1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Release] dnscrypt installer for asuswrt

Discussion in 'Asuswrt-Merlin' started by bigeyes0x0, Dec 3, 2016.

Tags:
  1. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    So to solve all the problems with installing dnscrypt with entware (or similar) then setting up various scripts to handle dnscrypt-proxy starting up including the ntp issue, I made my own installer for dnscrypt-proxy.

    Requirements:
    - ARM or MIPSEL based ASUS routers
    - asuswrt-merlin firmwares or compatible
    - jffs support and script enabled

    Incompatibilities:
    - No known issue

    Current features:
    - dnscrypt-proxy version 2 with DoH and DNSCrypt version 2 protocols, multiple resolvers, and other features
    - Running as nobody through nonroot binary (using --user requires change to passwd)
    - Support ARM and MIPSEL based routers
    - Support OpenDNS dynamic IP update by entering your OpenDNS account information
    - Handling ntp update at router boot up by starting dnscrypt-proxy with cert_ignore_timestamp option
    - Redirect all DNS queries on your network to dnscrypt if user chooses to
    - Install haveged/rngd for better speed with dnscrypt and other cryptographic applications
    - Support various HW RNG such as TrueRNG (tested with v3), TrueRNGpro, OneRNG, EntropyKey
    - Ability to setup a swap file
    - Ability to setup timezone file (/etc/localtime) used by dnscrypt-proxy and other apps
    - Ability to reconfigure dnscrypt-proxy without reinstalling unlike previous installer for dnscrypt-proxy version 1.x.x

    Changelog:
    https://github.com/thuantran/dnscrypt-asuswrt-installer/commits/master

    Install/Update/Reconfig/Uninstall:
    Run this command from ssh shell and following the prompt for dnscrypt-proxy version 2:
    Code:
    curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer
    User can safely update from dnscrypt-proxy version 1 to version 2 with above command.

    If you want to use dnscrypt-proxy version 1, run this command:
    Code:
    curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/dnscrypt-proxy-v1/installer && sh installer dnscrypt-proxy-v1; rm installer

    How to check if it works

    If you use OpenDNS, run this command on Windows cmd
    Code:
    nslookup -type=txt debug.opendns.com
    You should see something like
    Code:
    "dnscrypt enabled (717473654A614970)"
    in result.
    Otherwise running this command:
    Code:
    pidof dnscrypt-proxy
    will return a number.

    How to report issue:
    I need following directory and files:
    Code:
    /jffs/dnscrypt
    /jffs/scripts/dnsmasq.postconf
    /jffs/scripts/firewall-start
    /jffs/scripts/wan-start
    One can use this command to create a tar archive of these files:
    Code:
    echo .config > exclude-files; tar -cvf dnscrypt.tar -X exclude-files /jffs/dnscrypt /jffs/scripts/dnsmasq.postconf /jffs/scripts/firewall-start /jffs/scripts/wan-start ; rm exclude-files
    in current directory and send me the archive for debug.

    I also need follwoing information:
    - Which dns server you selected during dnscrypt installtion
    - Which router you're using
    - Firmware and its version

    How I made this:
    - Use dnscrypt-proxy binary packages from https://github.com/jedisct1/dnscrypt-proxy
    - Compiling and stripping required binaries using firmware building toolchain from asuswrt-merlin
    - Write the installer script with stuffs inspired from entware-setup.sh from asuswrt-merlin
    - You can look at all the stuffs here https://github.com/thuantran/dnscrypt-asuswrt-installer
     
    Last edited: Apr 27, 2018
    SMS786, Sicario, blueshark and 18 others like this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,479
    Location:
    Switzerland
    A warning to AB-Solution users: This would break your installation as it replaces /jffs/scripts/dnsmasq.postconf
    If you use pixelserve-tls, it will add (according to the script) some entries to /jffs/scripts/wan-start


    Edit: @bigeyes0x0 made changes to the installer, I can confirm this is working seamlessly with AB-Solution 3 and the addon pixelserv-tls (ps).
    Thanks bigeyes0x0!
     
    Last edited: Dec 3, 2016
    Wisiwyg, Quoc Huynh and sentinelvdx like this.
  4. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    Thanks for the heads up, added incompatibilities section.
     
  5. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,479
    Location:
    Switzerland
    I do my best I can with AB to not simply replace an existing file in jffs.
    I would hope that others start to do the same. Append the file instead of replacing it.
    Build in some checks if your content is there. Think about non technical users that use this 'as is' and start coding from there.
    Thanks.
     
