1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DNSCrypt-Proxy version 2 and STUBBY add-ons for R7800/R9000

Discussion in 'NETGEAR AC Wireless' started by Voxel, Aug 20, 2018.

Tags:
  1. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    33,282
    Location:
    Canada
    Good luck trying to protect your family by using a service like OpenDNS if clients like web browsers start bypassing your network configuration by going to hardcoded resolvers.

    And also the fact that this will just fragment the market, when what the market needs is a clear, united target. That's what DoT was intended to provide, as it was the only one backed by the IETF... until now. And a technique like my DNSFIlter feature won't work there, since they are reusing port 443 for resolution purposes.

    It's a very short-sighted solution.
     
    kamoj likes this.
  3. tlavarea

    tlavarea Occasional Visitor

    Joined:
    Nov 3, 2018
    Messages:
    19
    I'm on version V1.0.2.61SF of Voxel and trying to get stubby going I get the following errors:

    /etc/init.d/stubby
    /etc/rc.common: shift: 14: can't shift that many

    /etc/init.d/stubby start
    Stubby is not enabled in nvram. Exit.

    Also after enabling stubby via /etc/init.d/stubby enable and rebooting router, stubby doesn't seem to be running. No log file in /var/log/.
     
  4. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    828
    Thats a clear hint of what's wrong. Issue this command to verify if you have followed Voxel's instruction:
    Code:
    nvram get stubby
     
  5. tlavarea

    tlavarea Occasional Visitor

    Joined:
    Nov 3, 2018
    Messages:
    19
    nvram get stubby does not return anything in the console.

    I followed the instructions here: https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/readme.txt

    I don't see anywhere in there where it talks about nvram and stubby. The note at the top states: NOTE: it is included into firmware since 1.0.2.61SF and that's the version of the firmware I'm on. I didn't do any of the package installations because all the packages were already installed. I verified by running the opkg list-installed command.
     
  6. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    828
    Start here by looking in the forum thread.
    If you use Voxel's FW I think it's fair to give it a "like" as well - at least.

    https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-61sf.49358/

    Good luck and hope you get Stubby working now. But beware it's an add-on, not Voxels code.

     
    Voxel likes this.
  7. tlavarea

    tlavarea Occasional Visitor

    Joined:
    Nov 3, 2018
    Messages:
    19
    kamoj likes this.
  8. percy3

    percy3 Regular Contributor

    Joined:
    Sep 21, 2018
    Messages:
    115
    I am using dnscrypt-proxy since stubby is not supporting blacklisting and noticed that after some time name resolution stops working. If anybody will face similar issue here is the remedy to be placed in /etc/rc.local file:
    Code:
    t=$(while true; do T=$(logger "DNSCrypt service validation";ping -c2 -q 1.1.1.1 && nslookup google.com || (/etc/init.d/dnscrypt-proxy-2 restart; logger "dnscrypt service restarted")); sleep 60; done) &
     
    kc6108 and kamoj like this.
  9. Phoenix

    Phoenix Regular Contributor

    Joined:
    Jun 17, 2015
    Messages:
    140
    Last edited: Nov 12, 2018
  10. eevanskiteboards

    eevanskiteboards Occasional Visitor

    Joined:
    Nov 17, 2018
    Messages:
    46
    hello. does anyone know why am getting the error message cant load library 'libunbound.so.2' when viewing /var/log/stubby.log? i was learning/experimenting how to install stubby etc. I also reset router back to factory defaults with the same issues. any info will help this noob, thanks.






    [​IMG]
     
    Last edited: Nov 24, 2018
  11. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
    What version of firmware do you use? My 1.0.2.61SF has stubby/unbound etc already included into firmware. So no necessity to install it (not this thread).

    Voxel.
     
    kamoj likes this.
  12. eevanskiteboards

    eevanskiteboards Occasional Visitor

    Joined:
    Nov 17, 2018
    Messages:
    46
    1.0.2.61SF is my current firmware. I will admit that i rushed into trying to install the stubby packages on their own, not realizing that you already had them installed into the firmware, whoops. Thank you for your help
     
  13. eevanskiteboards

    eevanskiteboards Occasional Visitor

    Joined:
    Nov 17, 2018
    Messages:
    46
    i was able to get stubby working again by force downgrading libunbound_1.7.3-6_ipq806x.ipk. This removed the linbunbound.so.2 error i was having, maybe this info will help others one day.
     
  14. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
    Most proper way in your case would be:

    1. Backup your settings.
    2. Reset your router.
    3. Restore your setting from backup.
    4. Perform:

    https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-61sf.49358/ :
    enable stubby run the commands from telnet/ssh console:
    nvram set stubby=1
    nvram commit
    and reboot your router; to disable stubby run the commands from telnet/ssh console:
    nvram set stubby=0
    nvram commit

    and reboot your router.

    libunbound_1.7.3-6_ipq806x.ipk is previous version of linunbound (61SF includes newer version).

    Voxel.
     
    eevanskiteboards likes this.
  15. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
    Info for R7800 users of DNSCrypt-Proxy v2:

    New version is available (2.0.18). Similar installation.

    Code:
    wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk
    /bin/opkg install dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk
    
    but totally different implementation. Also: cloudflare and some other Scandinavian servers are enabled by default.

    Release notes:

    • Official builds now support TLS 1.3.
    • The timeout for the initial connectivity check can now be set from the command line.
    • An Accept: header is now always sent with GET queries.
    • BOMs are now ignored in configuration files.
    • In addition to SOCKS, HTTP and HTTPS proxies are now supported for DoH servers.

    P.S.

    kamoj : it should be useful for you ;).

    Voxel.
     
  16. percy3

    percy3 Regular Contributor

    Joined:
    Sep 21, 2018
    Messages:
    115
    Might be just coincidence but after upgrade of DNSCrypt to 2.0.18 my router started to disconnect WiFi frequently (similar frequency to stock .60 FW). For now I've rolled back to 2.0.16.

     
  17. percy3

    percy3 Regular Contributor

    Joined:
    Sep 21, 2018
    Messages:
    115
    Seams it was coincidence. I have uninstalled DNSCrypt 1, upgraded to 2.0.18 and with the same config file I tested previously now it works fine. So red herring.

     
  18. marka2k

    marka2k Occasional Visitor

    Joined:
    Jan 10, 2019
    Messages:
    16
    Following instructions from the first post, I can download but when I try to install the package I receive the following error. I reset the router to default and imported my settings. I read the thread but did not find a reference to my situation maybe I missed it?

    [email protected]:/$ /bin/opkg install dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk
    Unknown package 'dnscrypt-proxy-2'.
    Collected errors:
    * pkg_hash_fetch_best_installation_candidate: Packages for dnscrypt-proxy-2 found, but incompatible with the architectures configured
    * opkg_install_cmd: Cannot install package dnscrypt-proxy-2.


    Thank you
     
  19. marka2k

    marka2k Occasional Visitor

    Joined:
    Jan 10, 2019
    Messages:
    16
    Update: Went to actual Voxel site and noticed under the R9000 a newer package I downloaded and installed successfully.
     
  20. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
    If you are using latest version of my firmware then dnscrypt proxy 2.0.19 (latest) is already included into firmware. No any needs to install it manually. See my notes (latest firmware thread) re: how to enable it.

    It is better to remove your attempts of installation and to use latest firmware with included stubby/dnscrypt-proxy-2

    Voxel.
     
    kamoj likes this.