DNScrypt dnscrypt installer for asuswrt

[john9527]

Tried installing the script again from @bigeyes0x0 (it downloads mpisel this time!) but same results I'm afraid, no DNS on boot up. Trying to launch manually gives the same error.

Thanks for giving it a try. I'll take a look at the 2.6.27 commits and see if I can get those ported (but it will take a couple of days).

 

[Ashish Gupta]

I just reset my router (68u) and upgraded the firmware to 384.3beta3
On reinstalling dnscrypt2 I am getting the following error during installation ( highlighted ). Dnscrypt process isn't starting ( pidof / top don't show dnscrypt-proxy )

JFFS custom scripts are enabled.

Thanks

 

[Goobi]

Hi Community,

I used OpenDNS for content filtering. However, when I enable dnscrypt filtering no longer works. I got a few of questions:

1. Does opendns content filtering work with dnscrypt?

2. Is there a specific set of resolvers that work with opendns content filtering?

3. For 2, how can I point dnscrypt to use one of those servers?

Thanks in advance.

 

[bigeyes0x0]

I just reset my router (68u) and upgraded the firmware to 384.3beta3
On reinstalling dnscrypt2 I am getting the following error during installation ( highlighted ). Dnscrypt process isn't starting ( pidof / top don't show dnscrypt-proxy )

Please copy paste and use code block to include the log, I can't see much at all. Anyway still see the error when you select no for OpenDNS account, that's fixed.

@Goobi: I don't use OpenDNS content filtering so I can only give you an educated answer which is a yes. You need to select cisco DNS servers and set up your OpenDNS account during script installation. Then you can setup content filtering on your setup OpenDNS account dashboard.

 

[Ashish Gupta]

Please copy paste and use code block to include the log, I can't see much at all. Anyway still see the error when you select no for OpenDNS account, that's fixed.

It installed fine except for the 4 sed errors for file(s) inside /jffs/dnscrypt/.config but it doesn't work ( process doesn't start upon reboot. Also doh never worked for me on v2 so was stuck on cisco )

I have uploaded the necessary files to the rar below

Thanks

https://ufile.io/an3e3

 

[bigeyes0x0]

@Ashish Gupta should be fixed. You can try again.

 

[Ashish Gupta]

@Ashish Gupta should be fixed. You can try again.

Dnscrypt is working again but DOH isn't. If I use cisco / other dnscrypt servers it works. DNSleaktest also shows only the servers I selected but if I use DOH ( google / dnscrypt exp DOH server ) DNS doesn't work.

Uploaded the necessary files to https://ufile.io/xjtk8 in case it helps to fix this error. DOH used to work till a few versions back.

Thanks again

 

[DonnyJohnny]

Dnscrypt is working again but DOH isn't. If I use cisco / other dnscrypt servers it works. DNSleaktest also shows only the servers I selected but if I use DOH ( google / dnscrypt exp DOH server ) DNS doesn't work.

Uploaded the necessary files to https://ufile.io/xjtk8 in case it helps to fix this error. DOH used to work till a few versions back.

Thanks again

if you are using skynet, there is a possibility that 8.8.8.8 and 8.8.4.4 is blocked. Try whitelist them.

Also, try to edit the toml yourself and manually add static server of the Google DNS. Think the default is comment out. Just remove the #.

 

[Ashish Gupta]

if you are using skynet, there is a possibility that 8.8.8.8 and 8.8.4.4 is blocked. Try whitelist them.

Also, try to edit the toml yourself and manually add static server of the Google DNS. Think the default is comment out. Just remove the #.

I am not using skynet. After a reset, DNSCrypt was the first thing I installed and couldn't get DOH to work ( I made sure google dns address is not commented as well as tried to add it to dnsmasq )

Right now I am using DC with AB. Cisco / normal DC works fine but DOH just doesn't work. It worked perfectly in 382 builds but never in the 384 build. Also, 8.8.8.8 isn't blocked by the ISP as I have set it as DNS in a few devices because it's much faster than my ISP DNS.

Thanks again

 

[DonnyJohnny]

I am not using skynet. After a reset, DNSCrypt was the first thing I installed and couldn't get DOH to work ( I made sure google dns address is not commented as well as tried to add it to dnsmasq )

Right now I am using DC with AB. Cisco / normal DC works fine but DOH just doesn't work. It worked perfectly in 382 builds but never in the 384 build. Also, 8.8.8.8 isn't blocked by the ISP as I have set it as DNS in a few devices because it's much faster than my ISP DNS.

Thanks again

I am also using 384 and ac68u. No issue here. Definitely something wrong with the setting.

You don't have to add things in dnsmasq as the script would have done that for you.

Make sure that the router DNS filtering is disable under AI protection.

If you are not using DC, are you able to use Google DNS in the router

When I say comment out. I mean the following ..

[static]

[static.'google']
stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'

Also make sure
server name is 'google'

Once you saved the toml,
Use the command to restart DC
/jffs/dnscrypt/manager dnscrypt-start

 

[Ashish Gupta]

I just reinstalled everything with nvram erase as well as a hard/wps reset and it's working now
I never did the reset through ssh before, just through the webui.

