What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Is there a reason why there isn't the second opendns server ? (208.67.222.222) I can't do failover from
208.67.220.220 to 208.67.222.222.. :/
The DNSCrypt folks publish the list of available servers, so you'd have to ask them. But I suspect that OpenDNS is big enough to support load balancing/failover on their end so a second server isn't necessary.
 
As I'm having problem with MIPS based router, for now the script switches to use entware-ng dnscrypt-proxy binaries.

I don't think that's required because there's nothing to config there at least from my setup used here in the script.

@bigeyes0x0,

There's quite a few options to configure in the dnscrypt-proxy.conf file.​

 
For what the OP is doing as an 'addon' it's easier to use the command line options. AFAIK there isn't a config file option that isn't also available via the command line (do a dnscypt-proxy -h)

That being said, it made sense for me to move to the config file on my LTS fork so I could support the Merlin options of postconf and conf.add for users.
 
The DNSCrypt folks publish the list of available servers, so you'd have to ask them. But I suspect that OpenDNS is big enough to support load balancing/failover on their end so a second server isn't necessary.

They don't need to have a 2nd one because it's an anycast server with IP will auto route you to the nearest available server.
 
Lots of change recently but here goes:
- Add (P)RNG support to the package you can either install a standalone RNG or install both dnscrypt-proxy with a RNG -> IOW lots of new binaries and revised installer script
- MIPS support hopefully works ok now, thanks to @john9527 for the testing

I bought a HWRNG and it's shipping to me, if I can make it works, support for HWRNG for this script will be added as well.
 
getrandom() is the correct way to get random data on Linux now and it's exactly how it should be done so he's right there.

For haveged, he's only against it on VM which I do have the same opinion, running on our router is ok and I have seen that our devices entropy is depleted really fast. This is why I added haveged, not just for dnscrypt-proxy. rngd is added more for HWRNG as I have bought one to tinker with.
 
What does the abbreviation "HWRNG" mean?
 
Stab-in-the-dark, but I would say 'Hardware Random Number Generator. :)'
 
I tried using your script and everything seems to have installed fine but for whatever reason, DNS is not encrypted after rebooting:
dig txt debug.opendns.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt debug.opendns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1817
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; AUTHORITY SECTION:
opendns.com. 83668 IN SOA auth1.opendns.com. noc.opendns.com. 1494024416 16384 2048 1048576 2560

;; Query time: 15 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon May 08 01:51:00 EDT 2017
;; MSG SIZE rcvd: 92


I confirmed the process is running:
admin@RT-AC3100-AC28:/tmp/home/root# pidof dnscrypt-proxy
929 925

admin@RT-AC3100-AC28:/tmp/home/root# ps | grep dns
447 admin 6496 S /jffs/dnscrypt/haveged -w1024 -v1
548 nobody 1248 S dnsmasq --log-async
925 nobody 1260 S /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -
929 nobody 1260 S /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65054 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -
4205 admin 1396 R grep dns

I'm running version 380.65_4. I picked 4) bn-ca0-ipv6: "Babylon Network Canada 0 (IPv6)","Non-logging and 3) bn-ca0: "Babylon Network Canada 0","Non-logging for second one. Any idea what I should try to get it to work?

Here are the configuration files that were created:
https://mega.nz/#!ldRQTZQD!rOkhs1E3O_zFFrsctBO2Ys5TJZMK-O-9H4mO6CSMsN8
 
Last edited:
Going to remove the entware provided fake-hwclock and dnscrypt-proxy and give yours a go.

Do I need to back anything up prior to install? I notice that your installer makes changes to init-start and services-stop, so presumably I'll need to put my changes back in after?
 
@Jack Yaz You can just opkg remove these then run my script, it will take care of everything. You don't need to backup anything as my script will take care of only inserting my changes and not modify anything in your script. As long as you don't have anything in conflict with my script settings, it should work.