  6. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    I know because I made this for these non technical users specifically. This is why it's in TODO and the thing is BETA now. Will work on this first.

    This release is meant for those that can live with BETA as I want to know that at least for the current feature set, it does work.
     
  7. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,479
    Location:
    Switzerland
    My comprehensive jffs check is the write_jffsfile() function starting on line 1552 in ab-solution.sh...
    It won't work for you, but will get you an idea how serious I take it.
     
  8. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    I can understand that without even looking at your code that's why it's in my TODO originally and this is BETA as I said before. In any case, as you pushed it rather hard, I've done it https://github.com/thuantran/dnscry...mmit/dc94c7229445c49f07a5a11e3c774c71dfbf6ba2
     
    thelonelycoder likes this.
  9. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,479
    Location:
    Switzerland
    It's just to ensure my sanity, as the complaints would land in my threads.
    Also, AB-Solution is installed on a lot of routers, something to consider for anyone coding an automated installer.
     
    Last edited: Dec 3, 2016
    tomsk and joegreat like this.
  10. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,479
    Location:
    Switzerland
    @bigeyes0x0 made changes to the installer, I can confirm this is working seamlessly with AB-Solution 3 and the addon pixelserv-tls (ps).
    Thanks bigeyes0x0!
     
  11. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    Well lots of changes have been made internally. Externally now it does not quit after a single wrong input during prompts and you can also select to redirect all your DNS queries on your network to go through dnscrypt regardless of client config.
     
  12. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    561
    Thanks, seems to be installed and working fine for me (now I put the right password in the OpenDNS section)
     
  13. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    MIPSEL support added but I can't test this as I don't have a router with MIPSEL chipset, appreciate if someone can test this and tell me the result.
     
    Last edited: Dec 4, 2016
  14. RacerRon

    RacerRon Occasional Visitor

    Joined:
    Feb 19, 2013
    Messages:
    46
    This is working great on my ac88u. I put in my OpenDNS username and pass during install but ip has not changed yet to see if it updates. Tested Dnscrypt function from a network connected windows machine with

    nslookup -type=txt debug.opendns.com

    The bottom line says all is well. Thank you for the simple install.

    Sent from my Nexus 5X using Tapatalk
     
    joegreat likes this.
  15. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    Thanks for the info, even if your IP hasn't changed you can check your router log to see if it's working or not. For example, a complete log showing the script is working here:
    Code:
    Dec  4 14:33:09 admin: OpenDNS: Update IP succeeded
    Dec  4 14:33:09 admin: dnscrypt-proxy started
    Dec  4 14:33:10 rc_service: service 756:notify_rc restart_dnsmasq
    Dec  4 14:33:10 dnsmasq[452]: exiting on receipt of SIGTERM
    Dec  4 14:33:10 custom script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
    Dec  4 14:33:10 dnsmasq[1009]: started, version 2.76 cachesize 1500
    ...
    Dec  4 14:33:10 dnsmasq[1009]: using nameserver 127.0.0.1#65053
    For OpenDNS IP update, it's the first line if it's successful. For dnsmasq with dnscrypt-proxy it's the last line.
     
  16. RacerRon

    RacerRon Occasional Visitor

    Joined:
    Feb 19, 2013
    Messages:
    46
    I have a silly question. By adding my DynDNS account login during the install, when my dynamic IP changes , will it auto update with DynDNS ? Or will the update only happen on router boot ?

    Sent from my Nexus 5X using Tapatalk
     
  17. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    @RacerRon it does as it hooks to wan-start.
     
  18. RacerRon

    RacerRon Occasional Visitor

    Joined:
    Feb 19, 2013
    Messages:
    46
    So the update will only happen on router boot right ?

    Sent from my Nexus 5X using Tapatalk
     
  19. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,650
    Location:
    United States
    No, any time your WAN address changes.
     
  20. bigeyes0x0

    bigeyes0x0 Senior Member

    Joined:
    Sep 9, 2015
    Messages:
    218
    No, it will update automatically after every new wan connection established, as that's my plan.

    For my PPPoE connection that means every time I lost connection to ISP and reconnect. I don't know about those on cables in the US with DHCP connection, would appreciate a test but I do have an idea how to fix it if it's an issue.
     
  21. RacerRon

    RacerRon Occasional Visitor

    Joined:
    Feb 19, 2013
    Messages:
    46
    Ok cool....I am at work now but will be home soon and suspect my ip did change based on stats page on DynDNS.... It appears that stats stopped updating a little bit ago so, I will check when I get home in an hour or so. Thanks.

    Sent from my Nexus 5X using Tapatalk
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!