DNScrypt dnscrypt installer for asuswrt

[HairyA00]

This was the primary reason I brought DNScrypt back up: https://www.snbforums.com/threads/release-dnscrypt-installer-for-asuswrt.36071/page-66#post-520713

 

[SomeWhereOverTheRainBow]

Yea DNScrypt Proxy is far from obsolete it is still rolling out with new developments. maybe some older protocols of DNScrypt itself are on the early point of obsolete, but those are older protocols that do not support newer anonymized functionality and newer cryptographic key exchange features users can research which servers are still using those and make their own judgement call weather or not to use them.

 

[Butterfly Bones]

Most DNSCrypt proxy criticism is around version 1 which is old and abandoned. Then version 2 was implemented and taken over by a new developer.

This version is version 2 under heavy development and improvement. Most Google results come up around version 1 not version 2. Google "DNSCrypt proxy version 2" for better information.

https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Differences-to-v1

 

[JaimeZX]

OK, I'm easy to convince.

Re-installed the script; I saw the "wildcard for relay" menu option, which I'm not used to. I did a bit of Googling and still a little confused.

When the installer asks:

What do you want to do:
  1) Disable Relays for DNSCRYPT servers
  2) Pick Relays for DNSCRYPT servers
  3) Use Previous Relays for DNSCRYPT servers

I understand the purpose of the relays. No doubt things would be faster with Relaying disabled... but what does "Use Previous Relays" do? (I picked that one, but I honestly have no idea.)

 

[SomeWhereOverTheRainBow]

OK, I'm easy to convince.

Re-installed the script; I saw the "wildcard for relay" menu option, which I'm not used to. I did a bit of Googling and still a little confused.

When the installer asks:

What do you want to do:
  1) Disable Relays for DNSCRYPT servers
  2) Pick Relays for DNSCRYPT servers
  3) Use Previous Relays for DNSCRYPT servers

I understand the purpose of the relays. No doubt things would be faster with Relaying disabled... but what does "Use Previous Relays" do? (I picked that one, but I honestly have no idea.)

it allows you to keep any relays you previously defined thus keeping you from having to redo them after already running the configuration setup. say for example you only wanted to change your servers. all the other options will make you relist relays or disable relays.
option 2 is what you want if you want to add relays. note they only work for DNSCYPT servers if you pick a DoH server and no DNSCRYPT servers it will ask you if you want to switch to automatically define servers so you can still benefit from relays, then it will ask you what relays you want to use.

Maybe next update i will change that to 3)Skip Relays Setup so it will become less confusing.

 

[JaimeZX]

Okay, so presumably since I chose "use previous relays" and I have never set up any relays... I have no relays working.

Is there a giant list-o-relays out there somewhere?

 

[SomeWhereOverTheRainBow]

Okay, so presumably since I chose "use previous relays" and I have never set up any relays... I have no relays working.

Is there a giant list-o-relays out there somewhere?

You have to choose option 2) Pick relays and you must have chosen a Dnscrypt -server (not DOH) to get the menu to populate.
BTW I have now changed the installer lingo to skip instead of the confusing use previous relays.

now looks like this

    echo -e "  1) Disable Relays for DNSCRYPT servers"
    echo -e "  2) Pick Relays for DNSCRYPT servers"
    echo -e "  3) Skip Choosing Relays for DNSCRYPT servers"

 

[SomeWhereOverTheRainBow]

*Update* DI_VERSION=v2.0.0 *Update*

• Added an installer version DI_VERSION=v2.0.0 per @thelonelycoder suggestion to better support AMTM compatibility.
• Added option to define a Static Server if the Server is not available inside list of Servers provided by Dnscrypt-Proxy Menu. User must have SDNS stamp of the server they are attempting to use, and also provide a custom name of their choice. Added Per discussions with @Zastoff
• Added the "First" option for Load Balancing options which has replaced "fastest" Per @Zastoff recommendation.
• Fixed Cosmetic Issues to cut down on User confusion. Per @JaimeZX Discoveries.

