What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hi,

just got a new ax56u and tried to install dnscrypt-proxy through amtm, but i got this error
Code:
[2020-08-15 18:27:11] [NOTICE] dnscrypt-proxy 2.0.44
[2020-08-15 18:27:11] [NOTICE] Dropping privileges
[2020-08-15 18:27:11] [FATAL] Unable to drop additional groups: [function not implemented]
Info:  Move invalid configuration file to /jffs/dnscrypt/dnscrypt-proxy.toml.err

how to fix this?

thanks
Have not encountered this before, not sure how to advise on this.
Rebooting (hard reboot)do not help?
Found this link
 
Rebooting (hard reboot)do not help?
Sadly no..

So i tried renaming toml.err manually to .toml, reboot, got this in the log
Code:
Aug 16 09:24:57 admin: Start dnscrypt-proxy
Aug 16 09:24:57 dnscrypt-proxy[26255]: dnscrypt-proxy 2.0.44
Aug 16 09:24:57 dnscrypt-proxy[26255]: Network connectivity detected
Aug 16 09:24:57 dnscrypt-proxy[26255]: Dropping privileges
Aug 16 09:24:57 dnscrypt-proxy[26255]: Unable to drop additional groups: [function not implemented]
Aug 16 09:25:08 admin: Warning: dnscrypt-proxy is dead
Aug 16 09:25:08 admin: Start dnscrypt-proxy
Aug 16 09:25:08 dnscrypt-proxy[26477]: dnscrypt-proxy 2.0.44
Aug 16 09:25:08 dnscrypt-proxy[26477]: Network connectivity detected
Aug 16 09:25:08 dnscrypt-proxy[26477]: Dropping privileges
Aug 16 09:25:08 dnscrypt-proxy[26477]: Unable to drop additional groups: [function not implemented]

I currently have Diversion, UiDivStat, and entware installed.
 
hi,

just got a new ax56u and tried to install dnscrypt-proxy through amtm, but i got this error
Code:
[2020-08-15 18:27:11] [NOTICE] dnscrypt-proxy 2.0.44
[2020-08-15 18:27:11] [NOTICE] Dropping privileges
[2020-08-15 18:27:11] [FATAL] Unable to drop additional groups: [function not implemented]
Info:  Move invalid configuration file to /jffs/dnscrypt/dnscrypt-proxy.toml.err

how to fix this?

thanks
looks like your permissions may be messed up. post what the out put of
ls -la /jffs/dnscrypt

is.

to go into more details, dnscrypt-proxy runned by this installer uses dnscrypt-proxy as root-user if your permissions for the .toml file are wrong, or your configurations within the .toml file are wrong, you will get this error. try configuring with a new .toml file.
 
looks like your permissions may be messed up. post what the out put of
ls -la /jffs/dnscrypt

is.

to go into more details, dnscrypt-proxy runned by this installer uses dnscrypt-proxy as root-user if your permissions for the .toml file are wrong, or your configurations within the .toml file are wrong, you will get this error. try configuring with a new .toml file.
I have it uninstalled right now as it breaks my internet connection..
I'll try it again and have a look

EDIT:
Code:
                                                   admin@RT-AX56U-2F78:/jffs/dnscrypt# ls -la
drwxrwxrwx    2 admin    root             0 Aug 16 10:27 .                   drwxr-xr-x   12 admin    root             0 Aug 16 10:27 ..
-rw-r--r--    1 admin    root           823 Jun 12 01:51 LICENSE
-rwxr-xr-x    1 admin    root       8781824 Jun 12 01:55 dnscrypt-proxy
-rw-r--r--    1 admin    root         23575 Aug 16 10:27 dnscrypt-proxy.toml.err
-rw-r--r--    1 admin    root           897 Jun 12 01:51 example-blacklist.txt
-rw-r--r--    1 admin    root          1277 Jun 12 01:51 example-cloaking-rules.txt
-rw-r--r--    1 admin    root         23553 Jun 12 01:51 example-dnscrypt-proxy.toml
-rw-r--r--    1 admin    root           970 Jun 12 01:51 example-forwarding-rules.txt
-rw-r--r--    1 admin    root           457 Jun 12 01:51 example-ip-blacklist.txt
-rw-r--r--    1 admin    root           743 Jun 12 01:51 example-whitelist.txt
-rwxr-xr-x    1 admin    root         68069 Aug 15 09:26 installer
-rw-r--r--    1 admin    root          2807 Jun 12 01:51 localhost.pem
-rw-r--r--    1 admin    root           392 Jan 24  2018 localtime
-rwxr-xr-x    1 admin    root          4206 Aug 16 10:22 manager
-rw-r--r--    1 nobody   nobody       65522 Aug 15 18:27 public-resolvers.md
-rw-r--r--    1 nobody   nobody         307 Aug 15 18:27 public-resolvers.md.minisig
-rw-r--r--    1 nobody   nobody        6542 Aug 15 09:27 relays.md
-rw-r--r--    1 nobody   nobody         297 Aug 15 09:27 relays.md.minisig
-rw-r--r--    1 admin    root            17 Aug 16 10:26 resolv.dnsmasq
admin@RT-AX56U-2F78:/jffs/dnscrypt#

