DNScrypt Dnscrypt Proxy Installer For Asuswrt-Merlin late 2023 Releases

[SomeWhereOverTheRainBow]

I have done some updates for Dnscrypt-Proxy installer and its auxiliary files.

Release v2.5.1:

What's Changed​

• Reformatted script and auxiliary files.
• Added ssh terminal command line quick options.( e.g. sh installer {master|dev} {install|update|uninstall|set|unset|BACKUP|RESTORE})

Full Changelog: v2.5.0...v2.5.1

Release v2.5.2:

What's Changed​

• Tidy up the installation/update/backup features.
• Fix minor syntax error.

Full Changelog: v2.5.1...v2.5.2

Please utilize the backup feature before making the switch. There are alot of moving parts when it comes to Dnscrypt-Proxy - I highly recommend always keeping a backup.

curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer master update

 

[Zastoff]

Updated to 2.5.2 and configured a Anonymized DNSCrypt / ODoH setup
All good here
Thanks @SomeWhereOverTheRainBow

 

[Twiglets]

FYI:

I have finally resolved an annoying quirk of dnscrypt-proxy.
If you set a log file in the 'dnscrypt-proxy.toml' file it would never work !!!

log_file = '/mnt/MyRouterUSB/dnscrypt-proxy.log'

## Use the system logger (syslog on Unix, Event Log on Windows)

use_syslog = false

If you look at the manager script in '/jffs/dnscrypt' the '-syslog' flag is hard coded into the startup function:

start_dnscrypt_proxy() {
    ...
    DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
    ...
    }

The '-syslog' flag should be set conditional on the 'use_syslog = true' setting in the 'dnscrypt-proxy.toml' file.

 

[SomeWhereOverTheRainBow]

FYI:

I have finally resolved an annoying quirk of dnscrypt-proxy.
If you set a log file in the 'dnscrypt-proxy.toml' file it would never work !!!

log_file = '/mnt/MyRouterUSB/dnscrypt-proxy.log'

## Use the system logger (syslog on Unix, Event Log on Windows)

use_syslog = false

If you look at the manager script in '/jffs/dnscrypt' the '-syslog' flag is hard coded into the startup function:

start_dnscrypt_proxy() {
    ...
    DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy -syslog -config /jffs/dnscrypt/dnscrypt-proxy.toml"
    ...
    }

The '-syslog' flag should be set conditional on the 'use_syslog = true' setting in the 'dnscrypt-proxy.toml' file.

Yea I am not having this issue in mine. I have always been able to let it run to syslog, or specify a log location. I typically specify a log location using the full path to the log file, otherwise I noticed mixed results. The "syslog" flag has always been hardcoded. It primarily only displays the Dnscrypt-Proxy starting information. Other logs such as query logs for example, have to be specified using a log path. Obviously you wouldn't want to flood syslog with queries, that would be crazy. Another factor to using the log path to specify the log file, You first have to initiate a log path by using the touch command.

e.g. touch /mnt/MyRouterUSB/dnscrypt-proxy.log before it will ever write to the file properly. Also, dnscrypt-proxy is very picky with permissions. If the correct permissions are not set, it does not behave as it should.

If you use Scribe as your signature suggests, you could always just setup a filter for dnscrypt-proxy if you are concerned about its entries being placed at a specific location. This will keep you from having to change the scripts defaults.

e.g. /opt/etc/syslog-ng.d/dnscrypt

# put dnscrypt messages into /mnt/MyRouterUSB/dnscrypt-proxy.log # or you could do /opt/var/log/dnscrypt-proxy.log

destination d_dnscrypt {
    file("/mnt/MyRouterUSB/dnscrypt-proxy.log"); # or you could do /opt/var/log/dnscrypt-proxy.log
};

filter f_dnscrypt {
    program("dnscrypt-proxy") or
    message("dnscrypt-proxy");
};

log {
    source(src);
    filter(f_dnscrypt);
    destination(d_dnscrypt);
    flags(final);
};

#eof

and /opt/etc/logrotate.d/dnscrypt

/mnt/MyRouterUSB/dnscrypt-proxy.log {  # or you could do /opt/var/log/dnscrypt-proxy.log
    minsize 1024k
    daily
    rotate 9
    postrotate
        /usr/bin/killall -HUP syslog-ng
    endscript
}

and set the permissions

chmod 600 /opt/etc/syslog-ng.d/dnscrypt /opt/etc/logrotate.d/dnscrypt

and restart scribe.

