Dnscrypt from opendns

[krabs]

I wanted to ask, when updating the firmware, do I have to reinstall entware / dnscrypt again?

No you don't need to reinstall it. Entware is installed on your usb device, sdcard and a firmware update will never erase it.
It is possible that JFFS gets erased so you must create the scripts again but it happens almost never.

 

[solo]

No you don't need to reinstall it. Entware is installed on your usb device, sdcard and a firmware update will never erase it.
It is possible that JFFS gets erased so you must create the scripts again but it happens almost never.

Thank you!

 

[S_Mulligan]

dnscrypt + OpenVPN?

I have a couple questions about using dnscrypt + OpenVPN client mode together:

Assume that both dnscrypt and openvpn client are configured. Dnscrypt is active at wan start; openvpn is off. What effect would turning on openvpn have on dns requests? Would they still be made via dnscrypt? or would they be re-routed through the vpn? Is this what "Accept DNS Configuration" is for?

If dnscrypt takes precedence (so to speak) over the vpn's dns config, is there a way to over-ride it so that dns requests are passed through the vpn along with everything else?

 

[owine]

Should this configuration support IPv6 as well whether running natively or via a tunnel? If not out of the box, any configuration changes that can be made to support IPv6.

 

[puremind]

Ok, starting over.

1. Install Entware,
2. Install dnscrypt:

   opkg install dnscrypt-proxy dnscrypt-proxy-hostip

3. Tell router to use it:
   

   echo "no-resolv" > /jffs/configs/dnsmasq.conf.add
   echo "server=127.0.0.1#65053" >> /jffs/configs/dnsmasq.conf.add

4. Put this content to /jffs/scripts/wan-start:
   

   #!/bin/sh
   
   # Wait up to 15 seconds to make sure /opt partition is mounted
   i=0
   while [ $i -le 15 ]
   do
       if [ -d /opt/tmp ]
       then
           break
       fi
       sleep 1
       i=`expr $i + 1`
   done
   
   # Now resolve DNS name for NTP server
   ntp_name=$(nvram get ntp_server0)
   grep "$ntp_name" /etc/hosts > /dev/null 2>&1 || \
   for ip in $(/opt/sbin/dnscrypt-proxy-hostip $ntp_name)
   do
       echo $ip $ntp_name >>  /etc/hosts
   done
   
   # and restart NTP client to eliminate 4-5 mins delay
   killall ntp && sleep 1
   service restart_ntpc

   and make it executable:
   

   chmod +x /jffs/scripts/wan-start

5. Reboot router and make sure it works.

Here is boot log, look OK: dnscrypt-proxy started after 25 seconds of booting. Waiting for confirmation before changing first post.

Hi guys:

I've been doing all this and had the same no internet issue after restart.

The issue I am seeing here is that if you install entware using "The easy way":
https://github.com/RMerl/asuswrt-merlin/wiki/Entware

it doesn't work.

It DOES work if you DELETE the asusware folder (or entware folder will not mount):
If you have previously used Optware or Download Master you must remove the current installation:

rm -rf asusware

So, to properly do this, after or before installing entware, execute the code :
rm -rf asusware
=> or the ln -sf command (to mount entware on top of the /opt folder) will not work.

Then, install entware using "The easy way" and all will be fine.
Hope this helps.

 

[krabs]

If we want to run two instances of dnscrypt eg: on 127.0.0.1 127.0.0.2 for dual redundancy.
What's the best way to do this in entware as creating a duplicate of the daemon-script with differents parameters won't start because there's already one running.

At the moment, there are a lot of other free dns resolvers which can do the same as opendns ex dnscrypt.eu (no logs unlike opendns).
dnscrypt.eu

Just add the required parameters in the daemon if someone is interested

ARGS="--daemonize (--user=dnscrypt) --local-address=127.0.0.1:65053 --resolver-address=176.56.237.171:443 --provider-name=2.dnscrypt-cert.resolver1.dnscrypt.eu --provider-key=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66"

 

[sinshiva]

you'd have to create a second loopback interface for that. you'd probably be better off finding a way to make it running on a separate port with a different process id

 

[krabs]

you'd have to create a second loopback interface for that. you'd probably be better off finding a way to make it running on a separate port with a different process id

Hmm not 100% sure about that. It's possible to bind to 127.0.0.2 without that I have added another loopbackadres. Only enabling both at the same time doesn't work when using entware's daemon-script but this something I must search for in entware rc.func I think.