EDIT 2:
i tried a new .toml, clean copy form example .toml and changed only this line
Code:
listen_addresses = ['127.0.1.1:53']

dnscrypt-proxy is running now.
i don't know what's wrong.
 

Attachments

  • dnscrypt-proxy.toml.err.txt
    23 KB · Views: 199
  • dnscrypt-proxy.toml.txt
    23 KB · Views: 186
Last edited:
I have it uninstalled right now as it breaks my internet connection..
I'll try it again and have a look

EDIT:
Code:
                                                   admin@RT-AX56U-2F78:/jffs/dnscrypt# ls -la
drwxrwxrwx    2 admin    root             0 Aug 16 10:27 .                   drwxr-xr-x   12 admin    root             0 Aug 16 10:27 ..
-rw-r--r--    1 admin    root           823 Jun 12 01:51 LICENSE
-rwxr-xr-x    1 admin    root       8781824 Jun 12 01:55 dnscrypt-proxy
-rw-r--r--    1 admin    root         23575 Aug 16 10:27 dnscrypt-proxy.toml.err
-rw-r--r--    1 admin    root           897 Jun 12 01:51 example-blacklist.txt
-rw-r--r--    1 admin    root          1277 Jun 12 01:51 example-cloaking-rules.txt
-rw-r--r--    1 admin    root         23553 Jun 12 01:51 example-dnscrypt-proxy.toml
-rw-r--r--    1 admin    root           970 Jun 12 01:51 example-forwarding-rules.txt
-rw-r--r--    1 admin    root           457 Jun 12 01:51 example-ip-blacklist.txt
-rw-r--r--    1 admin    root           743 Jun 12 01:51 example-whitelist.txt
-rwxr-xr-x    1 admin    root         68069 Aug 15 09:26 installer
-rw-r--r--    1 admin    root          2807 Jun 12 01:51 localhost.pem
-rw-r--r--    1 admin    root           392 Jan 24  2018 localtime
-rwxr-xr-x    1 admin    root          4206 Aug 16 10:22 manager
-rw-r--r--    1 nobody   nobody       65522 Aug 15 18:27 public-resolvers.md
-rw-r--r--    1 nobody   nobody         307 Aug 15 18:27 public-resolvers.md.minisig
-rw-r--r--    1 nobody   nobody        6542 Aug 15 09:27 relays.md
-rw-r--r--    1 nobody   nobody         297 Aug 15 09:27 relays.md.minisig
-rw-r--r--    1 admin    root            17 Aug 16 10:26 resolv.dnsmasq
admin@RT-AX56U-2F78:/jffs/dnscrypt#

EDIT 2:
i tried a new .toml, clean copy form example .toml and changed only this line
Code:
listen_addresses = ['127.0.1.1:53']

dnscrypt-proxy is running now.
i don't know what's wrong.
Yea i am not quite sure either, from my test it is working fine. I am only configured using a fresh . toml file. Could be a compatibility issue with this and the new ax56u because i noticed all of your file permissions are set to admin, this is usually suppose to be your admin user name for the router. My testing platform is the ax88u
 
Last edited:
I have it uninstalled right now as it breaks my internet connection..
I'll try it again and have a look