 

[Twiglets]

Thanks for the reply.

"The "syslog" flag has always been hardcoded."
I know, it has always not worked as I described. I never needed it unless I was 'trying out' settings' and wanted to capture the initial output for checking.
All the other specific logs as set in the various sections of the dnscrypt-proxy.toml file worked as expected, it was just that one general log file.

I did test the setting/unsetting of the '-syslog' flag and, for me, it blocks the output to the log file as set in the dnscrypt-proxy.toml file.

If no-one else has the problem .... fine

It did solve it for me !!!???

BTW:
Along the way, I did try 'touch' and setting permissions up to and including '777' [Wrong I know!!!] and it would not work.
This was on 'old' and 'newer' routers [AC and AX series].

Without the '-syslog' flag there is no need to 'touch' the log file and, in fact, it will create and use the log file even if you specifically delete/move an existing log file first !!!
(I added a line or two to 'manager' to move the existing log to a backup location each time it started, so as not to lose the data in the 'old' log file.)

 

[SomeWhereOverTheRainBow]

Thanks for the reply.

"The "syslog" flag has always been hardcoded."
I know, it has always not worked as I described. I never needed it unless I was 'trying out' settings' and wanted to capture the initial output for checking.
All the other specific logs as set in the various sections of the dnscrypt-proxy.toml file worked as expected, it was just that one general log file.

I did test the setting/unsetting of the '-syslog' flag and, for me, it blocks the output to the log file as set in the dnscrypt-proxy.toml file.

If no-one else has the problem .... fine

It did solve it for me !!!???

BTW:
Along the way, I did try 'touch' and setting permissions up to and including '777' [Wrong I know!!!] and it would not work.
This was on 'old' and 'newer' routers [AC and AX series].

Without the '-syslog' flag there is no need to 'touch' the log file and, in fact, it will create and use the log file even if you specifically delete/move an existing log file first !!!
(I added a line or two to 'manager' to move the existing log to a backup location each time it started, so as not to lose the data in the 'old' log file.)

Notice above, I also provided a method for using scribe integration. Idk of too many people who would want to set a "unique" log location, however keep in mind you will have to keep changing it every time you run updates because the installer will download a new copy of that file every time you update. That is one of the reasons I provided how to do it with scribe.

 

[Twiglets]

Thanks.
I do appreciate your scribe filter .... not knocking it as the best way to go !!!
This was only a problem when I was 'Trying things out' ..... I am an inveterate 'tweaker' .... when things work too 'well' for too long, I change something !!!

 

[SomeWhereOverTheRainBow]

I just pushed an update:

Release v2.5.3:

Here is the changeslog: https://github.com/thuantran/dnscrypt-asuswrt-installer/compare/v2.5.2...v2.5.3

Changes include:

• Improved network connection checking feature.
• Adjustable use of -syslog parameter as a start/stop arguement.
  • (Basically if someone enables one of the .toml file logging options, then Dnscrypt-Proxy no longer passes -syslog as an argument when starting dnscrypt-proxy. *** changes inspired by @Twiglets)
• Improvements to the installer and manager scripts syntax and readability.
• Add buy me a coffee option for donation support (for people who wish to donate, but don't use paypal).
• Improve installer quick launch options.

 

[zer0bitz]

I just reverted back from Adguard to DNSCrypt, but I was just wondering is it possible to use Anonymized DNS relays with this install? As I try to manually add servers to use, there is none Anonymized DNS relay options in the list.

Edit: found out already how to do it.