 

[Zastoff]

To explain Static Server a bit:
Example:
A vpn-providers DNS servers support DNSCrypt or DoH but their servers is not included in the normal server list(public-resolvers.md)
So either you can get a sdns Stamp from them or you can ask their support for:
Ip address:
Provider public key:
Provider Name:
Insert that info here: Online DNS Stamp Calculator and you get the correct sdns Stamp
With the updated installer the stamp can now be added and be used thru installer menu

Sort the same thing with NextDNS but the installer detects if nextdns server is chosen since it is in the list of servers and asks the user for their personal sdns Stamp from nextdns account page(if user has one or skip and use the normal without filtering)
Thanks to @SomeWhereOverTheRainBow

 

[joe scian]

To explain Static Server a bit:
Example:
A vpn-providers DNS servers support DNSCrypt or DoH but their servers is not included in the normal server list(public-resolvers.md)
So either you can get a sdns Stamp from them or you can ask their support for:
Ip address:
Provider public key:
Provider Name:
Insert that info here: Online DNS Stamp Calculator and you get the correct sdns Stamp
With the updated installer the stamp can now be added and be used thru installer menu

Sort the same thing with NextDNS but the installer detects if nextdns server is chosen since it is in the list of servers and asks the user for their personal sdns Stamp from nextdns account page(if user has one or skip and use the normal without filtering)
Thanks to @SomeWhereOverTheRainBow

how does one upgrade installer from 2.0.0 to 2.0.1 using amtm 3.1.0 fw version and alpha 2 firmware?

 

[Zastoff]

how does one upgrade installer from 2.0.0 to 2.0.1 using amtm 3.1.0 fw version?

hmm should work
Try di in amtm first as @SomeWhereOverTheRainBow wrote
or

rm /jffs/dnscrypt/installer

and start amtm again and di you will get version 2.0.1

 

[SomeWhereOverTheRainBow]

hmm should work
But i also had a issue with it atm

rm /jffs/dnscrypt/installer

and start amtm again and di you will get version 2.01

if you are on 2.0.0 all you need to do it type di

 

[SomeWhereOverTheRainBow]

 

[joe scian]

how does one upgrade installer from 2.0.0 to 2.0.1 using amtm 3.1.0 fw version and alpha 2 firmware?

hmm should work
Try di in amtm first as @SomeWhereOverTheRainBow wrote
or

rm /jffs/dnscrypt/installer

and start amtm again and di you will get version 2.0.1

thanks that did the trick

 

[SomeWhereOverTheRainBow]

*Update DI_Version=v2.0.3*

• Many thanks and A lot of credit is due to @thelonelycoder for making it possible to update the installer through AMTM.
• Many improvements to functionality in between dnsmasq, vpn service, and dnscrypt-proxy. Many Thanks due to @Zastoff for many hours of testing dnscrypt-installer with the VPN service he uses. To prevent any issues with new improvements run the installers update function and specify to reconfigure, but you can specify to start with previous config file.
• Removal of need for firewall function as Routers DNSFilter can be used for better functionality. Suggestions provided by @dave14305 many thanks!

 

[Zastoff]

Important with this update
If you update via amtm (see this post) enter amtm and start with u then di make sure you get the new version of the installer before coming to the dnscrypt-proxy menu.
There should be a sort of confirm before you get dnscrypt menu.
If you are still not sure, Exit the menu
and enter this in your terminal

rm /jffs/dnscrypt/installer

then start amtm again and di and you will get the newest installer for dnscrypt.

Also Important:--> DNSCrypt menu option 1 install/update (will get the new manager)
and

specify to reconfigure, but you can specify to start with previous config file.

This update also changes the old "listen_addresses = ['127.0.0.1:65053']" to "listen_addresses = ['127.0.1.1:53']"
So if DNSCrypt-proxy gets updated without the newest installer downloaded first it will not work.
If it happens anyway you can manually edit /jffs/dnscrypt/dnscrypt-proxy.toml with the correct:

listen_addresses = ['127.0.1.1:53']

and restart the proxy with:

/jffs/dnscrypt/manager dnscrypt-start

or
Recommend doing a backup of JFFS in webui before update, For easy rollback if something is not working with a newer version
Administration - Restore/Save/Upload Setting: Backup JFFS partition: Save

Restore JFFS backup if needed and reboot router

And Thanks @SomeWhereOverTheRainBow for another really Good update !

edit:
Correcting amtm usage
Thank you @thelonelycoder

 

[thelonelycoder]

If you update via amtm with di make sure you get the new version of the installer before coming to the dnscrypt-proxy menu.
There should be a sort of confirm before you get dnscrypt menu.

Be sure to have the latest amtm files, use uu to force update amtm, then run u and then open di.
The u update function checks for an update and if one is found for di, stores it in a file, which di then picks up.

