded files, Maybe even give it a test without your vpn and their DNS servers if issue persists.
 
Last edited:
DNS Privacy Protocol DoT(DNS over TLS) is a different way to handle encrypted DNS
DNSCrypt uses DoH(DNS over HTTPS) and DNSCrypt protocol
They provide about the same level of security but DNSCrypt v2 have more features and provide more info for the user.
and these two cant be run at the same time(would be conflict)
 
Last edited:
Thank you for your quick reply! I do have stable 100Mbps internet connection (just ran a ookla speed test). Could there be an issue caused by my running an OpenVPN Client as well as Pi-hole? My DNS was set to my VPN's DNS servers, but my internet seems to be working just fine.

I previous had to unselect the DNS-over-TLS option under "DNS Privacy Protocol" under the WAN DNS Settings in order for the dnscrypt installation to even begin. Is there a reason I should not be using this DoT menu option, but instead install/use dnscrypt? If so, could you recommend if it would be beter to install dnscrypt on the router or on the raspberry pi (zero W)?
DoT must be turned off to prevent conflict and lan dns must default to router in order to properly use dnscrypt proxy from the router.
 
Thank you for your quick reply! I do have stable 100Mbps internet connection (just ran a ookla speed test). Could there be an issue caused by my running an OpenVPN Client as well as Pi-hole? My DNS was set to my VPN's DNS servers, but my internet seems to be working just fine.

I previous had to unselect the DNS-over-TLS option under "DNS Privacy Protocol" under the WAN DNS Settings in order for the dnscrypt installation to even begin. Is there a reason I should not be using this DoT menu option, but instead install/use dnscrypt? If so, could you recommend if it would be beter to install dnscrypt on the router or on the raspberry pi (zero W)?
Here is the guide for you to do it with your raspberry pi -pi hole https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0
 
The functions for choosing servers will write over server_names when reconfigured
(Auto=server_names disabled, Manual=chosen from public-resovers.md, Static=manually entered server_names and sdns address)
For a sort of mix:
I guess it can be manually configured in dnscrypt-proxy.toml and restart proxy or add servers from public-resolvers.md (sdns address) as static if someone wants to do it from menu.

have been doing that. That’s why I did the whole static server for people to copy and paste if needed.
Of coz it will be great if anyone can pull request to improve the installer.

yea users would have to look at the public-resolvers list and manually copy out any servers they want to customize to work with static at this time. Haven't had the time to customize it to allow the addition of public resolvers mixed with static. Users can easily copy the sdns stamp of the public resolvers they want to use and just name it whatever they like , or they can simply add the server name from the list to the server name line

server_names = ['example-static' , 'server-name' ]

By the way, @DonnyJohnny I await any pull request if you decide to take this feature request upon yourself ;)....

I’m just a basic user.. No issue but always good to have extra features. Thank you for the work so far. Installer is just getting better.
 
@DonnyJohnny Thanks for the idea ;)
Info: What do you want to do:
1) Setup Static Servers Only.
2) Setup Manually Chosen Server's with Addition of Static Servers.
3) Skip and Go back to server selection menu.
=> Your choice, [1-3]: 2

=> Please choose DNS server, [1-158]: 57
=> Please choose next DNS server or press n to stop, [1-158/n]: 58
=> Please choose next DNS server or press n to stop, [1-158/n]: n
=> Do you want to set up another Static Server? [y/n]: y
=> Please enter staticname: mystatic
Info: Please enter Static Server SDNS stamp
=> Please enter sdnsstamp: sdns://AQcAAAAAAAAAE
=> Do you want to set up another Static Server? [y/n]: y
=> Please enter staticname: myotherstatic
Info: Please enter Static Server SDNS stamp
=> Please enter sdnsstamp: sdns://AQcAAAAAAAAAEDE
=> Do you want to set up another Static Server? [y/n]: n
Info: Set the DNS server(s) for initializing dnscrypt-proxy
Info: and router services (e.g. ntp) at boot
=> Default is 9.9.9.9:

