DNScrypt dnscrypt installer for asuswrt

[unsynaps]

Just to let everyone know, there exists a bug where DNSCrypt blocks NTP sync if your router has booted up before your bridged modem has finished booting and hasn't got a line sync to the ISP. The simplest solution was suggested by @rromeroa - create a dnsmasq.conf.add file in /jffs/configs and then write out an entry that forces the domain of your NTP server to be resolved by the IP address of a public DNS server like this.

Read this thread here #1 for details.

http://manpages.ubuntu.com/manpages/trusty/man8/fake-hwclock.8.html

fake-hwclock fixes a large amount of random issues when dealing with secure services. Heck if the update is put in 'init-start' the clock is 'fixed' before syslog is even running.

 

[Zonkd]

http://manpages.ubuntu.com/manpages/trusty/man8/fake-hwclock.8.html

fake-hwclock fixes a large amount of random issues when dealing with secure services. Heck if the update is put in 'init-start' the clock is 'fixed' before syslog is even running.

So just to confirm that I'm understanding this correctly: fake hardware clock is a crude software based method to keep-the-clock-ticking forward until a device (lacking a real hardware clock) has booted fully and is able to properly sync with an internet NTP server. The fake hardware clock is not necessarily accurate, it simply loads from a file its most recent timestamp then ticks on from there. Is that about right?

I prefer not to add parts which may break in future and fortunately fake-hwclock wasn't necessary to get the router booting up correctly.

 

[DonnyJohnny]

Seems like DOH like DOT has just been finalised.
https://www.rfc-editor.org/rfc/rfc8484.txt

 

[RMerlin]

Seems like DOH like DOT has just been finalised.
https://www.rfc-editor.org/rfc/rfc8484.txt

Just what the world needed: two competing standards, which will split the community in two, as some will chose to back only either DoH or DoT, but not both. This will limit the adoption rate.

 

[unsynaps]

Just what the world needed: two competing standards, which will split the community in two, as some will chose to back only either DoH or DoT, but not both. This will limit the adoption rate.

https://xkcd.com/927/

 

[Treadler]

https://xkcd.com/927/

Sigh. I fear you are correct........ ;-)

 

[olsamurai]

I have an RT-N66U running Merlin 380.70

I tried to install dnscrypt with this script.
Version 2 failed and said "Unsupported Platform".
Version 1 stops at "Choose a DNS server" without listing any options:

xxxxx@router:curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/dnscrypt-proxy-v1/installer && sh installer dnscrypt-proxy-v1; rm installer
 Info:  Detected MIPSEL architecture.
 Info:  JFFS custom scripts and configs are already enabled
 Info:  Choose what you want to do:
  1) Install dnscrypt and (P)RNG
  2) Install (P)RNG only
 =>  Please enter the number designates your selection or any other key to exit: 1
 Info:  This operation will install dnscrypt-proxy and related files (<1MB)
 Info:  to jffs, no other data will be changed.
 Info:  Also some start scripts will be installed/modified as required.

 =>  Do you want to install dnscrypt-proxy to /jffs [y/n]: y
 Info:  Downloading dnscrypt-resolvers.csv
 Info:  manager is up to date. Skipping...
 Info:  dnscrypt-proxy is up to date. Skipping...
 Info:  nonroot is up to date. Skipping...
 Info:  dnsmasq.postconf file already configured
 Info:  wan-start file already configured
 Info:  Available DNS servers:
 =>  Please choose DNS server
[1-0]: 1
 *** Error:  Chosen DNS server number is not in range! Retrying...
 =>  Please choose DNS server
[1-0]: 0
 *** Error:  Chosen DNS server number is not in range! Retrying...
 =>  Please choose DNS server
[1-0]:

The file dnscrypt-resolvers.csv contains just: "HTTP Error 404".
Could this problem be solved somehow?

 

[owine]

I have an RT-N66U running Merlin 380.70

I tried to install dnscrypt with this script.
Version 2 failed and said "Unsupported Platform".
Version 1 stops at "Choose a DNS server" without listing any options:

xxxxx@router:curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/dnscrypt-proxy-v1/installer && sh installer dnscrypt-proxy-v1; rm installer
 Info:  Detected MIPSEL architecture.
 Info:  JFFS custom scripts and configs are already enabled
 Info:  Choose what you want to do:
  1) Install dnscrypt and (P)RNG
  2) Install (P)RNG only
 =>  Please enter the number designates your selection or any other key to exit: 1
 Info:  This operation will install dnscrypt-proxy and related files (<1MB)
 Info:  to jffs, no other data will be changed.
 Info:  Also some start scripts will be installed/modified as required.

 =>  Do you want to install dnscrypt-proxy to /jffs [y/n]: y
 Info:  Downloading dnscrypt-resolvers.csv
 Info:  manager is up to date. Skipping...
 Info:  dnscrypt-proxy is up to date. Skipping...
 Info:  nonroot is up to date. Skipping...
 Info:  dnsmasq.postconf file already configured
 Info:  wan-start file already configured
 Info:  Available DNS servers:
 =>  Please choose DNS server
[1-0]: 1
 *** Error:  Chosen DNS server number is not in range! Retrying...
 =>  Please choose DNS server
[1-0]: 0
 *** Error:  Chosen DNS server number is not in range! Retrying...
 =>  Please choose DNS server
[1-0]:

The file dnscrypt-resolvers.csv contains just: "HTTP Error 404".
Could this problem be solved somehow?

The v1 resolver .csv file is not really maintained anymore. It's available in an alternate repo for archive purposes. Download the v1 installer (just download, don't execute or use the command in the README) and open it in your favorite text editor. Replace the URL on line 148 with

https://raw.githubusercontent.com/dyne/dnscrypt-proxy/master/dnscrypt-resolvers.csv

Save and then execute the installer. It should work then.

 

[olsamurai]

Replace the URL on line 148 with

https://raw.githubusercontent.com/dyne/dnscrypt-proxy/master/dnscrypt-resolvers.csv

Save and then execute the installer. It should work then.

Thank you, tomorrow I try to install it.

Everything works great, thanks again!

 

[rgnldo]

DNSCrypt-proxy - 2.0.18 on Merlin-Asuswrt 384.8 beta1

 

[rgnldo]

Just what the world needed: two competing standards, which will split the community in two, as some will chose to back only either DoH or DoT, but not both. This will limit the adoption rate.

I like both solutions. Not all networks support DoH or DoT. I use App 1.1.1.1 for IOS that does these services. I keep alternating.

 

[Treadler]

Or this.......

Disconnect Pro by Disconnect
https://itunes.apple.com/au/app/disconnect-pro/id1057771839?mt=8

Is a tracker blocker, plus includes Cloudflare w/DoH ability if desired.

 

[SMS786]

Version 2.0.18
- Official builds now support TLS 1.3.
- The timeout for the initial connectivity check can now be set from
the command line.
- An `Accept:` header is now always sent with `GET` queries.
- BOMs are now ignored in configuration files.
- In addition to SOCKS, HTTP and HTTPS proxies are now supported for
DoH servers.

 

[rgnldo]

Is a tracker blocker, plus includes Cloudflare w/DoH ability if desired.

I prefer the 1.1.1.1 app. It is a free solution and offers both DoH and DoT services.

 

[Zastoff]

I prefer the 1.1.1.1 app. It is a free solution and offers both DoH and DoT services.

Tried the app on my android and it created a vpn profile, Did some testing with DoT and it felt slow for me
and i think i prefer using the the vpn server in my router instead, Feels faster and i get(the routers security) dnscrypt/diversion/skynet on my mobile connection with Openvpn Connect.
But for those without vpn server that app should work for better security outside your home network

 

[scjr]

I like both solutions. Not all networks support DoH or DoT. I use App 1.1.1.1 for IOS that does these services. I keep alternating.

Newbie just learning this stuff, so this may be an uneducated question.

I currently run Cloudflare DNS, with DNSSEC turned on in router. Can I run this app on my iOS devices, for the DoH functionality or will it conflict with my setup?

Thank you.

EDIT: Everything seems to work fine with app and router setup. I’m getting test results showing DoH is working.

 

[rgnldo]

for the DoH functionality or will it conflict with my setup?

If you are on the router network, you will not need the 1.1.1.1 app. I use the app when I'm out of my router network.

 

[Zastoff]

Newbie just learning this stuff, so this may be an uneducated question.

I currently run Cloudflare DNS, with DNSSEC turned on in router. Can I run this app on my iOS devices, for the DoH functionality or will it conflict with my setup?

Thank you.

EDIT: Everything seems to work fine with app and router setup. I’m getting test results showing DoH is working.

Think if you use the app on your home network it will bypass the routers dns settings, As DNS Filter for specific devices (app will handle all dns traffic for that device, Is my guess)

 

[Zastoff]

2.019 avaliable

• The value for netprobe_timeout was read from the command-line, but not from the configuration file any more. This is a regression introduced in the previous version, that has been fixed.
• The default value for netprobe timeouts has been raised to 60 seconds.
• A hash of the body is added to query parameters when sending DoH queries with the POST method in order to work around badly configured proxies.

 

[sbsnb]

2.019 avaliable

I think there's some problem with the binaries. I tried linux_arm64-2.0.19 and dnscrypt-proxy-linux_arm-2.0.19. Both give an error like:

/opt/sbin/dnscrypt-proxy: line 1: syntax error: unexpected word (expecting ")")

No problem with 2.0.18.

EDIT - Corrupted download. Redownload fixed it.