DNScrypt dnscrypt installer for asuswrt

[Skeptical.me]

@lev: No, because dnsmasq included with the firmware already has that function. Also opendns server or any other dns resolver will be slower than ISP resolver mostly because they're outside the ISP intranet.

@Rodger_88 If you set those settings in LAN > DHCP Server > DNS, it will override dnscrypt function. You need to disable those and use router as DNS Server in client settings (basically use DHCP for DNS server).

@eclp: that's normal because we need to start dnscrypt-proxy with --ignore-timestamps at boot due to ntp hasn't been updated yet. I still don't know why you have "Unable to retrieve server certificates", please PM me with debug info as suggested in the first post.

Thank you!

I have deleted the DNS from LAN > DHCP server > DNS and the client's DNS is showing 192.168.1.1, and now when I go to ipleak.net I see OpenDNS addresses.

However, when I ran the command "killall dnscrypt-proxy" (via ssh to RT-AC87U) I got a reply that said "killall: dnscrypt-proxy: no process killed". I'm not sure if that means its not working.

Thanks for pointing me in the right direction!

 

[joegreat]

However, when I ran the command "killall dnscrypt-proxy" (via ssh to RT-AC87U) I got a reply that said "killall: dnscrypt-proxy: no process killed". I'm not sure if that means its not working.

Killing a process is NOT a good CHECK if it runs...

Better use:
chief@RT-AC87U:/tmp/home/root# ps -w | grep proxy
1750 admin 3356 S dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize -R cisco
...and you get the running process - or nothing if it does not run.

 

[Skeptical.me]

Killing a process is NOT a good CHECK if it runs...

Better use:
chief@RT-AC87U:/tmp/home/root# ps -w | grep proxy
1750 admin 3356 S dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize -R cisco
...and you get the running process - or nothing if it does not run.

Thanks for the reply.

It returned ....

7027 admin 1380 D grep proxy


I guess its not working?

 

[bigeyes0x0]

@Rodger_88 looks like it does not start for you, please check if you have "Enable JFFS custom scripts and configs" enabled in Administration -> System.

 

[thelonelycoder]

looks like it does not start for you, please check if you have "Enable JFFS custom scripts and configs" enabled in Administration -> System.

For your installer I would build in a check for that, it is essential that it be enabled for your script to work.
The relevant entries are thus, it is enabled and scripts are run when:
jffs2_enable=1
jffs2_format=0
jffs2_scripts=1
If format is set to 1 it is scheduled to format at next boot.

 

[alexandro]

New version of dnscrypt-proxy 1.9.0 has been updated for this package.

Hi! Happy new year

Changelog for 1.9.0 says

• New plugin: example-cache. This plugin implements a simple, zero-configuration DNS response cache.

Is this plugin included in your distribution?

 

[bigeyes0x0]

@thelonelycoder thanks for the suggestion. Added to the installer.

@alexandro nope, it's not needed as we already have dnsmasq dns cache which is much better and configurable. That plugin is meant as an example and not something to replace dnsmasq or unbound or bind.

 

[Skeptical.me]

@Rodger_88 looks like it does not start for you, please check if you have "Enable JFFS custom scripts and configs" enabled in Administration -> System.

Hi, thanks for your help. I do appreciate it.

I have gone as far as this:

1. I have reset Merlin 380_64 to factory defaults.

2. Then enabled "Enable JFFS custom scripts and configs" (Admin > System)

3. Reinstalled DNSCrypt using the code at the start of this thread (via SSH to admin@192.1681.1.1)

I selected number 10 on the list - CryptoStorm's DNSCrypt Switzerland DNS server

Everything installed correctly

4. I rebooted the router (RT-AC87U)

5. Ran the command ps -w | grep proxy in terminal and it returned this: 963 admin 1380 S grep proxy

6. Checked ipleak.net and saw my ISP's DNS Address

I'm totally stuck, I have no idea what to do.

Edit: I just realized the time and date says the 16th of December, which is obviously wrong. So I'm guessing that is a potential cause?

 

[bigeyes0x0]

This script will start dnscrypt-proxy in two states:
1. Before ntp update, started with this command: /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $DNS_RESOLVER -I # with -I being --ignore-timestamps to work around time being incorrect.
2. After ntp update, dnscrypt-proxy is restarted with command: /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $DNS_RESOLVER

So in either case you must have dnscrypt-proxy running regardless if you have time correct or not. From the look of it, I think you don't have any of my script running after reboot, otherwise your internet wouldn't even work after using this script having dnsmasq reconfigure for dnscrypt-proxy and having it not running.