[2020-03-02 22:56:08] [NOTICE] Configuration successfully checked
Upgrade incoming soon! Hope it will make things easier :)
Big Thanks to @SomeWhereOverTheRainBow
 
Last edited:
I think I messed up my JFFS scripts (see screen shot). This is what I did: I installed dnscrypt via entware (not the instructions for how to install on raspberry pi to work with pihole as offered by SomewhereOverTheRainbow above). I believe it installed successfully, but then it appeared that my dns queries were no longer visible on my pihole. I also noticed that a lot of websites were not loading, while some were - perhaps because they were cached? Given that undesirable outcome, I restored my asus-wrt merlin router back to my settings prior to the dnscrypt install. But now, amtm seems to have been corrupted and now I'm receiving "can't fork"and "cannot allocate memory" messages. Please help!


upload_2020-3-3_0-54-5.png


This is what happens what I tried to 'u' check for script updates:
upload_2020-3-3_0-56-9.png



Also, if installing dnscrypt on the pihole instead, would it fix the issue of dns queries not being logged by pihole? Would it go DNS query --> pihole --> dnscrypt --> OpenVPN client ---> WAN DNS or upstream pihole DNS?

By installing dnscrypt via amtm entware, is it the case that DNS queries are being encrypted prior to being routed to the pihole?
 
I think I messed up my JFFS scripts (see screen shot). This is what I did: I installed dnscrypt via entware (not the instructions for how to install on raspberry pi to work with pihole as offered by SomewhereOverTheRainbow above). I believe it installed successfully, but then it appeared that my dns queries were no longer visible on my pihole. I also noticed that a lot of websites were not loading, while some were - perhaps because they were cached? Given that undesirable outcome, I restored my asus-wrt merlin router back to my settings prior to the dnscrypt install. But now, amtm seems to have been corrupted and now I'm receiving "can't fork"and "cannot allocate memory" messages. Please help!


View attachment 21712

This is what happens what I tried to 'u' check for script updates:
View attachment 21714


Also, if installing dnscrypt on the pihole instead, would it fix the issue of dns queries not being logged by pihole? Would it go DNS query --> pihole --> dnscrypt --> OpenVPN client ---> WAN DNS or upstream pihole DNS?

By installing dnscrypt via amtm entware, is it the case that DNS queries are being encrypted prior to being routed to the pihole?
As far as what you have done to /JFFS- this may require you to start out fresh because alot of changes have happened recently with AMTM and other packages.

As far as raspberry pi goes there are two options
Dnscrypt on the router.

Router LAN DNS= PiHole IP Address
upload_2020-3-3_1-13-13.png

While Pihole using IP=Address of Router as DNS server for the routers Wan DNS
This would be to loop dnscrypt-proxy from the router
which produces
LanDNS-Router====>Pihole====>WanDNS-Router=====> Client
upload_2020-3-3_1-6-21.png

upload_2020-3-3_1-16-33.png

DNS-Filter -set pihole to no filter
And Global to router
upload_2020-3-3_1-10-57.png

(this forces clients to pihole kinda like a firewall).

^^^^^^^^^this is for Dnscrypt-proxy on the Router^^^^^^^^^^
 
The other option is
upload_2020-3-3_1-13-13-png.21717



Then follow the instructions on your RPI to install dnscrypt

and place listening address Like so

upload_2020-3-3_1-20-27.png


then conditional forwarding like so
upload_2020-3-3_1-16-33-png.21718


to force everyone to pihole.

upload_2020-3-3_1-10-57-png.21716

the above device set to no filter is pihole.
 

Attachments

  • upload_2020-3-3_1-19-43.png
    upload_2020-3-3_1-19-43.png
    967 bytes · Views: 225
Last edited:
I think I messed up my JFFS scripts (see screen shot). This is what I did: I installed dnscrypt via entware (not the instructions for how to install on raspberry pi to work with pihole as offered by SomewhereOverTheRainbow above). I believe it installed successfully, but then it appeared that my dns queries were no longer visible on my pihole. I also noticed that a lot of websites were not loading, while some were - perhaps because they were cached? Given that undesirable outcome, I restored my asus-wrt merlin router back to my settings prior to the dnscrypt install. But now, amtm seems to have been corrupted and now I'm receiving "can't fork"and "cannot allocate memory" messages. Please help!


View attachment 21712

This is what happens what I tried to 'u' check for script updates:
View attachment 21714


Also, if installing dnscrypt on the pihole instead, would it fix the issue of dns queries not being logged by pihole? Would it go DNS query --> pihole --> dnscrypt --> OpenVPN client ---> WAN DNS or upstream pihole DNS?

By installing dnscrypt via amtm entware, is it the case that DNS queries are being encrypted prior to being routed to the pihole?

Any instructions past what I have shared above you are going to need to start a New thread for as this already is way beyond the scope of this Thread as this thread pertains to
dnscrypt installer for asuswrt
and not all users here are familiar enough with your case as far as using Pi-hole is concerned. You may get more advanced help by posting a new thread.
 

@DonnyJohnny Thanks for the idea ;)
Info: What do you want to do:
1) Setup Static Servers Only.
2) Setup Manually Chosen Server's with Addition of Static Servers.
3) Skip and Go back to server selection menu.
=> Your choice, [1-3]: 2

=> Please choose DNS server, [1-158]: 57
=> Please choose next DNS server or press n to stop, [1-158/n]: 58
=> Please choose next DNS server or press n to stop, [1-158/n]: n
=> Do you want to set up another Static Server? [y/n]: y
=> Please enter staticname: mystatic
Info: Please enter Static Server SDNS stamp
=> Please enter sdnsstamp: sdns://AQcAAAAAAAAAE
=> Do you want to set up another Static Server? [y/n]: y
=> Please enter staticname: myotherstatic
Info: Please enter Static Server SDNS stamp
=> Please enter sdnsstamp: sdns://AQcAAAAAAAAAEDE
=> Do you want to set up another Static Server? [y/n]: n
Info: Set the DNS server(s) for initializing dnscrypt-proxy
Info: and router services (e.g. ntp) at boot
=> Default is 9.9.9.9:

[2020-03-02 22:56:08] [NOTICE] Configuration successfully checked
Upgrade incoming soon! Hope it will make things easier :)
Big Thanks to @SomeWhereOverTheRainBow

*DI_VERSION=v2.1.2*

  • Added the option to use static servers along with the list of servers provided by Dnscrypt-proxy 2 , Special thanks to @Zastoff for collaboration and testing, @DonnyJohnny for providing ideas.
 
Ladies and Gentlemen!
Cisco now support DOH!!!
https://support.opendns.com/hc/en-us/articles/360038086532-Using-DNS-over-HTTPS-DoH-with-OpenDNS

Edited: edited the stamp. Cisco DOH currently don’t support DNSSEC

Code:
[static.'cisco-doh-ipv4-pri']
stamp = 'sdns://AgAAAAAAAAAADjIwOC42Ny4yMjIuMjIygAATZG9oLm9wZW5kbnMuY29tOjQ0MwovZG5zLXF1ZXJ5'

[static.'cisco-doh-ipv4-alt']
stamp = 'sdns://AgAAAAAAAAAADjIwOC42Ny4yMjAuMjIwgAATZG9oLm9wZW5kbnMuY29tOjQ0MwovZG5zLXF1ZXJ5'

[static.'cisco-doh-ipv6-pri']
stamp = 'sdns://AgAAAAAAAAAAEVsyNjIwOjExOTozNTo6MzVdgAATZG9oLm9wZW5kbnMuY29tOjQ0MwovZG5zLXF1ZXJ5'

[static.'cisco-doh-ipv6-alt']
stamp = 'sdns://AgAAAAAAAAAAEVsyNjIwOjExOTo1Mzo6NTNdgAATZG9oLm9wZW5kbnMuY29tOjQ0MwovZG5zLXF1ZXJ5'

[static.'cisco-doh-ipv4-family-pri']
stamp = 'sdns://AgAAAAAAAAAADjIwOC42Ny4yMjIuMTIzgAAgZG9oLmZhbWlseXNoaWVsZC5vcGVuZG5zLmNvbTo0NDMKL2Rucy1xdWVyeQ'