EDIT:
Code:
                                                   admin@RT-AX56U-2F78:/jffs/dnscrypt# ls -la
drwxrwxrwx    2 admin    root             0 Aug 16 10:27 .                   drwxr-xr-x   12 admin    root             0 Aug 16 10:27 ..
-rw-r--r--    1 admin    root           823 Jun 12 01:51 LICENSE
-rwxr-xr-x    1 admin    root       8781824 Jun 12 01:55 dnscrypt-proxy
-rw-r--r--    1 admin    root         23575 Aug 16 10:27 dnscrypt-proxy.toml.err
-rw-r--r--    1 admin    root           897 Jun 12 01:51 example-blacklist.txt
-rw-r--r--    1 admin    root          1277 Jun 12 01:51 example-cloaking-rules.txt
-rw-r--r--    1 admin    root         23553 Jun 12 01:51 example-dnscrypt-proxy.toml
-rw-r--r--    1 admin    root           970 Jun 12 01:51 example-forwarding-rules.txt
-rw-r--r--    1 admin    root           457 Jun 12 01:51 example-ip-blacklist.txt
-rw-r--r--    1 admin    root           743 Jun 12 01:51 example-whitelist.txt
-rwxr-xr-x    1 admin    root         68069 Aug 15 09:26 installer
-rw-r--r--    1 admin    root          2807 Jun 12 01:51 localhost.pem
-rw-r--r--    1 admin    root           392 Jan 24  2018 localtime
-rwxr-xr-x    1 admin    root          4206 Aug 16 10:22 manager
-rw-r--r--    1 nobody   nobody       65522 Aug 15 18:27 public-resolvers.md
-rw-r--r--    1 nobody   nobody         307 Aug 15 18:27 public-resolvers.md.minisig
-rw-r--r--    1 nobody   nobody        6542 Aug 15 09:27 relays.md
-rw-r--r--    1 nobody   nobody         297 Aug 15 09:27 relays.md.minisig
-rw-r--r--    1 admin    root            17 Aug 16 10:26 resolv.dnsmasq
admin@RT-AX56U-2F78:/jffs/dnscrypt#

EDIT 2:
i tried a new .toml, clean copy form example .toml and changed only this line
Code:
listen_addresses = ['127.0.1.1:53']

dnscrypt-proxy is running now.
i don't know what's wrong.
You are using an older version of the .toml file the current .toml file uses their sources as
Code:
[sources]

  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers

  [sources.'public-resolvers']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
  cache_file = 'public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''

  ## Anonymized DNS relays

  [sources.'relays']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md']
  cache_file = 'relays.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''

  ## Quad9 over DNSCrypt - https://quad9.net/

  # [sources.quad9-resolvers]
  # urls = ['https://www.quad9.net/quad9-resolvers.md']
  # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
  # cache_file = 'quad9-resolvers.md'
  # prefix = 'quad9-'

  ## Another example source, with resolvers censoring some websites not appropriate for children
  ## This is a subset of the `public-resolvers` list, so enabling both is useless

  #  [sources.'parental-control']
  #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md']
  #  cache_file = 'parental-control.md'
  #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'

The installer also should be using v3 and not v2.

Your .toml file uses them as
Code:
[sources]

  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers

  [sources.'public-resolvers']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
  cache_file = 'public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  prefix = ''

  ## Anonymized DNS relays

  [sources.'relays']
  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
  cache_file = 'relays.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''

  ## Quad9 over DNSCrypt - https://quad9.net/

  # [sources.quad9-resolvers]
  # urls = ['https://www.quad9.net/quad9-resolvers.md']
  # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
  # cache_file = 'quad9-resolvers.md'
  # prefix = 'quad9-'

  ## Another example source, with resolvers censoring some websites not appropriate for children
  ## This is a subset of the `public-resolvers` list, so enabling both is useless

  #  [sources.'parental-control']
  #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
  #  cache_file = 'parental-control.md'
  #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'

so it appears their latest release does not have the newest .toml example in it

try using contents from https://raw.githubusercontent.com/D...er/dnscrypt-proxy/example-dnscrypt-proxy.toml in your .toml file.
 
Last edited:
hi,

just got a new ax56u and tried to install dnscrypt-proxy through amtm, but i got this error
Code:
[2020-08-15 18:27:11] [NOTICE] dnscrypt-proxy 2.0.44
[2020-08-15 18:27:11] [NOTICE] Dropping privileges
[2020-08-15 18:27:11] [FATAL] Unable to drop additional groups: [function not implemented]
Info:  Move invalid configuration file to /jffs/dnscrypt/dnscrypt-proxy.toml.err

how to fix this?

thanks
The biggest problem is dnscrypt-proxy devs continuously change the footprint of the .toml file. Just by changing a few operator words -- for example, when they changed the name of the whitelist and blacklist to allowed_names and blocked_names - this made it to where the .toml file was incompatible with their latest release as it requires the build to support those in the .toml file. For a temporary fix, I just push an update that allows the installer to update the example.toml when you run the install/update feature -- from there all you have to do is reconfigure using a new .toml file selection with the installer when prompted. This will place a .toml file with the correct V3 server list. Hopefully this will resolve this issue. Note: This is only a temporary fix until the next release at which time it will be removed.
 