 

[GoNz0]

I have set this up and the laptop works fine for a few minutes then http://www.opendns.com/welcome/ tells me I am no longer using opendns that worked when the routers rebooted, any ideas?

thanks.

 

[GoNz0]

I have set this up and the laptop works fine for a few minutes then http://www.opendns.com/welcome/ tells me I am no longer using opendns that worked when the routers rebooted, any ideas?

thanks.

it seems that the dns service running on my laptops the problem as i get the "you're using opendns" page back as soon as I disable it.

best to leave that service off then ?

 

[GoNz0]

still having issues with this, it will work for a short time then stop again

 

[rambojudah]

USB issue

Hello,

I followed all the instructions for the article: Improve Your Web Surfing Speed with OpenDNS, and successfully installed everything on my ASUS RT-N16. I am using the latest Merlin built 374.35_4

I tested the scripts under wan-start and it executes fine.

The issue i am having is with my USB Flash drive.
Its a 32gb drive formatted to EXT2. When i plug it in, the router recognizes it in fractions of second and its mounted and i can see all the files in it.
However, when i reboot the router the USB is not mounted or not shown. I have to manually unplug and plug it back in.

Any suggestions or tips would be appreciated.

Thanks
Judah

 

[GoNz0]

try changing from wan-start to post-mount?

 

[TeHashX]

Ext3 is a better choice, I had the same issue with a usb hdd and solved by updating firmware from wd site.
Try with another usb or downgrade to an older router firmware.

 

[rambojudah]

Ext3 is a better choice, I had the same issue with a usb hdd and solved by updating firmware from wd site.
Try with another usb or downgrade to an older router firmware.

Thanks, issue has been resolved. I tried a different 4gb USB flash drive and it works.

 

[prp2]

Any other thoughts on getting this to work for IPv4/v6 simultaneously? That would be ideal. As it stands, I currently have IPv6 disabled on my router because I don't want to use my ISP's DNS servers and want to keep the encryption on both.

 

[bilboSNB]

Bonjour. Thanks for this guide. I have followed the instructions as per:

https://github.com/RMerl/asuswrt-merlin/wiki/Improve-Your-Web-Surfing-Speed-with-OpenDNS

But it no takes 5 to 10 minutes for my internet to start working again after a reboot. Looking at the log it does look as though it is because dnscrypt cannot authenticate due to the system time being incorrect. Is there something else I need to do in addition to the linked instructions to speed the process up?

 

[owine]

Bonjour. Thanks for this guide. I have followed the instructions as per:

https://github.com/RMerl/asuswrt-merlin/wiki/Improve-Your-Web-Surfing-Speed-with-OpenDNS

But it no takes 5 to 10 minutes for my internet to start working again after a reboot. Looking at the log it does look as though it is because dnscrypt cannot authenticate due to the system time being incorrect. Is there something else I need to do in addition to the linked instructions to speed the process up?

See http://forums.smallnetbuilder.com/showpost.php?p=116729&postcount=2. Instead of directly appending to /etc/hosts, moving to a hosts.add route instead clears this up.

 

[bilboSNB]

Thank you, that worked.

 

[faria]

Hi guys I need some help Please

I had Dnscrypt from opendns working on the rt-ac66u running merlin 374.42 for quite some time without any problems.
Then yesterday i decided to update it in order to use the EU server, Since then it stopped working.
I have reformatted jffs and started again.

Problems:
Internet lost even when the device says its connected, all clients loose internet but Skype is able to connect to its servers!

here is the log:

Jun  2 13:50:51 syslog: Resolver information required.
Jun  2 13:50:51 syslog: The easiest way to do so is to provide a resolver name.
Jun  2 13:50:51 syslog: Example: dnscrypt-proxy -R mydnsprovider
Jun  2 13:50:51 syslog: See the file [/opt/share/dnscrypt-proxy/dnscrypt-resolvers.csv] for a list of compatible public resolvers
Jun  2 13:50:51 syslog: The name is the first column in this table.
Jun  2 13:50:51 syslog: Alternatively, an IP address, a provider name and a provider key can be supplied.
Jun  2 13:50:51 syslog: Please consult http://dnscrypt.org and the dnscrypt-proxy(8) man page for details.
Jun  2 13:50:51 admin: Started dnscrypt-proxy from .

Im at a lost in what im doing wrong, i really don't want to reset the router because i have a ton of ports fowading rules.

Any help would be appreciated ,many thanks.