 

[fox244243904]

I have a little problem with the latest dnscrypt-installer 2.0.3:
=> Please enter the number designates your selection:, [1-9/q]: 1
Info: This operation will install dnscrypt-proxy and related files (<6MB)
Info: to jffs, no other data will be changed.
Info: Also some start scripts will be installed/modified as required.
=> Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
Info: manager is up to date. Skipping...
Info: Downloading dnscrypt-proxy-linux_arm64-2.0.38.tar.gz
Info: Downloading public-resolvers.md
Info: Downloading public-resolvers.md.minisig
Info: Downloading relays.md
Info: Downloading relays.md.minisig
tar: invalid magic
tar: short read
*** Error: Unable to download dnscrypt-proxy package for your router

I already used the force update uu and u in amtm.

Its just working fine now just tried again

 

[SomeWhereOverTheRainBow]

**SPOILERS BIGTIME**

Spoiler

Info:  Detected ARMv7 architecture.
 Info:  DNSCRYPT_VER=2.0.38
 Info:  DI_VERSION=v2.0.4
 Info:  DNS Environment is Ready.
 Info:  JFFS custom scripts and configs are already enabled
 Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  q) Quit
 =>  Please enter the number designates your selection:, [1-9/q]: q
 Info:  Operations have been applied if any has been made
 Info:  In case of anomaly, please reboot your router!

Spoiler

 Info:  Detected ARMv7 architecture.
 Info:  New DNSCRYPT_VER=2.0.38 Available!
 Info:  Run Option 1 of the Installer to upgrade DNScrypt Proxy.
 Info:  New DI_VERSION=v2.0.3 Available!
 Info:  Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer.
 Info:  DNS Environment is Ready.
 Info:  JFFS custom scripts and configs are already enabled
 Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  q) Quit
 =>  Please enter the number designates your selection:, [1-9/q]: 1
 Info:  This operation will install dnscrypt-proxy and related files (<6MB)
 Info:  to jffs, no other data will be changed.
 Info:  Also some start scripts will be installed/modified as required.

 =>  Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
 Info:  DI_VERSION=v2.0.4 is current, no new DNScrypt Asuswrt Installer Version Available.
 Info:  manager is up to date. Skipping...
 Info:  New DNSCRYPT_VER=2.0.38 Available!
 Info:  Updating DNSCRYPT_VER=2.0.36 to 2.0.38 .
 Info:  Downloading dnscrypt-proxy-linux_arm-2.0.38.tar.gz
linux-arm/
linux-arm/example-ip-blacklist.txt
linux-arm/example-dnscrypt-proxy.toml
linux-arm/example-forwarding-rules.txt
linux-arm/localhost.pem
linux-arm/dnscrypt-proxy
linux-arm/example-whitelist.txt
linux-arm/LICENSE
linux-arm/example-blacklist.txt
linux-arm/example-cloaking-rules.txt
 Info:  Downloading public-resolvers.md
 Info:  Downloading public-resolvers.md.minisig
 Info:  Downloading relays.md
 Info:  Downloading relays.md.minisig
 Info:  dnsmasq.postconf file already configured
 Info:  init-start file already configured
 Info:  wan-start file already configured
 Info:  Configuring dnscrypt-proxy...
 Info:  Checking dnscrypt-proxy configuration...
 Info:  Found previous dnscrypt-proxy config file
 =>  Do you want to use this file without reconfiguring? [y/n]: y
 Info:  Use previous settings file
 Info:  Checking for Anonymized Dnscrypt Support
 Info:  Users may only specify Wild-card Relay Support (server_name *)
 Info:  All DNSCRYPT Server traffic will be sent through same set of chosen Relays.
 Info:  With this Menu, Users Can Disable, Pick, or Skip Relay Support for DNSCRYPT servers.
 Info:  Picking Relays brings up Menu for Choosing Relays.
 Info:  Skip allows Users to skip configuring relays.
 Info:  NOTE: You must disable if you want to turn off Relays that were defined on earlier configurations...
 Info:  What do you want to do:
  1) Disable Relays for DNSCRYPT servers
  2) Pick Relays for DNSCRYPT servers
  3) Skip Choosing Relays for DNSCRYPT servers
 =>  Your choice, [1-3]: 3
 Info:  Continue without Adding or Modifying Relays Support
 Info:  Staring dnscrypt-proxy...