Thanks again everyone.

 

[DonnyJohnny]

I just reinstalled everything with nvram erase as well as a hard/wps reset and it's working now
I never did the reset through ssh before, just through the webui.

Thanks again everyone.

lol.. I guess there is the best solution. Cheers

 

[M@rco]

@bigeyes0x0: I think I found some minor things and I have a feature request.

First of all, when keeping settings while updating and using dnscrypt-proxy.log is active, the installer script gives an error (at least, I think it's because of dnscrypt-proxy.log, as it's on the next line):

 Info:  Migrating log_file with value 'dnscrypt-proxy.log'
[: 267: unknown operand

It also seems that when choosing to keep settings which have been manually edited in dnscrypt-proxy.toml, the installer has some issues putting them back in the right place in dnscrypt-proxy.toml when I decide to keep my previous settings:

15. ##################################
16. #         Global settings        #
17. ##################################
18.
19. log_file = 'dnscrypt-proxy.log'
20.
21. daemonize = true
22.
23. cert_ignore_timestamp = true

*Line numbers added by me.

I'm not sure how critical the .toml format is about finding the variables at the corresponding lines in the config file?

When looking through to dnscrypt-proxy.toml I noticed that the dnscrypt-proxy.log is completely ignored, it's still hashed out at line

92. ## log file for the application
93.
94. # log_file = 'dnscrypt-proxy.log'

* Line numbers added by me.

Also, modified settings for query.log and nx.log are apparently ignored when keeping previous settings:

205. [query_log]
206.
207.  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
208.
209.  # file = 'query.log'

...

231. [nx_log]
232.
233.  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
234.
235.   # file = 'nx.log'

*Line numbers added by me.

All three variables mentioned previously where un-hashed (?) prior to running the latest version of the installer script, and selecting to keep previous settings, but where not retained after finishing configuring.

As for the feature request: Would it be possible if I select to keep my settings and wish to keep using OpenDNS IP updating, that I don't have to enter my credentials every time the script is updated? Just but minor thing, but it would be convenient. When using randomized 16-20 character passwords, it's sometimes a pain to have to re-enter them as I need to look them up in Lastpass and can't see what I'm entering .

Having said that, the installer works otherwise like a charm, great to see how it evolved over the past few weeks. Sure has made things a lot easier , thank you!

EDIT: Link to full dnscrypt-proxy.toml: https://pastebin.com/wNpWsXYr

 

[bigeyes0x0]

@M@rco I finally gave up from parsing toml file from shell. Can be done but it would be taking too much time and not really fun. Instead there's an option to keep previous settings file which should be okay considering dnscrypt-proxy 2.0.0 has been finalized, there likely won't be any major change. For your OpenDNS credential issue, I've added the ability to keep the setting as well.

 

[M@rco]

No problem, thanks for adding OpenDNS credentials and your efforts, @bigeyes0x0 !

 

[owine]

Silly question. What's the definition/difference for each of the load balance modes?

 

[john9527]

@dcguru @bigeyes0x0

Next try at MIPS support. This build adds the CLOEXEC sockets support equivalent to 2.6.27 kernel. (I hope the poster linked from the dnscrypt tracker was right in his analysis )
RT-N66U_380.69_2c-gf7e1e85dd.zip
https://1drv.ms/f/s!Ainhp1nBLzMJkEFTnFp4Sh2wvQva

I'll keep my fingers crossed!

 

[Goobi]

Please copy paste and use code block to include the log, I can't see much at all. Anyway still see the error when you select no for OpenDNS account, that's fixed.

@Goobi: I don't use OpenDNS content filtering so I can only give you an educated answer which is a yes. You need to select cisco DNS servers and set up your OpenDNS account during script installation. Then you can setup content filtering on your setup OpenDNS account dashboard.

That worked! Thanks!

 

[dcguru]

@dcguru @bigeyes0x0

Next try at MIPS support. This build adds the CLOEXEC sockets support equivalent to 2.6.27 kernel. (I hope the poster linked from the dnscrypt tracker was right in his analysis )
RT-N66U_380.69_2c-gf7e1e85dd.zip
https://1drv.ms/f/s!Ainhp1nBLzMJkEFTnFp4Sh2wvQva

I'll keep my fingers crossed!

Morning John

Flashed your new build this morning, tried the script.

admin@RT-N66U-F830:/jffs/dnscrypt# ./dnscrypt-proxy -config /jffs/dnscrypt/dnscrypt-proxy.toml
[2018-02-17 12:20:54] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-02-17 12:20:54] [NOTICE] dnscrypt-proxy 2.0.0
[2018-02-17 12:20:54] [FATAL] listen udp 127.0.0.1:65053: errno -9

I then did a factory reset so I had nothing else installed (usually had AB solution etc) but again same result.

Have tried changing to my routers IP instead of 127.0.0.1 in config file, but same result

I then set it to port 53, which it told me was in use so couldn't be used.

 

[GoNz0]

Reloaded the router last night and I'm pleased to say everything worked from the install script including installing the swap file