What's new

DNSCrypt-Proxy version 2 and STUBBY add-ons for R7800/R9000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yupp, saw that one too. Hard to control, I just dread the day when devices are hardcoded to use it and bypass my dns-proxy... even worse in an enterprise environment. :(

Good luck trying to protect your family by using a service like OpenDNS if clients like web browsers start bypassing your network configuration by going to hardcoded resolvers.

And also the fact that this will just fragment the market, when what the market needs is a clear, united target. That's what DoT was intended to provide, as it was the only one backed by the IETF... until now. And a technique like my DNSFIlter feature won't work there, since they are reusing port 443 for resolution purposes.

It's a very short-sighted solution.
 
I'm on version V1.0.2.61SF of Voxel and trying to get stubby going I get the following errors:

/etc/init.d/stubby
/etc/rc.common: shift: 14: can't shift that many

/etc/init.d/stubby start
Stubby is not enabled in nvram. Exit.

Also after enabling stubby via /etc/init.d/stubby enable and rebooting router, stubby doesn't seem to be running. No log file in /var/log/.
 
nvram get stubby does not return anything in the console.

I followed the instructions here: https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/readme.txt

I don't see anywhere in there where it talks about nvram and stubby. The note at the top states: NOTE: it is included into firmware since 1.0.2.61SF and that's the version of the firmware I'm on. I didn't do any of the package installations because all the packages were already installed. I verified by running the opkg list-installed command.
 
Start here by looking in the forum thread.
If you use Voxel's FW I think it's fair to give it a "like" as well - at least.

https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-61sf.49358/

Good luck and hope you get Stubby working now. But beware it's an add-on, not Voxels code.

nvram get stubby does not return anything in the console.

I followed the instructions here: https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/readme.txt

I don't see anywhere in there where it talks about nvram and stubby. The note at the top states: NOTE: it is included into firmware since 1.0.2.61SF and that's the version of the firmware I'm on. I didn't do any of the package installations because all the packages were already installed. I verified by running the opkg list-installed command.
 
I am using dnscrypt-proxy since stubby is not supporting blacklisting and noticed that after some time name resolution stops working. If anybody will face similar issue here is the remedy to be placed in /etc/rc.local file:
Code:
t=$(while true; do T=$(logger "DNSCrypt service validation";ping -c2 -q 1.1.1.1 && nslookup google.com || (/etc/init.d/dnscrypt-proxy-2 restart; logger "dnscrypt service restarted")); sleep 60; done) &
 
Last edited:
hello. does anyone know why am getting the error message cant load library 'libunbound.so.2' when viewing /var/log/stubby.log? i was learning/experimenting how to install stubby etc. I also reset router back to factory defaults with the same issues. any info will help this noob, thanks.






etCQxpzpiLb5LeDW9
 
Last edited:
hello. does anyone know why am getting the error message cant load library 'libunbound.so.2' when viewing /var/log/stubby.log? i was learning/experimenting how to install stubby etc. I also reset router back to factory defaults with the same issues. any info will help this noob, thanks.
What version of firmware do you use? My 1.0.2.61SF has stubby/unbound etc already included into firmware. So no necessity to install it (not this thread).

Voxel.
 
What version of firmware do you use? My 1.0.2.61SF has stubby/unbound etc already included into firmware. So no necessity to install it (not this thread).

Voxel.

1.0.2.61SF is my current firmware. I will admit that i rushed into trying to install the stubby packages on their own, not realizing that you already had them installed into the firmware, whoops. Thank you for your help
 
i was able to get stubby working again by force downgrading libunbound_1.7.3-6_ipq806x.ipk. This removed the linbunbound.so.2 error i was having, maybe this info will help others one day.
 
i was able to get stubby working again by force downgrading libunbound_1.7.3-6_ipq806x.ipk. This removed the linbunbound.so.2 error i was having, maybe this info will help others one day.
Most proper way in your case would be:

1. Backup your settings.
2. Reset your router.
3. Restore your setting from backup.
4. Perform:

https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-61sf.49358/ :
enable stubby run the commands from telnet/ssh console:
nvram set stubby=1
nvram commit
and reboot your router; to disable stubby run the commands from telnet/ssh console:
nvram set stubby=0
nvram commit

and reboot your router.

libunbound_1.7.3-6_ipq806x.ipk is previous version of linunbound (61SF includes newer version).

Voxel.
 
Info for R7800 users of DNSCrypt-Proxy v2:

New version is available (2.0.18). Similar installation.

Code:
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk
/bin/opkg install dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk

but totally different implementation. Also: cloudflare and some other Scandinavian servers are enabled by default.

Release notes:

  • Official builds now support TLS 1.3.
  • The timeout for the initial connectivity check can now be set from the command line.
  • An Accept: header is now always sent with GET queries.
  • BOMs are now ignored in configuration files.
  • In addition to SOCKS, HTTP and HTTPS proxies are now supported for DoH servers.

P.S.

kamoj : it should be useful for you ;).

Voxel.
 
Might be just coincidence but after upgrade of DNSCrypt to 2.0.18 my router started to disconnect WiFi frequently (similar frequency to stock .60 FW). For now I've rolled back to 2.0.16.

Info for R7800 users of DNSCrypt-Proxy v2:

New version is available (2.0.18). Similar installation.

Code:
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk
/bin/opkg install dnscrypt-proxy-2_2.0.18-1_ipq806x.ipk

but totally different implementation. Also: cloudflare and some other Scandinavian servers are enabled by default.

Release notes:

  • Official builds now support TLS 1.3.
  • The timeout for the initial connectivity check can now be set from the command line.
  • An Accept: header is now always sent with GET queries.
  • BOMs are now ignored in configuration files.
  • In addition to SOCKS, HTTP and HTTPS proxies are now supported for DoH servers.

P.S.

kamoj : it should be useful for you ;).

Voxel.
 
Seams it was coincidence. I have uninstalled DNSCrypt 1, upgraded to 2.0.18 and with the same config file I tested previously now it works fine. So red herring.

Might be just coincidence but after upgrade of DNSCrypt to 2.0.18 my router started to disconnect WiFi frequently (similar frequency to stock .60 FW). For now I've rolled back to 2.0.16.
 
Following instructions from the first post, I can download but when I try to install the package I receive the following error. I reset the router to default and imported my settings. I read the thread but did not find a reference to my situation maybe I missed it?

root@R9000:/$ /bin/opkg install dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk
Unknown package 'dnscrypt-proxy-2'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for dnscrypt-proxy-2 found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package dnscrypt-proxy-2.


Thank you
 
Update: Went to actual Voxel site and noticed under the R9000 a newer package I downloaded and installed successfully.
 
Update: Went to actual Voxel site and noticed under the R9000 a newer package I downloaded and installed successfully.
If you are using latest version of my firmware then dnscrypt proxy 2.0.19 (latest) is already included into firmware. No any needs to install it manually. See my notes (latest firmware thread) re: how to enable it.

It is better to remove your attempts of installation and to use latest firmware with included stubby/dnscrypt-proxy-2

Voxel.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top