Last edited:
Yea i am not quite sure either, from my test it is working fine. I am only configured using a fresh . toml file. Could be a compatibility issue with this and the new ax56u because i noticed all of your file permissions are set to admin, this is usually suppose to be your admin user name for the router. My testing platform is the ax88u

hi, thank you for looking up into this.

as my previous reply, i got the proxy working using own .toml file from the example .toml (after changing listen_addresses part).
so i compared the .toml with the one generated by the installer (the one with .err), i found that somehow my ax56u doesn't like this line
Code:
user_name = 'nobody'
the installer generated .toml file has that line uncommented.
 
hi, thank you for looking up into this.

as my previous reply, i got the proxy working using own .toml file from the example .toml (after changing listen_addresses part).
so i compared the .toml with the one generated by the installer (the one with .err), i found that somehow my ax56u doesn't like this line
Code:
user_name = 'nobody'
the installer generated .toml file has that line uncommented.
That is correct for running it as well beause it runs as nobody under nonroot configuration. If you notice your server files use permission "nobody" at somepoint your dnscrypt proxy will crash if you comment out this line. Try reconfiguring with a new .toml file with the update i pushed. The problem was you are using v2 sources in .toml file while the installer is downloading v3.
 
Last edited:
So to solve all the problems with installing dnscrypt with entware (or similar) then setting up various scripts to handle dnscrypt-proxy starting up including the ntp issue, I made my own installer for dnscrypt-proxy.

@bigeyes0x0
Quick question:
Should the cache be enabled in .toml file?
cache = true or false


My setup:
- AX88U; running 384.19
- Diversion Lite
- WireGuard as a server
 
@bigeyes0x0
Quick question:
Should the cache be enabled in .toml file?
cache = true or false


My setup:
- AX88U; running 384.19
- Diversion Lite
- WireGuard as a server

should be disabled because dnsmasq acts as cache. if you run cache on dnscrypt-proxy, your responses will be lies between dnsmasq and the client as dnsmasq would have cached your earlier responses from dnscrypt-proxy. Basically there is no reason to run 2 cache as dnsmasq is efficient enough to act as cache, there is no reason for dnscrypt-proxy to do useless work and the responses between the dnsmasq and the client turn out to be lies or false.

In your case, you would have to tell dnsmasq to not act as cache if you wish to use dnscrypt-proxy to be cache or you run the risk of cached responses from dnsmasq to the client to be lies. You would not be able to effectively use diversion if you disable dnsmasq cache. The best option is to not use dnscrypt-proxy as cache.
 
Last edited:
should be disabled because dnsmasq acts as cache. if you run cache on dnscrypt-proxy, your responses will be lies between dnsmasq and the client as dnsmasq would have cached your earlier responses from dnscrypt-proxy. Basically there is no reason to run 2 cache as dnsmasq is efficient enough to act as cache, there is no reason for dnscrypt-proxy to do useless work and the responses between the dnsmasq and the client turn out to be lies or false.

In your case, you would have to tell dnsmasq to not act as cache if you wish to use dnscrypt-proxy to be cache or you run the risk of cached responses from dnsmasq to the client to be lies. You would not be able to effectively use diversion if you disable dnsmasq cache. The best option is to not use dnscrypt-proxy as cache.
BTW the installer sets it to false. Hopefully that is enough to tell you bigeyez stance as he was the one who added that as default.
Understood. Thanks for the explanation.
Any link I can read up on the explanation of dnsmasq configuration file?

What I am looking to change is the min-TTL value of the cache? And it appears that I will need to change this value in dnsmasq rather than dnscrypt-proxy. Any help as to which file I edit and make it stick after reboot?
 
Just a question, what exact does this script do (as it's not explained in post 1).

I do use OpenDNS.
 
Just a question, what exact does this script do (as it's not explained in post 1).

I do use OpenDNS.
This script installs and manages dnscrypt-proxy on merlin asuswrt routers. Dnscrypt-proxy is a dns proxy that uses DoH and dnscrypt protocols/servers to serve dns to clients that are connected to the router. Basically it uses protocols that are classified as DNS Privacy. DNS Privacy protocols focus around encrypting the DNS traffic between you and the domain name server you are using. This encryption is there to prevent manipulation and spying on your DNS traffic by those who wish to do you harm, gain advantage, or control over you. Note this only protects your traffic between you and the dns server. It does not guarantee that the DNS service provider you are using has your best interest or is trust worthy. Also, it does not mean that your internet service provider cannot see your traffic either.
 