Let's try debug if you have script running at boot:
1. Running this command and send me the result: nvram show|grep jffs2
2. Running this command and reboot the router then report back if you have /tmp/blahblah file exists:
echo "touch /tmp/blahblah" >> /jffs/scripts/wan-start

 

[RacerRon]

This is mine after first command
jffs2_exec=
jffs2_enable=1
size: 60919 bytes (70153 left)
jffs2_format=0
jffs2_scripts=1

After second and reboot there is no blahblah file

 

[bigeyes0x0]

@RacerRon Send me the permission on wan-start with:
ls-l /jffs/scripts/wan-start # please insert a space between ls and -l, this forum SQL injection checking sucks
and its content with:
cat /jffs/scripts/wan-start

It looks like there's a bug in the firmware if all are correct now.

 

[RacerRon]

-rw-rw-rw- 1 admin root 101 Jan 1 23:10 /jffs/scripts/wan-start
admin@Asus:/jffs# cat /jffs/scripts/wan-start
#!/bin/sh

[ -x /jffs/dnscrypt/dnscrypt-start ] && /jffs/dnscrypt/dnscrypt-start
touch /tmp/blahblah
admin@Asus:/jffs#

 

[joegreat]

-rw-rw-rw- 1 admin root 101 Jan 1 23:10 /jffs/scripts/wan-start

The wan-start script is not executable - see Merlin's Wiki for User-Scripts for the details:

Don't forget to set any script you create as being executable:
chmod a+rx /jffs/scripts/*

 

[RacerRon]

The wan-start script is not executable - see Merlin's Wiki for User-Scripts for the details:

THANK YOU JOE that did the trick. Cant the installer make this executable when it installs DNScrypt ? or is the chmod always required after running the install ?

I also notice that it takes much longer for the router to boot once DNScrypt is starting.

 

[Skeptical.me]

This script will start dnscrypt-proxy in two states:
1. Before ntp update, started with this command: /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $DNS_RESOLVER -I # with -I being --ignore-timestamps to work around time being incorrect.
2. After ntp update, dnscrypt-proxy is restarted with command: /jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $DNS_RESOLVER

So in either case you must have dnscrypt-proxy running regardless if you have time correct or not. From the look of it, I think you don't have any of my script running after reboot, otherwise your internet wouldn't even work after using this script having dnsmasq reconfigure for dnscrypt-proxy and having it not running.

Let's try debug if you have script running at boot:
1. Running this command and send me the result: nvram show|grep jffs2
2. Running this command and reboot the router then report back if you have /tmp/blahblah file exists:
echo "touch /tmp/blahblah" >> /jffs/scripts/wan-start

Ok. Here are the results.

1. # nvram show|grep jffs2

size: 46808 bytes (18728 left)
jffs2_exec=
jffs2_enable=1
jffs2_format=0
jffs2_scripts=1

2. no blahblah file after reboot

3. permissions

-rw-rw-rw- 1 admin root 101 Jan 2 17:55 /jffs/scripts/wan-start

4. contents:

[ -x /jffs/dnscrypt/dnscrypt-start ] && /jffs/dnscrypt/dnscrypt-start
touch /tmp/blahblah

 

[joegreat]

3. permissions

-rw-rw-rw- 1 admin root 101 Jan 2 17:55 /jffs/scripts/wan-start

See my posting above - always a good idea to read before posting...

 

[Skeptical.me]

See my posting above - always a good idea to read before posting...

I did read it, but since I'm totally new to this I'd thought I'd check first.

 

[thelonelycoder]

I did read it, but since I'm totally new to this I'd thought I'd check first.

For scripts to work in /jffs/scritps/ they need to be executable, have the shebang at top of the file (#!/bin/sh) and have unix line endings.

chmod a+rx /jffs/scripts/*

dos2unix /jffs/scripts/*

 

[Skeptical.me]

For scripts to work in /jffs/scritps/ they need to be executable, have the shebang at top of the file (#!/bin/sh) and have unix line endings.

chmod a+rx /jffs/scripts/*

dos2unix /jffs/scripts/*

Thanks for that

 

[Skeptical.me]

See my posting above - always a good idea to read before posting...

Thanks to you and bigeyes0x0 for the help, I do appreciate it. DNScrypt is working now.

Just one last question, if I want to change the DNScrypt DNS server I'm using how do I do that?