What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks for that instruction! :) But I am using the installer over the AMTM script to manage the dnscrypt-proxy and there is always an updated installer included :) But today they are a little bit slow :D
 
Last edited:
I am guessing the crash that was fixed in the .13 version is the one that happened to some of us because we are using cloudflare DNS, right?
 
I didn't had any crash with the previews versions and using 1.1.1.1 (cloudflare) :) But perhaps I was only lucky :D
 
Well been a while, but I've been watching this thread silently hehe.

The mainline installer is now at 2.0.14. The main installer is always updated in AMTM before me, so you can try that. He always pushes me a pull request every time now.

Anyway to put things to rest regarding the watchdog in my script is this:
Code:
start_monitor () {
  trap "" 1
  while [ `nvram get ntp_ready` -eq 0 ]; do sleep 1; done
  local NW_STATE
  local RES_STATE
  local COUNT=0
  while true; do
    if [ -f /jffs/dnscrypt/localtime ]; then
      if [ $COUNT -eq 90 ]; then
        COUNT=0
        touch "$0"
      fi
      COUNT=$((COUNT + 1))
    fi
    ping 8.8.8.8 -c1 -W2 >/dev/null 2>&1
    NW_STATE=$?
    nslookup google.com >/dev/null 2>&1
    RES_STATE=$?
    if [ -f /jffs/dnscrypt/dnscrypt-proxy ]; then
      if [ -z "`pidof dnscrypt-proxy`" ]; then
        logger "Warning: dnscrypt-proxy is dead"
        start_dnscrypt
      elif [ $NW_STATE -eq 0 ] && [ $RES_STATE -ne 0 ]; then
        logger "Warning: dnscrypt-proxy is not responding"
        start_dnscrypt
      fi
    fi
    sleep 10
  done
}
Basically it works by checking every 10 seconds if network is working by pinging 8.8.8.8 then checking if dns resolving works. If network works but dns resolving does not then it restarts dnscrypt.
 
hi, first time trying to install something on my asus router, i got little problem.
follow the instruction, but i got bad address error while downloading 2 files.

anyone can help me withh this??

thanks.
 

Attachments

  • DNSCrypt.JPG
    DNSCrypt.JPG
    86.4 KB · Views: 553
It seems like Cloudflare is stable now. I used it for a bit and so far so good.

Then my power went out.

The router rebooted.

Now my internet is dead. Had to delete DNSCrypt to get it working again.

Sigh.
 
Well been a while, but I've been watching this thread silently hehe.

The mainline installer is now at 2.0.14. The main installer is always updated in AMTM before me, so you can try that. He always pushes me a pull request every time now.

Anyway to put things to rest regarding the watchdog in my script is this:
Code:
start_monitor () {
  trap "" 1
  while [ `nvram get ntp_ready` -eq 0 ]; do sleep 1; done
  local NW_STATE
  local RES_STATE
  local COUNT=0
  while true; do
    if [ -f /jffs/dnscrypt/localtime ]; then
      if [ $COUNT -eq 90 ]; then
        COUNT=0
        touch "$0"
      fi
      COUNT=$((COUNT + 1))
    fi
    ping 8.8.8.8 -c1 -W2 >/dev/null 2>&1
    NW_STATE=$?
    nslookup google.com >/dev/null 2>&1
    RES_STATE=$?
    if [ -f /jffs/dnscrypt/dnscrypt-proxy ]; then
      if [ -z "`pidof dnscrypt-proxy`" ]; then
        logger "Warning: dnscrypt-proxy is dead"
        start_dnscrypt
      elif [ $NW_STATE -eq 0 ] && [ $RES_STATE -ne 0 ]; then
        logger "Warning: dnscrypt-proxy is not responding"
        start_dnscrypt
      fi
    fi
    sleep 10
  done
}
Basically it works by checking every 10 seconds if network is working by pinging 8.8.8.8 then checking if dns resolving works. If network works but dns resolving does not then it restarts dnscrypt.

@bigeyes0x0 I just want to confirm that this functionality is already included in dnscrypt and I don’t need to add the above code to a script and execute via wan-start? Thanks.
 
I just loaded 2.0.11 and it only lists cloudflare dns as a live server in my syslog out put. I also added google dns to the setup so it should show both and then select the best based on p2 setting. In the .toml file it shows both servers being selected. It used to show both and pick the fastest in the syslog. What changed?
EDIT: Further info collected. I did a fresh install of this script. If you change fallback resolver from 8.8.8.8:53 to 1.1.1.1:53 You lose the second resolver you selected manually. In my case I use cloudflare as first choice and google as second both DoH. The different logs to syslog are:
Code:
Results with fall back resolver to 1.1.1.1:53 with two manually selected DoH servers. cloudflare and google.

May  4 18:09:18 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:09:18 dnscrypt-proxy[20695]: Source [public-resolvers.md] loaded
May  4 18:09:18 dnscrypt-proxy[20695]: dnscrypt-proxy 2.0.11
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:09:18 dnscrypt-proxy[20695]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:09:18 dnscrypt-proxy[20695]: [cloudflare] OK (DoH) - rtt: 26ms
May  4 18:09:19 dnscrypt-proxy[20695]: Server with the lowest initial latency: cloudflare (rtt: 26ms)
May  4 18:09:19 dnscrypt-proxy[20695]: dnscrypt-proxy is ready - live servers: 1

This one is with the fall back as default 8.8.8.8:53 using the same manually selected DoH servers.