Last edited:
This script installs and manages dnscrypt-proxy on merlin asuswrt routers. Dnscrypt-proxy is a dns proxy that uses DoH and dnscrypt protocols/servers to serve dns to clients that are connected to the router. Basically it uses protocols that are classified as DNS Privacy. DNS Privacy protocols focus around encrypting the DNS traffic between you and the domain name server you are using. This encryption is there to prevent manipulation and spying on your DNS traffic by those who wish to do you harm, gain advantage, or control over you. Note this only protects your traffic between you and the dns server. It does not guarantee that the DNS service provider you are using has your best interest or is trust worthy. Also, it does not mean that your internet service provider cannot see your traffic either.
@SomeWhereOverTheRainBow :
- Would you mind explaning Unbound the same way?
- Especially how does Unbound compare for the last few lines of your comment above.
... Would be much appreciated.
 
@SomeWhereOverTheRainBow :
- Would you mind explaning Unbound the same way?
- Especially how does Unbound compare for the last few lines of your comment above.
... Would be much appreciated.
Well unbound and dnscrypt-proxy are unrelated. Dnscrypt-proxy uses the concept of DNS-Privacy, while unbound uses dns obfuscation. With the dnsprivacy concept your traffic is encrypted between you and a DNS service provider and you place your trust in the provider for accurate information while still keeping that information private from outside prying eyes. Your DNS service provider gives you the responses about domains you request. With unbound, I use the term Dns obfuscation because when you use unbound you are acting as your own DNS server traveling the path of the domain asking root servers for information about the domain. You are your own server. Obviously with unbound your responses are in clear text, but you don't have to worry about trusting another dns server for responses since you are your own server. Your ISP can still sniff out your DNS traffic, but through obfuscation security features of unbound your traffic may not easy be to track, follow, or understand. This same logic applies to outside prying eyes- your traffic can be seen, but may not be easy to track, follow, or understand.
 
Last edited:
@SomeWhereOverTheRainBow :
- Would you mind explaning Unbound the same way?
- Especially how does Unbound compare for the last few lines of your comment above.
... Would be much appreciated.
If you need a more detailed response please feel free to check out this thread
https://www.snbforums.com/threads/r...ility-for-unbound-recursive-dns-server.61669/
there are plenty of knowledgeable unbound users that can highlight more about Dnscrypt-proxy, DNS-privacy, and Unbound.
 
Well unbound and dnscrypt-proxy are unrelated. Dnscrypt-proxy uses the concept of DNS-Privacy, while unbound uses dns obfuscation. With the dnsprivacy concept your traffic is encrypted between you and a DNS service provider and you place your trust in the provider for accurate information while still keeping that information private from outside prying eyes. Your DNS service provider gives you the responses about domains you request. With unbound, I use the term Dns obfuscation because when you use unbound you are acting as your own DNS server traveling the path of the domain asking root servers for information about the domain. You are your own server. Obviously with unbound your responses are in clear text, but you don't have to worry about trusting another dns server for responses since you are your own server. Your ISP can still sniff out your DNS traffic, but through obfuscation security features of unbound your traffic may not easy be to track, follow, or understand. This same logic applies to outside prying eyes- your traffic can be seen, but may not be easy to track, follow, or understand.
Thank you for the explanation. Much appreciated.

As I understand it, the implementation of DNS & caching on the router is as such.
- DNSCrypt-proxy: Addresses returned by DNSCrypt; but caching continues to be managed by DNSMasq
- Unbound: Addresses returned by Unbound; caching is also managed by Unbound

Reason I say this is because the dnscrypt-proxy installer script explicitly sets the cache parameter to false (dnscrypt-proxy.toml file)

... or is my understanding incorrect and in both cases, caching is still managed by DNSMasq?
 
Last edited:
Thank you for the explanation. Much appreciated.

As I understand it, the implementation of DNS & caching on the router is as such.
- DNSCrypt-proxy: Addresses returned by DNSCrypt; but caching continues to be managed by DNSMasq
- Unbound: Addresses returned by Unbound; caching is also managed by Unbound

Reason I say this is because the dnscrypt-proxy installer script explicitly sets the cache parameter to false (dnscrypt-proxy.toml file)

... or is my understanding incorrect and in both cases, caching is still managed by DNSMasq?
In both cases caching is done by dnsmasq unless it is disabled in dnsmasq. With dnscrypt-proxy installer dnscrypt-proxy cache gets disabled by default so dnsmasq can do the appropriate caching without conflict since dnsmasq is set to cache by default.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top