1. Post filters have been ramped up due to high spam activity. If your post is marked for moderation, be patient. A moderator will review and release it as soon as possible.
    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNSCrypt is reborn!

Discussion in 'Asuswrt-Merlin' started by DonnyJohnny, Jan 12, 2018.

Tags:
  1. DonnyJohnny

    DonnyJohnny Regular Contributor

    Joined:
    Dec 17, 2017
    Messages:
    148
    New DNSCrypt v2 is here..
    https://github.com/jedisct1/dnscrypt-proxy

    For people who are interested in getting your hand dirty with this beta, my usual command to have a quick start below.
    The precompiled binary is located at
    https://github.com/jedisct1/dnscrypt-proxy/releases
    Downland the arm version.

    Environment I copy them to my USB drive label Main and beta 8. Modify to your needs.
    Code:
    wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.0beta8/dnscrypt-proxy-linux_arm-2.0.0beta8.tar.gz -P /mnt/Main/
    
    tar -zxvf /mnt/Main/dnscrypt-proxy-linux_arm-2.0.0beta8.tar.gz -C /mnt/Main && rm /mnt/Main/dnscrypt-proxy-linux_arm-2.0.0beta8.tar.gz
    
    Config the toml file
    nano /mnt/Main/linux-arm/dnscrypt-proxy.toml
    (Listening port is 65053, not 53)
    
    Create a simple bash script to start the app
    nano /mnt/Main/linux-arm/start-dnscrypt.sh
    
    Inside the sh file
    #!/bin/sh
    killall dnscrypt-proxy
    logger -t dnscrypt-proxy "Starting DNSCrypt-proxy"
    nohup /mnt/Main/linux-arm/dnscrypt-proxy -config /mnt/Main/linux-arm/dnscrypt-proxy.toml -loglevel 2 2>&1 | logger -t dnscrypt-proxy &
    
    Save it.
    
    Give exec right to sh file
    chmod a+rx /mnt/Main/linux-arm/start-dnscrypt.sh
    
    Add listening port to dnsmasq
    nano /jffs/configs/dnsmasq.conf.add    (If file not found, create it)
    
    Add this and save it.
    server=127.0.0.1#65053
    server=::1#65053      (If u are using ipv6)
    server=/pool.ntp.org/8.8.8.8
    server=/raw.githubusercontent.com/8.8.8.8
    
    Restart dnsmasq service
    service restart_dnsmasq
    
    Go your router GUI,
    Set the Wan and IPv6, to Manual configure and leave dns 1 and dns 2 EMPTY.
    
    You may now start the sh file
    /mnt/Main/linux-arm/start-dnscrypt.sh
    
    You need to add the sh file to firewall-start script to allow it to load up during reboot.
    nano /jffs/scripts/firewall-start      (If file not found, create it and give it exec right,   chmod a+rx /jffs/scripts/firewall-start )
    
    Add this along first line. ( all sh file must have "#!/bin/sh" at first line)
    #!/bin/sh
    /mnt/Main/linux-arm/start-dnscrypt.sh
    
    Save it.
    
    Check your syslog.

    It is recommended to create a swap file due to the program is resources hungry. I created my swap via ab-solutions or Skynet.
    Personally some of my setting in toml file
    daemonize = true
    cache=false


    Take note that installer in another thread by bigeye0x0 is working on it.
    Read here.
    https://www.snbforums.com/threads/dnscrypt-is-reborn.43869/page-5#post-374776
     
    Last edited: Jan 22, 2018 at 6:35 AM
    thelonelycoder and joegreat like this.
  2. XIII

    XIII Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    290
    joegreat and skeal like this.
  3. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    695
    Location:
    Canada
    Oh I like this!! Sure would like a auto install but if not possible a manual config would sure be nice guys!
     
  4. Protik

    Protik Regular Contributor

    Joined:
    Oct 31, 2017
    Messages:
    81
    For a novice user like me, some instruction on installation and usage would be really useful.
     
    Chris313AllNight likes this.
  5. StefanoN

    StefanoN New Around Here

    Joined:
    Dec 31, 2017
    Messages:
    8
    Hi
    Also for me, thanks :)
     
  6. M@rco

    [email protected] Regular Contributor

    Joined:
    Dec 23, 2017
    Messages:
    65
    Do you mind sharing what steps you've taken to get it working? I get a fatal error when launching it:

    Code:
    ./dnscrypt-proxy
    [2018-01-13 16:26:17] [-] [NOTICE] [2.dnscrypt-cert.resolver2.dnscrypt.eu.] Valid cert found: [d616d26809d229a79457de073de8ebd83c24bff32bf7b406108b44da51fe3711]
    [2018-01-13 16:26:17] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
    
    What I did so far:

    • downloaded the precompiled binary
    • created a directory /etc/dnscrypt-proxy <-- useless, see post below
    • extracted the contents of the archive into that directory
    • changed permissions on the directory and its contents
    • made the binary executable
    • edited the .toml config file to use the closest dnscrypt server
    • tried to start dnscrypt-proxy
    ... which resulted in the error above.

