What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

After many hours of struggle and reading these forums until it has almost driven me mad I am now seeking help from anyone able to do so. I have an Asus AC-88U running the Merlin v382.1 firmware. My WAN DNS settings are 84.200.69.80 and 84.200.70.40. IPv6 and dns filtering are both off. I have successfully installed DNScrypt and configured to handle all dns queries with two cryptostorm servers, 212.83.175.31 and 213.163.64.208.

When I check for leaks on ipleak.net the response I get can include anywhere between one and all four of the name servers given above, often it is just two, one of the dnscrypt servers and one of the WAN servers.

Running the command “pidof dnscrypt-proxy” returns two three digit numbers which, as I understand it confirms that dnscrypt is working. If I now run some cat commands I get the following

Code:
cat / etc /resolv.conf
nameserver 127.0.0.1

Code:
cat / etc /resolv.dnsmasq
dhcp-host=D0:E1:40:8E:3E:B2,192.168.1.20
dhcp-host=00:17:F2:01:2F:95,192.168.1.13
dhcp-host=2C:F0:A2:07:CE:DE,192.168.1.12
dhcp-host=00:CD:FE:86:D5:86,192.168.1.11
dhcp-host=E0:B9:BA:43:C9:C9,192.168.1.10
dhcp-host=FC:15:B4:35:76:39,192.168.1.9
dhcp-host=D0:03:4B:07:17:67,192.168.1.7
dhcp-host=00:1A:62:03:ED:B5,192.168.1.5
dhcp-host=10:DD:B1:E6:DF:E9,192.168.1.4
dhcp-host=DC:A9:04:81:46:D3,192.168.1.3
quiet-dhcp
quiet-dhcp6
no-resolv
server=127.0.0.1#65053
server=127.0.0.1#65054

Code:
cat / tmp /resolv.conf
nameserver 84.200.69.80
nameserver 84.200.70.40

Code:
cat / tmp /resolv.dnsmasq
server=84.200.69.80
server=84.200.70.40

Now, my understanding is that these two files in tmp should be empty and indeed if I manually edit them to remove the servers ipleak returns the correct servers and only the correct servers, but unfortunately my edit isn’t persistent.

So, please help!!!!

I'm running into the same issue. Never happened to me prior to 382 firmware, so I might just go back to 380 until this is fixed.
 
Thanks for letting me know that I am not alone in this.

After going back to 380.69 the DNS leaking stopped for me. Not sure why using the DNSCrypt installer script with the 382.2_alpha2 build results in leaky DNS.

Test system: RT-AC68U
DNS Leak Test Sites: GRC or DNSLeakTest

@Nairda in my working config, I don't seem to have a resolv.dnsmasq file. Maybe deleting that file will fix the leaking.
 
Last edited:
I tried the script on my 68u with 382.2_alpha2 and didn't seem to have any effect. The dns test always returned the dns servers configured on the wan page, regardless which servers I configured through the script, so I removed it. This script seems to be incompatible with the 382 series at the moment.
 
Merlin described some 382 dnsmasq configuration changes in another post. Based on those changes, the installer is going to need to be updated to support 382 code.
 
I can report that if you have dnscrypt installed before updating to 382.2 alpha you will be ok. IPleak.net gave me a passing grade.
 
Hello,

I have a quick question... I'm using the script and everything is working fine. But I will like to know if its possible to force some of my local IP's to use the 2nd DNS that I choose during the DNSCrypt setup script. For exemple all my IP's will use the OpenDNS regular and my kids computer will use the OPENDNS Family ....

I'M sure its probaly easy to do but i just dont know where to start

Thanks

Is it possible to use DNScrypt with Google SafeSearch?

https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch

Someone can help.
 
Last edited:
how do uninstall it?
The uninstall instructions leave a bunch of dead references in /jffs/scripts/ files.
After removing the /jffs/dnscrypt folder, also check every /jffs/scripts/ file and remove lines starting with:
Code:
[ -x /jffs/dnscrypt/manager ] ...
 
There seems to be a problem with the order of things run/services starting.

Initial setup works fine for me. But after a few restarts I start running into issues.

The short version:
It seems that the proxy is being blocked from starting because other services have not finished starting up. The other services can not start up because they are trying to contact the internet via DNS names and they cant not do this because the proxy is not up. Thus the router comes up but you can only go places by IP.

My guess is the firewall rules go into effect to redirect all DNS queries to the proxy before the proxy is running. I will have to do some more poking to find out if this is actually the issue.

Yeah running into situations where sometimes it works fine on reboot (like before I went to bed last night) and most times it dosent (when it did a scheduled restart at 4AM). I'll do a log and config dump when I get home as I cant VPM in from work.
 
Last edited:
FYI: The Maintainer has fixed the changed URL in the code, use install command from post #1 or use amtm 1.0.
 
Last edited:
Do you plan to support the RT-AC86U?

This model reports the architecture arch64; not armv7 or mips...

(I might learn something new here)
 
I just installed this on my AC86U by downloading the script in terminal using
curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer and then edited line starting around row 316 from
Code:
case $(uname -m) in
  armv7l)
    URL_ARCH=$URL_ARCH/armv7
    echo -e "$INFO Detected ARM architecture."
    ;;
to
Code:
case $(uname -m) in
  aarch64)
    URL_ARCH=$URL_ARCH/aarch64
    echo -e "$INFO Detected ARM architecture."
    ;;

I assume its working correct this way :)
 
@steef84: I tried that before posting my question, but the binaries did not execute.

However I’m now not sure whether I replaced both occurrences of armv7...
 
@steef84: I tried that before posting my question, but the binaries did not execute.

However I’m now not sure whether I replaced both occurrences of armv7...
There are only two branches: armv7 and mips. Therefore, only change the first occurance, which is true for that case statement for 86U routers:
Only change:
armv7l)
to
aarch64)
Code:
case $(uname -m) in
  aarch64)
    URL_ARCH=$URL_ARCH/armv7
    echo -e "$INFO Detected ARM architecture."
    ;;
 
Last edited:
After updating my 68u to 382 beta 2, https://www.perfect-privacy.com finds dns servers from dnscrypt but also dns servers from wan settings. Before, on 380 branch, it can find only dnscrypt one's. Do you know if an update is already planned, or do you need some logs/dump ?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top