Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[Release] dnscrypt installer for asuswrt

Discussion in 'Asuswrt-Merlin' started by bigeyes0x0, Dec 3, 2016.

Tags:
  1. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,979
    Location:
    United States
    Thanks for giving it a try. I'll take a look at the 2.6.27 commits and see if I can get those ported (but it will take a couple of days).
     
    underdose, dcguru and skeal like this.
  2. Ashish Gupta

    Ashish Gupta Occasional Visitor

    Joined:
    Jan 28, 2018
    Messages:
    12
    I just reset my router (68u) and upgraded the firmware to 384.3beta3
    On reinstalling dnscrypt2 I am getting the following error during installation ( highlighted ). Dnscrypt process isn't starting ( pidof / top don't show dnscrypt-proxy )

    JFFS custom scripts are enabled.

    Thanks

    upload_2018-2-14_1-54-38.png

    upload_2018-2-14_1-53-37.png
     
  3. Goobi

    Goobi Regular Contributor

    Joined:
    Dec 3, 2015
    Messages:
    60
    Hi Community,

    I used OpenDNS for content filtering. However, when I enable dnscrypt filtering no longer works. I got a few of questions:

    1. Does opendns content filtering work with dnscrypt?

    2. Is there a specific set of resolvers that work with opendns content filtering?

    3. For 2, how can I point dnscrypt to use one of those servers?

    Thanks in advance.
     
  4. bigeyes0x0

    bigeyes0x0 Regular Contributor

    Joined:
    Sep 9, 2015
    Messages:
    194
    Please copy paste and use code block to include the log, I can't see much at all. Anyway still see the error when you select no for OpenDNS account, that's fixed.

    @Goobi: I don't use OpenDNS content filtering so I can only give you an educated answer which is a yes. You need to select cisco DNS servers and set up your OpenDNS account during script installation. Then you can setup content filtering on your setup OpenDNS account dashboard.
     
    Ashish Gupta likes this.
  5. Ashish Gupta

    Ashish Gupta Occasional Visitor

    Joined:
    Jan 28, 2018
    Messages:
    12
    It installed fine except for the 4 sed errors for file(s) inside /jffs/dnscrypt/.config but it doesn't work ( process doesn't start upon reboot. Also doh never worked for me on v2 so was stuck on cisco )

    I have uploaded the necessary files to the rar below

    Thanks

    https://ufile.io/an3e3
     
    Last edited: Feb 13, 2018
  6. bigeyes0x0

    bigeyes0x0 Regular Contributor

    Joined:
    Sep 9, 2015
    Messages:
    194
    Ashish Gupta likes this.
  7. Ashish Gupta

    Ashish Gupta Occasional Visitor

    Joined:
    Jan 28, 2018
    Messages:
    12
    Dnscrypt is working again but DOH isn't. If I use cisco / other dnscrypt servers it works. DNSleaktest also shows only the servers I selected but if I use DOH ( google / dnscrypt exp DOH server ) DNS doesn't work.

    Uploaded the necessary files to https://ufile.io/xjtk8 in case it helps to fix this error. DOH used to work till a few versions back.

    Thanks again
     
  8. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    266
    if you are using skynet, there is a possibility that 8.8.8.8 and 8.8.4.4 is blocked. Try whitelist them.

    Also, try to edit the toml yourself and manually add static server of the Google DNS. Think the default is comment out. Just remove the #.
     
    Ashish Gupta likes this.
  9. Ashish Gupta

    Ashish Gupta Occasional Visitor

    Joined:
    Jan 28, 2018
    Messages:
    12
    I am not using skynet. After a reset, DNSCrypt was the first thing I installed and couldn't get DOH to work ( I made sure google dns address is not commented as well as tried to add it to dnsmasq )

    Right now I am using DC with AB. Cisco / normal DC works fine but DOH just doesn't work. It worked perfectly in 382 builds but never in the 384 build. Also, 8.8.8.8 isn't blocked by the ISP as I have set it as DNS in a few devices because it's much faster than my ISP DNS.

    Thanks again
     
  10. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    266
    I am also using 384 and ac68u. No issue here. Definitely something wrong with the setting.

    You don't have to add things in dnsmasq as the script would have done that for you.

    Make sure that the router DNS filtering is disable under AI protection.

    If you are not using DC, are you able to use Google DNS in the router

    When I say comment out. I mean the following ..

    [static]

    [static.'google']
    stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'

    Also make sure
    server name is 'google'

    Once you saved the toml,
    Use the command to restart DC
    /jffs/dnscrypt/manager dnscrypt-start
     
    Ashish Gupta likes this.
  11. Ashish Gupta

    Ashish Gupta Occasional Visitor

    Joined:
    Jan 28, 2018
    Messages:
    12
    I just reinstalled everything with nvram erase as well as a hard/wps reset and it's working now :)
    I never did the reset through ssh before, just through the webui.