    I checked whether dns filtering is disabled, which is true, so I don't know what's running at 127.0.0.1:53. Searched the web for info on how to figure it out, but could only find netstat parameters which don't work on our limited version of netstat. htop didn't show any info, as far as I can tell, of which process is using port 53 on my RT-AC68U. Some pointers in the right direction would be appreciated.
     
    Last edited: Jan 13, 2018
  7. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    695
    Location:
    Canada
    You script guys are awesome!!:D Keep up the good work. This is getting closer all the time!
     
  8. ryzhov_al

    ryzhov_al Very Senior Member

    Joined:
    Jul 23, 2012
    Messages:
    642
    Location:
    Russia
    New one is written in GO, which consumes too much resources on embedded systems:(
     
  9. M@rco

    [email protected] Regular Contributor

    Joined:
    Dec 23, 2017
    Messages:
    65
    That's too bad :(

    Still curious how @XIII managed to get it running, as installing in /etc is not really an option. It's gone after a reboot and the precompiled binary quits if it's unable to find its config in /etc/dnscrypt-proxy.
     
  10. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    3,722
    Location:
    Switzerland
    /etc/dnscrypt-proxy is useless on the router, once rebooted that directory is gone.
     
    [email protected] likes this.
  11. DonnyJohnny

    DonnyJohnny Regular Contributor

    Joined:
    Dec 17, 2017
    Messages:
    148
    use symlink to do that.
    u can install the script in your usb drive or jffs
    the symlink to /tmp/etc/dnscrypt-proxy
    eg. ln -s /jffs/dnscrypt-proxy /tmp/etc/dnscrypt-proxy
    same time may need to add the symlink command at user script in service-start
    and at wan-start, start the dnscrypt-proxy

    i think you may still need to set server=127.0.0.1#65052 in /jffs/configs/dnsmasq.conf.add

    do a reboot to try them.

    i have not try it. you try and tell me. lol

    by the way, there is already new commits for the dnscrypt-proxy v2. they change the directory requirement (/etc/dnscrypt-proxy) to same directory as dnscrypt-proxy (to find the dnscrypt-proxy.toml) See Link. Waiting for new compiled version. Unless someone know how to compile for us.
     
    Last edited: Jan 13, 2018
  12. M@rco

    [email protected] Regular Contributor

    Joined:
    Dec 23, 2017
    Messages:
    65
    Thanks, I figured that out :D

    @DonnyJohnny Thanks for your assistance. I think I'll wait for the next pre-compiled version as well. As you can see, my knowledge is limited, but it was worth a try.
     
  13. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    25,430
    Location:
    Canada
    Great. Another programmer who uses a less efficient language just "because they can", and they think it's cool. Sigh.
     
  14. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,078
    Location:
    United Kingdom
    DNSCrypt can be installed via Option 2 in thelonelycoder’s AMTM

    https://www.ab-solution.info/amtm.html

    I don’t know if that extends to the new version, though; I’ve not used it - so far.
     
  15. M@rco

    [email protected] Regular Contributor

    Joined:
    Dec 23, 2017
    Messages:
    65
    That's the old version of the installer by @bigeyes0x0, there's no installer (yet) for the rewritten DNSCrypt, if there will be any given the hunger for system resources as mentioned above by @ryzhov_al.
     
    martinr likes this.
  16. XIII

    XIII Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    290
    There’s a command line option to use a different path for the configuration log file.

    I can’t try right now, but running the executable with —help might show it.

    Furthermore, I used port 65053 instead of 53 (which I already did for the old version).
     
  17. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,078
    Location:
    United Kingdom
    Having looked at the list of differences between the 2 versions, I imagine ther’s an argument even for giving the new version a quite.new name, too.
     
    skeal likes this.
  18. DonnyJohnny

    DonnyJohnny Regular Contributor

    Joined:
    Dec 17, 2017
    Messages:
    148
    We still need to make dnsmasq listen to 127.0.0.1: port?
     
  19. XIII

    XIII Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    290
    I use this in dnsmasq.conf.add:

    Code:
    no-resolv
    server=127.0.0.1#65053
     
  20. DonnyJohnny

    DonnyJohnny Regular Contributor

    Joined:
    Dec 17, 2017
    Messages:
    148
    https://github.com/jedisct1/dnscrypt-proxy/releases
    Alpha 5 is out. Looks better with csv link included inside the log.

    I tested the alpha3 yesterday. Strangely only managed to use Cisco. The rest of the resolvers not working for me. I think it got something to do with dnssec validation. Hope this alpha5 works.

    Also, yes, this GoLang version used more resources. But given the features it offers sound attractive. Let’s see how it go.

    Question...
    I used to be able to see the dnscrypt-proxy log. Like recieving cert and proxying to... now these I can’t see the log in syslog. Anyone know why?
     

Share This Page