Dnscrypt from opendns

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

shooter40sw

Senior Member
Hi guys i would like to install dnscrypt i use 354.29 Merlin on N66u great Job! ... I know tomato with a checkmark can be done as i saw in Google... Is there a way to do it without much hassle? A guide? Thanks for the help
 

TeHashX

Very Senior Member
After rebooting router I don't have access to internet, in router's ui pppoe connection is on
 

TeHashX

Very Senior Member
Wasn't started, I do it manually but won't stay started and no internet connection to pc.
 

ryzhov_al

Very Senior Member
Oh, my! Looks like I misunderstood Frank Denis in Issue#3. Please, update dnscrypt-proxy:
Code:
/opt/etc/init.d/S09dnscrypt-proxy stop
opkg update
opkg upgrade
And start it again:
Code:
/opt/etc/init.d/S09dnscrypt-proxy start
 
Last edited:

ryzhov_al

Very Senior Member
Same thing, did you tried on your router and works?
Yes! You should see those strings when dnscrypt-proxy started:
Code:
cat /tmp/syslog.log
…
Jun 26 16:52:16 admin: Started dnscrypt-proxy from .
Jun 26 18:47:14 dnscrypt-proxy[20159]: Initializing libsodium for optimal performance
Jun 26 18:47:14 dnscrypt-proxy[20159]: Generating a new key pair
Jun 26 18:47:14 dnscrypt-proxy[20159]: Done
Jun 26 18:47:14 admin: Started dnscrypt-proxy from .
Jun 26 18:47:14 dnscrypt-proxy[20159]: Server certificate #1369080797 received
Jun 26 18:47:14 dnscrypt-proxy[20159]: This certificate looks valid
Jun 26 18:47:14 dnscrypt-proxy[20159]: Server key fingerprint is 915C:9A0C:5F0F:5EB4:784E:E450:FE8B:C115:B1DE:5538:7718:25D5:C305:CCB7:9532:0309
Jun 26 18:47:14 dnscrypt-proxy[20159]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
and those one when dnsmasq is started:
Code:
cat /tmp/syslog.log
…
Jun 26 18:48:27 dnsmasq[20280]: started, version 2.65 cachesize 1500
Jun 26 18:48:27 dnsmasq[20280]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack
Jun 26 18:48:27 dnsmasq[20280]: warning: ignoring resolv-file flag because no-resolv is set
Jun 26 18:48:27 dnsmasq[20280]: asynchronous logging enabled, queue limit is 5 messages

Just for sure, here is my dnsmasq custom config:
Code:
# cat /jffs/configs/dnsmasq.conf.add
…
### Dnscrypt
no-resolv
server=127.0.0.1#65053

I think I'm bit lucky here because there was other guys, caught by following deadlock:
  • dnscrypt-proxy can't accept received certificate because of wrong system date/time,
  • ntp client can't receive right time because DNS resolver (dnscrypt-proxy) is not working.
To avoid this deadlock, add following content to /jffs/scripts/post-mount
Code:
#!/bin/sh

for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
do
echo $ip $(nvram get ntp_server0) >>  /etc/hosts
done
and make it executable:
Code:
chmod +x /jffs/scripts/post-mount
 
Last edited:

ryzhov_al

Very Senior Member
Yes, this is it. This is exactly those deadlock I've told:(
 

ryzhov_al

Very Senior Member
Hm-m-m, strange. After running:
Code:
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
do
echo $ip $(nvram get ntp_server0) >>  /etc/hosts
done
there must be following strings:
Code:
83.169.43.165 pool.ntp.org
178.63.14.131 pool.ntp.org
131.234.137.23 pool.ntp.org
129.70.132.37 pool.ntp.org
 

TeHashX

Very Senior Member
In /opt/sbin/ is only dnscrypt-proxy so I changed the script from
Code:
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $(nvram get ntp_server0))
to
Code:
for ip in $(/opt/sbin/dnscrypt-proxy $(nvram get ntp_server0))
and after reboot
Code:
[email protected]:/tmp/home/root# sh /jffs/scripts/post-mount
[: /tmp/mnt/sda1: unknown operand
[INFO] Initializing libsodium for optimal performance
[INFO] Generating a new key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Address already in use]
[email protected]:/tmp/home/root#
I'm done for today, my hdd will blow up
[email protected]:/tmp/home/root# tune2fs -l /dev/sda1 | grep 'Mount count'
Mount count: 61
Thanks
 
Last edited:

ryzhov_al

Very Senior Member
With wan-start script it's working but it takes 4-5 minutes to start :(
http://pastebin.com/zJV0jriG
Fine! Take a look at your log: dnscrypt started successful just when right system time was received. The last thing we may tweak is to restart ntp client immediately to eliminate this 4-5 min. delay.

Still not working, should I put the script in wan-start maybe?
We may, but careful. There may be a race condition: we can't say what will happen earlier: WAN start or USB mount.

Give me a few minutes to write final solution.
 
Last edited:

ryzhov_al

Very Senior Member
Ok, starting over.
  1. Install Entware,
  2. Install dnscrypt:
    Code:
    opkg install dnscrypt-proxy dnscrypt-proxy-hostip
  3. Tell router to use it:
    Code:
    echo "no-resolv" > /jffs/configs/dnsmasq.conf.add
    echo "server=127.0.0.1#65053" >> /jffs/configs/dnsmasq.conf.add
  4. Put this content to /jffs/scripts/wan-start:
    Code:
    #!/bin/sh
    
    # Wait up to 15 seconds to make sure /opt partition is mounted
    i=0
    while [ $i -le 15 ]
    do
        if [ -d /opt/tmp ]
        then
            break
        fi
        sleep 1
        i=`expr $i + 1`
    done
    
    # Now resolve DNS name for NTP server
    ntp_name=$(nvram get ntp_server0)
    grep "$ntp_name" /etc/hosts > /dev/null 2>&1 || \
    for ip in $(/opt/sbin/dnscrypt-proxy-hostip $ntp_name)
    do
        echo $ip $ntp_name >>  /etc/hosts
    done
    
    # and restart NTP client to eliminate 4-5 mins delay
    killall ntp && sleep 1
    service restart_ntpc
    and make it executable:
    Code:
    chmod +x /jffs/scripts/wan-start
  5. Reboot router and make sure it works.

Here is boot log, look OK: dnscrypt-proxy started after 25 seconds of booting. Waiting for confirmation before changing first post.
 
Last edited:
Similar threads
Thread starter Title Forum Replies Date
S DoT as fallback for dnscrypt-proxy? Asuswrt-Merlin 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top