What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Reconfig: dnscrypt-proxy[919]: Unable to retrieve server certificates
 
Reconfig: dnscrypt-proxy[919]: Unable to retrieve server certificates
It's either network issue, date time issue or the specific server you chose having old info in dnscrypt-resolvers.csv file. You might try a different server.
 
I installed the DNScrypt script, and did the test if it is working.
It seems the dns resolving is working, but I also get an error at the end:
"(root) ??? unknown type 41 ???"

After some google-ing I think it is related to IPv6. It is trying ro resolve the IPv6 adress?
I have IPv6 disabled on the router (AC-87U). Is there a way to tell dnscrypth to ignore IPv6 resolution, or is it something else that I can do?


public ip replaced:
Code:
Server:  router.asus.com
Address:  192.168.1.1

Non-authoritative answer:
debug.opendns.com       text =

        "server m11.ams"
debug.opendns.com       text =

        "flags 20 0 50 1B50000000000000000"
debug.opendns.com       text =

        "originid 61741077"
debug.opendns.com       text =

        "actype 2"
debug.opendns.com       text =

        "bundle 9363869"
debug.opendns.com       text =

        "source 1xxx.yyy.zzz.aaa:41682"
debug.opendns.com       text =

        "dnscrypt enabled (717473654A614970)"

(root)  ??? unknown type 41 ???
 
Honestly I dunno what that is, maybe someone can shed some light on that. I have that too and my config has been working normally from user's standpoint.
 
Just FYI, this seems to work fine with new test firmware 380.65_alpha1 so it's likely to work fine with its stable version. This is special because busybox was upgraded, and that binary this script depends a lot on.
 
Last edited:
I don't know as I don't use that service. Maybe you can try it out and tell us how it goes. Uninstall this script is trivial enough.
 
... date time issue ...

How can we solve this problem? (Dnscrypt works only for a short time.)


Aug 1 02:01:33 dnsmasq[719]: warning: ignoring resolv-file flag because no-resolv is set
Aug 1 02:01:33 xxxx: dnscrypt-proxy started for boot services
Aug 1 02:01:33 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
Aug 1 02:01:33 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
Aug 1 02:01:33 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
Aug 1 02:01:36 kernel: nf_conntrack_rtsp v0.6.21 loading
Aug 1 02:01:36 kernel: nf_nat_rtsp v0.6.21 loading
Aug 1 02:01:39 xxxx: AB-Solution added entries via ab_dnsmasq_postconf.sh
Aug 1 02:01:39 xxxx: AB-Solution linked dnsmasq.postconf to ab_dnsmasq_postconf.sh
Aug 1 02:01:41 xxxx: OpenDNS: Update IP succeeded
Aug 1 02:01:44 xxxx: AB-Solution added entries via post-mount
Dec 25 13:15:01 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
Dec 25 13:15:02 xxxx: AB-Solution added entries via ab_dnsmasq_postconf.sh
Dec 25 13:15:02 xxxx: AB-Solution linked dnsmasq.postconf to ab_dnsmasq_postconf.sh
Dec 25 13:15:02 kernel: sizeof forward param = 160
Dec 25 13:15:02 xxxx: Started pixelserv-tls (AB-Solution) from .
Dec 25 13:15:04 xxxx: dnscrypt-proxy restarted for normal operations
Dec 25 13:15:05 kernel: gro disabled
Dec 25 13:15:06 kernel: gro enabled with interval 2
Dec 25 13:15:18 crond[461]: time disparity of 738014 minutes detected
Dec 25 13:15:19 dnscrypt-proxy[1018]: Unable to retrieve server certificates
:(
 
Last edited:
So to solve all the problems with installing dnscrypt with entware (or similar) then setting up various scripts to handle dnscrypt-proxy starting up including the ntp issue, I made my own installer for dnscrypt-proxy.

Fantastic! I have the RT-AC56R. I wish I was more knowledgeable on how to navigate around inside my router environment. I installed your dnscrypt-proxy adaptation. What I noticed after selecting the resolver and doing the reboot, the program does not use the resolver I have chosen. The program seemed to randomly choose what DNS resolver after reboot which I verified on browserleaks.com I have concerns about using third party DNS resolvers I do not know about and prefer the OpenDns server. Anyhow, it really works unfortunately my resolver preference is not being honored. Its an anomaly.

Bigeyes thank you for your excellent efforts!
 
Well, I can no longer make DNScrypt work and am out of ideas. How should I send the jffs tarball to you ?
 
@eclp As I wrote in the first post, please send me the tar of related files for forensic, as well as provide me information as requested.

@David Swanson it supposes to work that way, dnscrypt installation will override your DNS settings in webui.

@RacerRon: you can pm me all the information if you want it to be private.
 
@eclp As I wrote in the first post, please send me the tar of related files for forensic, as well as provide me information as requested.

@David Swanson it supposes to work that way, dnscrypt installation will override your DNS settings in webui.

@RacerRon: you can pm me all the information if you want it to be private.
OK....Sent a pm with link to info. This is a Ac88u with Merlin's latest alpha2 build.
 
dnscrypt-proxy[745]: Clock might be off - Pretending that this certificate is valid no matter what
 
Ok, I installed DNScrypt as per your instructions.

I have an ASUS RT-AC87U with Merlin installed 380.64.

During the installation I selected number 6 OpenDNS Family DNS server.

After the reboot I checked my DNS at ipleak.net and its Google's DNS I see, which I previously set in LAN > DHCP Server > DNS and WINS Server Setting.

Am I suppose to be seeing the OpenDNS Addresses at ipleak.net?
 
After running this script ...


echo .config > exclude-files; tar -cvf dnscrypt.tar -X exclude-files /jffs/dnscrypt /jffs/scripts/dnsmasq.postconf /jffs/scripts/firewall-start /jffs/scripts/wan-start ; rm exclude-files


Where do I find the files for debugging?
 
@lev: No, because dnsmasq included with the firmware already has that function. Also opendns server or any other dns resolver will be slower than ISP resolver mostly because they're outside the ISP intranet.

@Rodger_88 If you set those settings in LAN > DHCP Server > DNS, it will override dnscrypt function. You need to disable those and use router as DNS Server in client settings (basically use DHCP for DNS server).

@eclp: that's normal because we need to start dnscrypt-proxy with --ignore-timestamps at boot due to ntp hasn't been updated yet. I still don't know why you have "Unable to retrieve server certificates", please PM me with debug info as suggested in the first post.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top