What's new

Dnscrypt from opendns

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

shooter40sw

Senior Member
Hi guys i would like to install dnscrypt i use 354.29 Merlin on N66u great Job! ... I know tomato with a checkmark can be done as i saw in Google... Is there a way to do it without much hassle? A guide? Thanks for the help
 
After rebooting router I don't have access to internet, in router's ui pppoe connection is on
 
Wasn't started, I do it manually but won't stay started and no internet connection to pc.
 
Oh, my! Looks like I misunderstood Frank Denis in Issue#3. Please, update dnscrypt-proxy:
Code:
/opt/etc/init.d/S09dnscrypt-proxy stop
opkg update
opkg upgrade
And start it again:
Code:
/opt/etc/init.d/S09dnscrypt-proxy start
 
Last edited:
Same thing, did you tried on your router and works?
Yes! You should see those strings when dnscrypt-proxy started:
Code:
cat /tmp/syslog.log
…
Jun 26 16:52:16 admin: Started dnscrypt-proxy from .
Jun 26 18:47:14 dnscrypt-proxy[20159]: Initializing libsodium for optimal performance
Jun 26 18:47:14 dnscrypt-proxy[20159]: Generating a new key pair
Jun 26 18:47:14 dnscrypt-proxy[20159]: Done
Jun 26 18:47:14 admin: Started dnscrypt-proxy from .
Jun 26 18:47:14 dnscrypt-proxy[20159]: Server certificate #1369080797 received
Jun 26 18:47:14 dnscrypt-proxy[20159]: This certificate looks valid
Jun 26 18:47:14 dnscrypt-proxy[20159]: Server key fingerprint is 915C:9A0C:5F0F:5EB4:784E:E450:FE8B:C115:B1DE:5538:7718:25D5:C305:CCB7:9532:0309
Jun 26 18:47:14 dnscrypt-proxy[20159]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
and those one when dnsmasq is started:
Code:
cat /tmp/syslog.log
…
Jun 26 18:48:27 dnsmasq[20280]: started, version 2.65 cachesize 1500
Jun 26 18:48:27 dnsmasq[20280]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Jun 26 18:48:27 dnsmasq[20280]: warning: ignoring resolv-file flag because no-resolv is set
Jun 26 18:48:27 dnsmasq[20280]: asynchronous logging enabled, queue limit is 5 messages

Just for sure, here is my dnsmasq custom config:
Code:
# cat /jffs/configs/dnsmasq.conf.add
…
### Dnscrypt
no-resolv
server=127.0.0.1#65053

I think I'm bit lucky here because there was other guys, caught by following deadlock:
  • dnscrypt-proxy can't accept received certificate because of wrong system date/time,
  • ntp client can't receive right time because DNS resolver (dnscrypt-proxy) is not working.
To avoid this deadlock, add following content to /jffs/scripts/post-mount
Code:
#!/bin/sh

for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
do
echo $ip $(nvram get ntp_server0) >>  /etc/hosts
done
and make it executable:
Code:
chmod +x /jffs/scripts/post-mount
 
Last edited:
Hm-m-m, strange. After running:
Code:
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
do
echo $ip $(nvram get ntp_server0) >>  /etc/hosts
done
there must be following strings:
Code:
83.169.43.165 pool.ntp.org
178.63.14.131 pool.ntp.org
131.234.137.23 pool.ntp.org
129.70.132.37 pool.ntp.org
 
Yes, something wrong with the script
admin@RT-AC66U:/tmp/home/root# sh /jffs/scripts/post-mount
[: /tmp/mnt/sda1: unknown operand
/jffs/scripts/post-mount: line 11: /opt/sbin/dnscrypt-proxy-hostip: not found
admin@RT-AC66U:/tmp/home/root#
 
In /opt/sbin/ is only dnscrypt-proxy so I changed the script from
Code:
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
to
Code:
for ip in $(/opt/sbin/dnscrypt-proxy $(nvram get ntp_server0))
and after reboot
Code:
admin@RT-AC66U:/tmp/home/root# sh /jffs/scripts/post-mount
[: /tmp/mnt/sda1: unknown operand
[INFO] Initializing libsodium for optimal performance
[INFO] Generating a new key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Address already in use]
admin@RT-AC66U:/tmp/home/root#
I'm done for today, my hdd will blow up
admin@RT-AC66U:/tmp/home/root# tune2fs -l /dev/sda1 | grep 'Mount count'
Mount count: 61
Thanks
 
Last edited:
With wan-start script it's working but it takes 4-5 minutes to start :(
http://pastebin.com/zJV0jriG
Fine! Take a look at your log: dnscrypt started successful just when right system time was received. The last thing we may tweak is to restart ntp client immediately to eliminate this 4-5 min. delay.

Still not working, should I put the script in wan-start maybe?
We may, but careful. There may be a race condition: we can't say what will happen earlier: WAN start or USB mount.

Give me a few minutes to write final solution.
 
Last edited:
Ok, starting over.
  1. Install Entware,
  2. Install dnscrypt:
    Code:
    opkg install dnscrypt-proxy dnscrypt-proxy-hostip
  3. Tell router to use it:
    Code:
    echo "no-resolv" > /jffs/configs/dnsmasq.conf.add
    echo "server=127.0.0.1#65053" >> /jffs/configs/dnsmasq.conf.add
  4. Put this content to /jffs/scripts/wan-start:
    Code:
    #!/bin/sh
    
    # Wait up to 15 seconds to make sure /opt partition is mounted
    i=0
    while [ $i -le 15 ]
    do
        if [ -d /opt/tmp ]
        then
            break
        fi
        sleep 1
        i=`expr $i + 1`
    done
    
    # Now resolve DNS name for NTP server
    ntp_name=$(nvram get ntp_server0)
    grep "$ntp_name" /etc/hosts > /dev/null 2>&1 || \
    for ip in $(/opt/sbin/dnscrypt-proxy-hostip $ntp_name)
    do
        echo $ip $ntp_name >>  /etc/hosts
    done
    
    # and restart NTP client to eliminate 4-5 mins delay
    killall ntp && sleep 1
    service restart_ntpc
    and make it executable:
    Code:
    chmod +x /jffs/scripts/wan-start
  5. Reboot router and make sure it works.

Here is boot log, look OK: dnscrypt-proxy started after 25 seconds of booting. Waiting for confirmation before changing first post.
 
Last edited:
Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top