@unrealdude24 Try "dig @<router ip> txt debug.opendns.com" e.g. on mine

dig @192.168.1.1 txt debug.opendns.com

; <<>> DiG 9.3.2 <<>> @192.168.1.1 txt debug.opendns.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 829
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; ANSWER SECTION:
debug.opendns.com. 0 IN TXT "server m9.hkg"
debug.opendns.com. 0 IN TXT "flags 20 0 8050 3950000000000000000"
debug.opendns.com. 0 IN TXT "originid 58341226"
debug.opendns.com. 0 IN TXT "actype 2"
debug.opendns.com. 0 IN TXT "bundle 9195798"
debug.opendns.com. 0 IN TXT "source 14.187.221.19:36296"
debug.opendns.com. 0 IN TXT "dnscrypt enabled (713156774457306E)"

;; Query time: 40 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 08 20:54:32 2017
;; MSG SIZE rcvd: 285

If it returns correctly check your device dns client settings.
 
Just added HW RNG support such as the TrueRNG, TrueRNGpro, OneRNG, EntropyKey to my script. I tested with TrueRNG v3 BTW and it's working on my side. During the installation if you select like I did here you should see:

Info: Install a (P)RNG for better cryptographic operations
Info: Available random number generator providers:
1) HAVEGED (Preferred if you do not have a HW RNG)
2) RNGD (Preferred if you have a HW RNG)
Info: If you choose a HW RNG, please have it plugged in now before
Info: proceeding with your selection.
=> Please enter the number designates your selection: 2
Info: rngd is up to date. Skipping...
Info: stty is up to date. Skipping...
Info: init-start is up to date. Skipping...
Info: services-stop is up to date. Skipping...
Info: Found TrueRNG USB HW RNG
Info: init-start file already configured
Info: services-stop file already configured
 
@Jack Yaz You can just opkg remove these then run my script, it will take care of everything. You don't need to backup anything as my script will take care of only inserting my changes and not modify anything in your script. As long as you don't have anything in conflict with my script settings, it should work.

@unrealdude24 Try "dig @<router ip> txt debug.opendns.com" e.g. on mine

dig @192.168.1.1 txt debug.opendns.com

; <<>> DiG 9.3.2 <<>> @192.168.1.1 txt debug.opendns.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 829
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; ANSWER SECTION:
debug.opendns.com. 0 IN TXT "server m9.hkg"
debug.opendns.com. 0 IN TXT "flags 20 0 8050 3950000000000000000"
debug.opendns.com. 0 IN TXT "originid 58341226"
debug.opendns.com. 0 IN TXT "actype 2"
debug.opendns.com. 0 IN TXT "bundle 9195798"
debug.opendns.com. 0 IN TXT "source 14.187.221.19:36296"
debug.opendns.com. 0 IN TXT "dnscrypt enabled (713156774457306E)"

;; Query time: 40 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 08 20:54:32 2017
;; MSG SIZE rcvd: 285

If it returns correctly check your device dns client settings.


I tried it, I'm not getting the same response as you. I'll try doing another reboot:
dig @192.168.2.1 txt debug.opendns.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.2.1 txt debug.opendns.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32263
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com. IN TXT

;; AUTHORITY SECTION:
opendns.com. 85178 IN SOA auth1.opendns.com. noc.opendns.com. 1494293814 16384 2048 1048576 2560

;; Query time: 18 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue May 09 00:29:14 EDT 2017
;; MSG SIZE rcvd: 92
 
@unrealdude24 I forgot one little thing: you didn't setup this script to use opendns thus running this command won't return the same output as mine.

You can either reinstall using opendns and test again or you can test if it kills your internet by killing dnscrypt-proxy processes running on your router by ssh to your router and run this command: killall dnscrypt-proxy . After confirming that your internet is not working (DNS not able to resolve) restart your router, everything will work normally then.
 
This script stopped pages fully loading, they'd load 95% and then sit with spinning icon in chrome. Removing and reinstalling entware packages the issue was gone
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top