[static.'cisco-doh-ipv4-family-alt']
stamp = 'sdns://AgAAAAAAAAAADjIwOC42Ny4yMjAuMTIzgAAgZG9oLmZhbWlseXNoaWVsZC5vcGVuZG5zLmNvbTo0NDMKL2Rucy1xdWVyeQ'

[static.'cisco-doh-ipv6-family-pri']
stamp = 'sdns://AgAAAAAAAAAAElsyNjIwOjExOTozNTo6MTIzXYAAIGRvaC5mYW1pbHlzaGllbGQub3BlbmRucy5jb206NDQzCi9kbnMtcXVlcnk'

[static.'cisco-doh-ipv6-family-alt']
stamp = 'sdns://AgAAAAAAAAAAElsyNjIwOjExOTo1Mzo6MTIzXYAAIGRvaC5mYW1pbHlzaGllbGQub3BlbmRucy5jb206NDQzCi9kbnMtcXVlcnk'
Public-Resolvers.md have now been updated with Cisco`s(OpenDNS) DoH servers (Note they dont seem to support DNSSec)

Link to the complete list of servers with info on Filtering, Protocol, Logging, DNSSec.
 
Last edited:
*DI_VERSION=v2.1.3*

  • Enhanced the option to use static servers along with the list of servers provided by Dnscrypt-proxy 2 , Special thanks to @Zastoff for collaboration and testing, @DonnyJohnny for providing ideas.
  • Enhanced (simplified) relay menu options per @Zastoff recommendations
  • Cleaned up github readme removing mentioning of Mips support per @Zastoff recommendations
Special Thanks to users like @DonnyJohnny @Zastoff and other users I may have not mentioned for inspirational ideas for keeping this project active.
 
New version of DNSCrypt-proxy v2 released--> 2.0.40
Update/install thru amtm & di
And please reconfigure with
"Start from default config"
To avoid toml.err

Recommend doing a backup of JFFS in webui before update, For easy rollback if something is not working with a newer version
Administration - Restore/Save/Upload Setting: Backup JFFS partition: Save

Restore JFFS backup if needed and reboot router

edit:
Was some issues at first..
but
Works fine now!
 
Last edited:
edit:
Was some issues at first..
but
Works fine now!

I'm having network connectivity issues here also after the latest update. Did a hard reboot, to no avail.

Any advice on overcoming the "issues at first" that you mentioned?

Much thanks!
 
Was due to Travis CI being on a scheduled maintenance
And
Arm binaries, But they have been updated.
And it worked fine for me after that.
What happens?
 
Was due to Travis CI being on a scheduled maintenance
And
Arm binaries but they have been updated
And it worked fine for me after that.
What happens?

I did a vanilla upgrade to 2.0.40 through amtm on my 68U running 384.15. Now no devices are able to access Internet, despite having a solid WiFi connection.

Multiple log entries show:
Code:
Warning: dnscrypt-proxy is dead
 
I did a vanilla upgrade to 2.0.40 through amtm on my 68U running 384.15. Now no devices are able to access Internet, despite having a solid WiFi connection.

Multiple log entries show:
Code:
Warning: dnscrypt-proxy is dead
Hmm
Not at home atm
What servers and how is it configured
 
I did a vanilla upgrade to 2.0.40 through amtm on my 68U running 384.15. Now no devices are able to access Internet, despite having a solid WiFi connection.

Multiple log entries show:
Code:
Warning: dnscrypt-proxy is dead
Same here.. it works for a while but after that cannot restart and dead.

note that the dnscrypt-proxy.toml was missing when I checked the /jffs/dnscrypt

I tried replaced it via example-dnscrypt-proxy.toml and changing a few setting similar to previous setting I got from .bak
But still didn’t start.

in the end I restored my jffs to get back the old version.
 
Hmm
Not at home atm
What servers and how is it configured

I'll send more detailed logs once I'm able to get back on my laptop (replying from my phone for now).

Is there a terminal command to manually reinstall the previous version (2.0.39, which was rock solid) as a stop-gap?
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top