    Thanks again everyone.
     
  12. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    266
    lol.. I guess there is the best solution. Cheers
     
    Ashish Gupta likes this.
  13. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    233
    @bigeyes0x0: I think I found some minor things and I have a feature request.

    First of all, when keeping settings while updating and using dnscrypt-proxy.log is active, the installer script gives an error (at least, I think it's because of dnscrypt-proxy.log, as it's on the next line):

    Code:
     Info:  Migrating log_file with value 'dnscrypt-proxy.log'
    [: 267: unknown operand
    
    It also seems that when choosing to keep settings which have been manually edited in dnscrypt-proxy.toml, the installer has some issues putting them back in the right place in dnscrypt-proxy.toml when I decide to keep my previous settings:

    Code:
    15. ##################################
    16. #         Global settings        #
    17. ##################################
    18.
    19. log_file = 'dnscrypt-proxy.log'
    20.
    21. daemonize = true
    22.
    23. cert_ignore_timestamp = true
    
    *Line numbers added by me.
    I'm not sure how critical the .toml format is about finding the variables at the corresponding lines in the config file?

    When looking through to dnscrypt-proxy.toml I noticed that the dnscrypt-proxy.log is completely ignored, it's still hashed out at line

    Code:
    92. ## log file for the application
    93.
    94. # log_file = 'dnscrypt-proxy.log'
    
    * Line numbers added by me.
    Also, modified settings for query.log and nx.log are apparently ignored when keeping previous settings:

    Code:
    205. [query_log]
    206.
    207.  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
    208.
    209.  # file = 'query.log'
    
    ...
    
    231. [nx_log]
    232.
    233.  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
    234.
    235.   # file = 'nx.log'
    
    *Line numbers added by me.
    All three variables mentioned previously where un-hashed (?) prior to running the latest version of the installer script, and selecting to keep previous settings, but where not retained after finishing configuring.

    As for the feature request: Would it be possible if I select to keep my settings and wish to keep using OpenDNS IP updating, that I don't have to enter my credentials every time the script is updated? Just but minor thing, but it would be convenient. When using randomized 16-20 character passwords, it's sometimes a pain to have to re-enter them as I need to look them up in Lastpass and can't see what I'm entering :D.

    Having said that, the installer works otherwise like a charm, great to see how it evolved over the past few weeks. Sure has made things a lot easier :), thank you!

    EDIT: Link to full dnscrypt-proxy.toml: https://pastebin.com/wNpWsXYr
     
    Last edited: Feb 15, 2018
  14. bigeyes0x0

    bigeyes0x0 Regular Contributor

    Joined:
    Sep 9, 2015
    Messages:
    194
    @[email protected] I finally gave up from parsing toml file from shell. Can be done but it would be taking too much time and not really fun. Instead there's an option to keep previous settings file which should be okay considering dnscrypt-proxy 2.0.0 has been finalized, there likely won't be any major change. For your OpenDNS credential issue, I've added the ability to keep the setting as well.
     
    [email protected] likes this.
  15. M@rco

    [email protected] Senior Member

    Joined:
    Dec 23, 2017
    Messages:
    233
    No problem, thanks for adding OpenDNS credentials and your efforts, @bigeyes0x0 !
     
  16. owine

    owine Regular Contributor

    Joined:
    Apr 22, 2013
    Messages:
    66
    Silly question. What's the definition/difference for each of the load balance modes?
     
  17. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,979
    Location:
    United States
    underdose and bigeyes0x0 like this.
  18. Goobi

    Goobi Regular Contributor

    Joined:
    Dec 3, 2015
    Messages:
    60
    That worked! Thanks!
     
  19. dcguru

    dcguru New Around Here

    Joined:
    Aug 29, 2017
    Messages:
    9
    Morning John

    Flashed your new build this morning, tried the script.

    Code:
    [email protected]:/jffs/dnscrypt# ./dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml
    [2018-02-17 12:20:54] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
    [2018-02-17 12:20:54] [NOTICE] dnscrypt-proxy 2.0.0
    [2018-02-17 12:20:54] [FATAL] listen udp 127.0.0.1:65053: errno -9
    
    I then did a factory reset so I had nothing else installed (usually had AB solution etc) but again same result.

    Have tried changing to my routers IP instead of 127.0.0.1 in config file, but same result

    I then set it to port 53, which it told me was in use so couldn't be used.

    :(
     
  20. GoNz0

    GoNz0 Very Senior Member

    Joined:
    Jul 14, 2013
    Messages:
    577
    Reloaded the router last night and I'm pleased to say everything worked from the install script including installing the swap file :)
     
    [email protected] likes this.

Share This Page