1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNSCrypt is reborn!

Discussion in 'Asuswrt-Merlin' started by DonnyJohnny, Jan 12, 2018.

Tags:
  1. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    New DNSCrypt v2 is here..
    https://github.com/jedisct1/dnscrypt-proxy

    For people who are interested in getting your hand dirty with this beta, my usual command to have a quick start below.
    The precompiled binary is located at
    https://github.com/jedisct1/dnscrypt-proxy/releases
    Downland the arm version.

    Environment I copy them to /jffs and beta 10. Modify to your needs.
    Code:
    wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.0beta10/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz -P /jffs
    
    tar -zxvf /jffs/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz -C /jffs && rm /jffs/dnscrypt-proxy-linux_arm-2.0.0beta10.tar.gz
    
    Config the toml file
    nano /jffs/linux-arm/dnscrypt-proxy.toml
    (Listening port is 65053, not 53)
    
    Move everything to /jffs/dnscrypt-proxy
    cp -f /jffs/linux-arm/* /jffs/dnscrypt-proxy && rm -r /jffs/linux-arm
    
    Create a simple bash script to start the app
    nano /jffs/dnscrypt-proxy/start-dnscrypt.sh
    
    Inside the sh file
    #!/bin/sh
    killall dnscrypt-proxy
    logger -t dnscrypt-proxy "Starting DNSCrypt-proxy"
    nohup /jffs/dnscrypt-proxy/dnscrypt-proxy -config /jffs/dnscrypt-proxy/dnscrypt-proxy.toml -loglevel 2 2>&1 | logger -t dnscrypt-proxy &
    
    Save it.
    
    Give exec right to sh file
    chmod a+rx /jffs/dnscrypt-proxy/start-dnscrypt.sh
    
    Add listening port to dnsmasq
    nano /jffs/configs/dnsmasq.conf.add    (If file not found, create it)
    
    Add this and save it.
    server=127.0.0.1#65053
    server=::1#65053      (If u are using ipv6)
    server=/pool.ntp.org/8.8.8.8
    server=/raw.githubusercontent.com/8.8.8.8
    
    Restart dnsmasq service
    service restart_dnsmasq
    
    Go your router GUI,
    Set the Wan and IPv6, to Manual configure and leave dns 1 and dns 2 EMPTY.
    
    You may now start the sh file
    /jffs/dnscrypt-proxy/start-dnscrypt.sh
    
    You need to add the sh file to firewall-start script to allow it to load up during reboot.
    nano /jffs/scripts/firewall-start      (If file not found, create it and give it exec right,   chmod a+rx /jffs/scripts/firewall-start )
    
    Add this along first line. ( all sh file must have "#!/bin/sh" at first line)
    #!/bin/sh
    /jffs/dnscrypt-proxy/start-dnscrypt.sh
    
    Save it.
    
    Check your syslog.

    It is recommended to create a swap file due to the program is resources hungry. I created my swap via ab-solutions or Skynet.
    Personally some of my setting in toml file
    daemonize = true
    cache=false


    Take note that installer in another thread by bigeye0x0 is working on it.
    Read here.
    https://www.snbforums.com/threads/dnscrypt-is-reborn.43869/page-5#post-374776
     
    Last edited: Jan 25, 2018
    PoloNes, thelonelycoder and joegreat like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    518
    joegreat and skeal like this.
  4. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,472
    Oh I like this!! Sure would like a auto install but if not possible a manual config would sure be nice guys!
     
  5. Protik

    Protik Regular Contributor

    Joined:
    Oct 31, 2017
    Messages:
    172
    Location:
    /boot
    For a novice user like me, some instruction on installation and usage would be really useful.
     
    Chris313AllNight likes this.
  6. StefanoN

    StefanoN Occasional Visitor

    Joined:
    Dec 31, 2017
    Messages:
    17
    Hi
    Also for me, thanks :)
     
  7. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    282
    Do you mind sharing what steps you've taken to get it working? I get a fatal error when launching it:

    Code:
    ./dnscrypt-proxy
    [2018-01-13 16:26:17] [-] [NOTICE] [2.dnscrypt-cert.resolver2.dnscrypt.eu.] Valid cert found: [d616d26809d229a79457de073de8ebd83c24bff32bf7b406108b44da51fe3711]
    [2018-01-13 16:26:17] [-] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
    
    What I did so far:

    • downloaded the precompiled binary
    • created a directory /etc/dnscrypt-proxy <-- useless, see post below
    • extracted the contents of the archive into that directory
    • changed permissions on the directory and its contents
    • made the binary executable
    • edited the .toml config file to use the closest dnscrypt server
    • tried to start dnscrypt-proxy
    ... which resulted in the error above.