Spoiler

 Info:  Detected ARMv7 architecture.
 Info:  DNSCRYPT_VER=2.0.38
 Info:  New DI_VERSION=v2.0.4 Available!
 Info:  Run Option 1 of the Installer to upgrade DNScrypt Asuswrt Installer.
 Info:  DNS Environment is Ready.
 Info:  JFFS custom scripts and configs are already enabled
 Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  q) Quit
 =>  Please enter the number designates your selection:, [1-9/q]: 1
 Info:  This operation will install dnscrypt-proxy and related files (<6MB)
 Info:  to jffs, no other data will be changed.
 Info:  Also some start scripts will be installed/modified as required.

 =>  Do you want to install dnscrypt-proxy to /jffs? [y/n]: y
 Info:  New DI_VERSION=v2.0.4 Available!
 Info:  Updating DI_VERSION=v2.0.3 to v2.0.4 .
 Info:  Downloading installer
 Info:  DI_VERSION=v2.0.4 is current, no new DNScrypt Asuswrt Installer Version Available.
 Info:  manager is up to date. Skipping...
 Info:  No New DNScrypt-Proxy Version Available.
 Info:  Downloading public-resolvers.md
 Info:  Downloading public-resolvers.md.minisig
 Info:  Downloading relays.md
 Info:  Downloading relays.md.minisig
 Info:  dnsmasq.postconf file already configured
 Info:  init-start file already configured
 Info:  wan-start file already configured
 Info:  Configuring dnscrypt-proxy...
 Info:  Checking dnscrypt-proxy configuration...
 Info:  Found previous dnscrypt-proxy config file
 =>  Do you want to use this file without reconfiguring? [y/n]: y
 Info:  Use previous settings file
 Info:  Checking for Anonymized Dnscrypt Support
 Info:  Users may only specify Wild-card Relay Support (server_name *)
 Info:  All DNSCRYPT Server traffic will be sent through same set of chosen Relays.
 Info:  With this Menu, Users Can Disable, Pick, or Skip Relay Support for DNSCRYPT servers.
 Info:  Picking Relays brings up Menu for Choosing Relays.
 Info:  Skip allows Users to skip configuring relays.
 Info:  NOTE: You must disable if you want to turn off Relays that were defined on earlier configurations...
 Info:  What do you want to do:
  1) Disable Relays for DNSCRYPT servers
  2) Pick Relays for DNSCRYPT servers
  3) Skip Choosing Relays for DNSCRYPT servers
 =>  Your choice, [1-3]: 3
 Info:  Continue without Adding or Modifying Relays Support
 Info:  Staring dnscrypt-proxy...

Done.
 Info:  For dnscrypt-proxy version 2 to work reliably, you might also want to:
 Info:   - Add swap
 Info:   - Add a RNG
 Info:   - Set your timezone
 Info:  Operation completed. You can quit or continue
=====================================================


 Info:  Choose what you want to do:
  1) Install/Update dnscrypt-proxy
  2) Uninstall dnscrypt-proxy
  3) Configure dnscrypt-proxy
  4) Set timezone
  5) Unset timezone
  6) Install (P)RNG
  7) Uninstall (P)RNG
  8) Install swap file
  9) Uninstall ALL
  q) Quit
 =>  Please enter the number designates your selection:, [1-9/q]:

.

 

[Zastoff]

*Update DI_Version=v2.0.4*

• Many thanks @SomeWhereOverTheRainBow For this new and improved installer update
• Improvements to DNSCrypt installer menu
• It will now check & display DNSCrypt-proxy & Installer version and can be updated with menu option 1 install/update
• If user updates from before DI_Version=v2.0.3 To prevent any issues with new improvements run the installers update function and specify to reconfigure, but you can specify to start with previous config file.
• Version 2.0.38 & 2.0.39 of DNSCrypt-proxy Released ! Update/Install thru amtm or DNScrypt installer menu
• Installers current Features

Spoiler: DNSCrypt menu

Info: Detected ARMv7 architecture.
Info: New DNSCRYPT_VER=2.0.39 Available!
Info: Run Option 1 of the Installer to upgrade DNScrypt Proxy.
Info: DI_VERSION=v2.0.4
Info: DNS Environment is Ready.
Info: JFFS custom scripts and configs are already enabled
Info: Choose what you want to do:
1) Install/Update dnscrypt-proxy
2) Uninstall dnscrypt-proxy
3) Configure dnscrypt-proxy
4) Set timezone
5) Unset timezone
6) Install (P)RNG
7) Uninstall (P)RNG
8) Install swap file
9) Uninstall ALL
q) Quit
=> Please enter the number designates your selection:, [1-9/q]: