What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I would like to know this too.
 
@JemTheWire @GoNz0
To use multiple or failover dnscrypt daemons,
do the below

ssh login to your router

cd /opt/sbin
ln -s dnscrypt-proxy dnscrypt-proxy2
ln -s dnscrypt-proxy dnscrypt-proxy3

cd ENTWARE-INSTALLATION-PATH/etc/init.d
cp S09dnscrypt-proxy S10dnscrypt-proxy
cp S09dnscrypt-proxy S11dnscrypt-proxy

change the ARGS & PROCS variables in S10 & S11 dnscrypt files based on your installation/configuration

for S10dnscrypt-proxy
PROCS=dnscrypt-proxy2
ARGS="--local-address=127.0.0.1:65054 --ephemeral-keys --daemonize -ZDnsCryptProxy2 -Rdnscrypt.eu-nl"

for S11dnscrypt-proxy
PROCS=dnscrypt-proxy3
ARGS="--local-address=127.0.0.1:65055 --ephemeral-keys --daemonize -ZDnsCryptProxy3 -Rsoltysiak"

you can use nano to edit the files i.e.,
nano S10dnscrypt-proxy
nano S11dnscrypt-proxy


Also change the /jffs/configs/dnsmasq.conf.add
to below
## SEE for configuration options
## http://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

## Use dnscrypt-proxy as a resolver
no-resolv
server=127.0.0.1#65053
server=127.0.0.1#65054
server=127.0.0.1#65055

#By default, when dnsmasq has more than one upstream server available, it will send queries to just one server. Setting this flag forces dnsmasq to send
#all queries to all available servers. The reply from the server which answers first will be returned to the original requester.
all-servers

#Whenever /etc/resolv.conf is re-read or the upstream servers are set via DBus, clear the DNS cache. This is useful when new nameservers may have
#different data than that held in cache.
clear-on-reload


restart the dnscrypt daemons
S10dnscrypt-proxy stop
S10dnscrypt-proxy start

S11dnscrypt-proxy stop
S11dnscrypt-proxy start

Additionally you can include the below in your
/jffs/scripts/post-mount which takes care of upgrades/restarts

cd /opt/sbin
ln -s dnscrypt-proxy dnscrypt-proxy2
ln -s dnscrypt-proxy dnscrypt-proxy3
 
Last edited:
I have no SXdnscrypt-proxy file in etc/init.d
only :
rc.func
rc.unslung
and pixelserv for ab solution

The script uses his own directory (jffs/dnscrypt) and own variable in dnscrypt-start file

DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $OPENDNS_SERVER"

which pick the value in .config file
OPENDNS_SERVER=adguard-dns-ns1 for instance
 
It looks like the solution installs dnscrypt-proxy in jffs instead of in entware.

Still it should not stop you from having multiple/failover dnscrypt-proxy daemons as long as dnscrypt-proxy is installed in your system.

You might have a bit of conflict with failover dnscrypt as the adblock solution is using opendns server which provides basic adblock filters.

If you still want to persist, follow the steps by modifying it to your setup
1. Find where dnscrypt-proxy is installed (in your case it appears in /jffs/dnscrypt)
2. link the dnscrypt to dnscrypt-proxy2 & 3
3. copy the Sxxdnsrypt-proxy files to /opt/etc/init.d folders
4. Make changes to PROCS & ARGS
5. Make sure the PATH points to /jffs/dnscrypt
(check by which dnscrypt-proxy)
5. Start the failover dnscrypt-proxy daemons S10 & S11

I have no SXdnscrypt-proxy file in etc/init.d
only :
rc.func
rc.unslung
and pixelserv for ab solution

The script uses his own directory (jffs/dnscrypt) and own variable in dnscrypt-start file

DNSCRYPT_START="/jffs/dnscrypt/dnscrypt-proxy --local-address=127.0.0.1:65053 --daemonize --loglevel=4 -L /jffs/dnscrypt/dnscrypt-resolvers.csv -R $OPENDNS_SERVER"

which pick the value in .config file
OPENDNS_SERVER=adguard-dns-ns1 for instance
 
Last edited:
Update: I uninstalled AB-Solution and then updated DNSCrypt (from 1.9.2 to 1.9.4). I then installed AB-Solution again.

Now both are working well together.
 
I have updated the scripte with following changes:
- Include haveged for better speed with dnscrypt and other cryptographic applications
- Ability to run another dnscrypt-proxy instance for IPv6 dnscrypt DNS resolver
- dnscrypt-proxy crypto lib libsodium has been updated to 1.0.12

The main added feature is an optional 2nd dnscrypt-proxy daemon for IPv6 DNS resolving. If it's required further setup, I don't know because I don't have IPv6 here. So in case if it's required further configuration, I hope that someone can help me make that work.
 
Thanks. Can you add second instance for ipv4 too ? in order to have a failover. Thanks .
 
Thanks. Can you add second instance for ipv4 too ? in order to have a failover. Thanks .
Done, I've just reworked the 2nd DNS to universal instead of just allowing IPv6 there. It's up to user to choose which one is which. More flexible then. If IPv6 setup still needs other special attentions, please do tell and if possible I will implement it when I'm free.
 
DNS requests just doesn't work after running this installer on a AC66U with lastest Merlin firmware. Getting the standard DNS no probe in Chrome. I used ovpnse and ipredator DNS servers.

https://drive.google.com/file/d/0BwwgzacAAAmOLWY4Y2pnTDRTTUE/view?usp=sharing
Please do the following for me for further debugging:
1. Check if you have "Enable JFFS custom scripts and configs" enabled in Administration -> System.
2. Send me the System Log after installed this script and reboot your router till network connected icon is green.
3. SSH to the router and run this command "ps" and send me the output

P.S. Unfortunately yours is running MIPS architecture which I don't have to test.
 
I liked dnscrypt but found it was running in conflict with other scripts. Now that I have un-installed it, all my other scripts work now....:)
 
Can you be more precise ? Which scripts ? As if it doesn't help anyone..
Most likely a timing issue with the DNSCRYPT and the scripts: As DNSCRYPT starts quite late (with Entware) the earlier starting scripts do not find a DNS... :rolleyes:
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top