May  4 18:11:13 QuincyVomCanisphere: Start dnscrypt-proxy
May  4 18:11:13 dnscrypt-proxy[20888]: Source [public-resolvers.md] loaded
May  4 18:11:13 dnscrypt-proxy[20888]: dnscrypt-proxy 2.0.11
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [UDP]
May  4 18:11:13 dnscrypt-proxy[20888]: Now listening to 127.0.0.1:65053 [TCP]
May  4 18:11:14 dnscrypt-proxy[20888]: [cloudflare] OK (DoH) - rtt: 34ms
May  4 18:11:14 dnscrypt-proxy[20888]: [google] OK (DoH) - rtt: 120ms
May  4 18:11:14 dnscrypt-proxy[20888]: Server with the lowest initial latency: cloudflare (rtt: 34ms)
May  4 18:11:14 dnscrypt-proxy[20888]: dnscrypt-proxy is ready - live servers: 2
Am I expecting something the script cannot do or...? I want to use these two servers and use 1.1.1.1:53 as a fall back.
Bump
@bigeyes0x0 Can you please look at this?

EDIT: THIS ISSUE RESOLVED WITH 2.0.14
 
Last edited:
Bump
@bigeyes0x0 Can you please look at this?
Just tried it on dnscrypt Ver 2.0.14 and both DoH Servers are there and working with 1.1.1.1:53 as fallback server !!!

Try upgrading to 2.0.14 and seeing if the problem is fixed.
(Have used all versions from 2.0.9 onwards and not noticed any problem with DoH Servers being 'skipped')
 
Just tried it on dnscrypt Ver 2.0.14 and both DoH Servers are there and working with 1.1.1.1:53 as fallback server !!!

Try upgrading to 2.0.14 and seeing if the problem is fixed.
(Have used all versions from 2.0.9 onwards and not noticed any problem with DoH Servers being 'skipped')
Yes sir the issue I was having is gone with this new release.:cool:
 
I had an issue with ver .13 on my AC86U with latest merlin firmware: In the log, process was dead multiple times a day. Uninstalled dnscrypt. Retried with ver .14 : fixed!
 
Your DNSCrypt v1 script works fine till the DNS provider screen and stops there since it downloads an empty dnscrypt-resolvers.csv which causes a DNS provider selection screen with no options. Is it possible you to fix it or should I report it to somewhere else?

Thanks in advance.
 
Your DNSCrypt v1 script works fine till the DNS provider screen and stops there since it downloads an empty dnscrypt-resolvers.csv which causes a DNS provider selection screen with no options. Is it possible you to fix it or should I report it to somewhere else?

Thanks in advance.
I don't think the v1 installer is maintained anymore and there have been a number of URL changes. I am suspicious that the resolver file URL is the sole blocker, but you could download the installer file and edit the URL on line 148 to

Code:
https://raw.githubusercontent.com/dyne/dnscrypt-proxy/master/dnscrypt-resolvers.csv

Save and run the local version. That will get you past the server selection, but again I'm not sure if the other URLs will work to find the current location of the binaries/other files you will need.
 
For Cloudflare DNS to work, I must follow these steps in the same order:

1. Copy and paste in PuTTY:
Code:
curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer

2. Uninstall ALL
WHWGeg6.png


3. Unset timezone
4Ncp9T6.png


4. Set timezone
7X0c393.png
(Important)

5. Install and use Cloudflare DNS
JcmpWQ2.png


6. Set timezone
7X0c393.png
(Important)

7. I Reboot the router and this appears:
Code:
May 28 12:40:50 dnscrypt-proxy[190]: Source [public-resolvers.md] loaded
May 28 12:40:50 dnscrypt-proxy[190]: dnscrypt-proxy 2.0.14
May 28 12:40:50 dnscrypt-proxy[190]: Now listening to 127.0.0.1:65053 [UDP]
May 28 12:40:50 dnscrypt-proxy[190]: Now listening to 127.0.0.1:65053 [TCP]
May 28 12:40:52 dnscrypt-proxy[190]: [cloudflare] OK (DoH) - rtt: 47ms
May 28 12:40:52 dnscrypt-proxy[190]: Server with the lowest initial latency: cloudflare (rtt: 47ms)
May 28 12:40:52 dnscrypt-proxy[190]: dnscrypt-proxy is ready - live servers: 1


I don't know why, but this is the only way for Cloudflare DNS to work!

My configuration on the router:
1. LAN -> DHCP Server -> Enable DNSSEC support: Yes
2. WAN -> Internet Connection -> Connect to DNS Server automatically: No
DNS Server1: 1.1.1.1
DNS Server2: 1.0.0.1

@Twiglets @MasterBash @let me question @bigeyes0x0
If you are setup to use D0H why would you have dnssec enabled? Use one or the other when only using one resolver.
 
If you are setup to use D0H why would you have dnssec enabled? Use one or the other when only using one resolver.

Another question, I’m using Cloudflare, DoH via dnscrypt.
Should I have the RNG installed?
(I do, but is it required for what I’m doing?)

I also have DNSSEC enabled, probably redundant?.........
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top