    I checked whether dns filtering is disabled, which is true, so I don't know what's running at 127.0.0.1:53. Searched the web for info on how to figure it out, but could only find netstat parameters which don't work on our limited version of netstat. htop didn't show any info, as far as I can tell, of which process is using port 53 on my RT-AC68U. Some pointers in the right direction would be appreciated.
     
    Last edited: Jan 13, 2018
  8. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,472
    You script guys are awesome!!:D Keep up the good work. This is getting closer all the time!
     
  9. ryzhov_al

    ryzhov_al Very Senior Member

    Joined:
    Jul 23, 2012
    Messages:
    646
    Location:
    Russia
    New one is written in GO, which consumes too much resources on embedded systems:(
     
  10. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    282
    That's too bad :(

    Still curious how @XIII managed to get it running, as installing in /etc is not really an option. It's gone after a reboot and the precompiled binary quits if it's unable to find its config in /etc/dnscrypt-proxy.
     
  11. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,176
    Location:
    Switzerland
    /etc/dnscrypt-proxy is useless on the router, once rebooted that directory is gone.
     
    [email protected] likes this.
  12. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    use symlink to do that.
    u can install the script in your usb drive or jffs
    the symlink to /tmp/etc/dnscrypt-proxy
    eg. ln -s /jffs/dnscrypt-proxy /tmp/etc/dnscrypt-proxy
    same time may need to add the symlink command at user script in service-start
    and at wan-start, start the dnscrypt-proxy

    i think you may still need to set server=127.0.0.1#65052 in /jffs/configs/dnsmasq.conf.add

    do a reboot to try them.

    i have not try it. you try and tell me. lol

    by the way, there is already new commits for the dnscrypt-proxy v2. they change the directory requirement (/etc/dnscrypt-proxy) to same directory as dnscrypt-proxy (to find the dnscrypt-proxy.toml) See Link. Waiting for new compiled version. Unless someone know how to compile for us.
     
    Last edited: Jan 13, 2018
  13. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    282
    Thanks, I figured that out :D

    @DonnyJohnny Thanks for your assistance. I think I'll wait for the next pre-compiled version as well. As you can see, my knowledge is limited, but it was worth a try.
     
  14. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,249
    Location:
    Canada
    Great. Another programmer who uses a less efficient language just "because they can", and they think it's cool. Sigh.
     
  15. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,238
    Location:
    United Kingdom
    DNSCrypt can be installed via Option 2 in thelonelycoder’s AMTM

    https://www.ab-solution.info/amtm.html

    I don’t know if that extends to the new version, though; I’ve not used it - so far.
     
  16. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    282
    That's the old version of the installer by @bigeyes0x0, there's no installer (yet) for the rewritten DNSCrypt, if there will be any given the hunger for system resources as mentioned above by @ryzhov_al.
     
    martinr likes this.
  17. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    518
    There’s a command line option to use a different path for the configuration log file.

    I can’t try right now, but running the executable with —help might show it.

    Furthermore, I used port 65053 instead of 53 (which I already did for the old version).
     
  18. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,238
    Location:
    United Kingdom
    Having looked at the list of differences between the 2 versions, I imagine ther’s an argument even for giving the new version a quite.new name, too.
     
    skeal likes this.
  19. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    We still need to make dnsmasq listen to 127.0.0.1: port?
     
  20. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    518
    I use this in dnsmasq.conf.add:

    Code:
    no-resolv
    server=127.0.0.1#65053
     
  21. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    https://github.com/jedisct1/dnscrypt-proxy/releases
    Alpha 5 is out. Looks better with csv link included inside the log.

    I tested the alpha3 yesterday. Strangely only managed to use Cisco. The rest of the resolvers not working for me. I think it got something to do with dnssec validation. Hope this alpha5 works.

    Also, yes, this GoLang version used more resources. But given the features it offers sound attractive. Let’s see how it go.

    Question...
    I used to be able to see the dnscrypt-proxy log. Like recieving cert and proxying to... now these I can’t see the log in syslog. Anyone know why?
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!