Entware DNSCrypt-Proxy V2 on DDWRT

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
blaser
DD-WRT Guru


Joined: 16 Jul 2006
Posts: 525

PostPosted: Wed Nov 13, 2019 19:37    Post subject: Reply with quote
Alozaros wrote:
blaser wrote:
Using Asus RT68U with Kong version 39660.
Followed all the installation instructions and configured as follows above standard configuration
server_names = ['cs-useast']
listen_addresses = ['127.0.0.1:30']

when trying to start the service getting failed.
Any ideas where to look?


you have to use only V2 compatible servers...
if you check the list you will see only few support v2
the rest with ver 1.95 support, will not work with v2 as they are not downward compatible...totally different !!

if you follow the guide and your router CPU is supported and has enough power than it will work...otherwise use
stubby or unbound as DNS encrypted alternative...



I modified the file to use Alozaros setup

server_names = ['dnscrypt.uk-ipv4', 'dnscrypt.nl-ns0']
listen_addresses = ['127.0.0.1:30']
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
require_dnssec = true
doh_servers = false
fallback_resolver = '9.9.9.9:53'

just to test and it failed too.

_________________
Netgear R9000 main router
RAX80 as AP
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Nov 14, 2019 8:16    Post subject: Reply with quote
do you have a NTP time correct ??
set your time zone and use this IP for NTP
216.239.35.4

otherwise check your firewall iptables rules,
do you have a DNSmasq rules that might interfere..
and last resort as there is no wiki i cant check your router CPU specs, make sure DNScrypt-proxy v2 is supported...

do you use NANO to edit, make sure spacing is correct..

if i have a time i ll try to set it again on my
R7000 and will report so far i use DoT on it and its fine..

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
blaser
DD-WRT Guru


Joined: 16 Jul 2006
Posts: 525

PostPosted: Thu Nov 14, 2019 16:20    Post subject: Reply with quote
Alozaros wrote:
do you have a NTP time correct ??
set your time zone and use this IP for NTP
216.239.35.4

otherwise check your firewall iptables rules,
do you have a DNSmasq rules that might interfere..
and last resort as there is no wiki i cant check your router CPU specs, make sure DNScrypt-proxy v2 is supported...

do you use NANO to edit, make sure spacing is correct..

if i have a time i ll try to set it again on my
R7000 and will report so far i use DoT on it and its fine..


I decided to install dnssec from the beginning, now it starts, I'm all set, I checked which dns I'm using and looks like it picks the correct DNS

_________________
Netgear R9000 main router
RAX80 as AP
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Thu Jan 23, 2020 5:00    Post subject: R7000 v1 dnscrypt proxy2 not starting Reply with quote
Tried installing dnscrypt-proxy2-nohf today by following the guide. Facing issues while starting it with rc.unslung /opt/etc/init.d/rc.unslung start says started. but process is not running tried executiing rc.unslung start multiple times always says started then process stops. Any idea what could have gone wrong?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Thu Jan 23, 2020 14:11    Post subject: Re: R7000 v1 dnscrypt proxy2 not starting Reply with quote
amr_adn wrote:
Tried installing dnscrypt-proxy2-nohf today by following the guide. Facing issues while starting it with rc.unslung /opt/etc/init.d/rc.unslung start says started. but process is not running tried executiing rc.unslung start multiple times always says started then process stops. Any idea what could have gone wrong?


Have you done the toml config file part correctly...?
Did you configure only dnscrypt-proxy2 capable servers??
Otherwise its not working along with old version 1.95 servers...
Do you have NTP time server?
Is NTP time working...?
What is your current build..??
I dont use dnscrypt-proxy2 anymore, as ive found stubby as less troublesome, and takes less resources...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Fri Jan 24, 2020 2:32    Post subject: Reply with quote
I configured the toml file

below is my config
listen_addresses = ['127.0.0.1:54', '[::1]:54']
server_names = ['google', 'cisco', 'cloudflare']
fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53']
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nofilter = true
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Fri Jan 24, 2020 2:38    Post subject: Reply with quote
Also under dnsmasq additional options
no-resolv
all-servers
strict-order
server=/time.google.com/8.8.8.8
server=127.0.0.1#54
quiet-dhcp
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Fri Jan 24, 2020 2:45    Post subject: Reply with quote
I used date -u and date commands to see the time. Time is correct and I checked the syslogd logs it is using correct ntp server time.google.com I tried pool.ntp.org as well. Nothing changed. Still dnscrypt is stopping after starting.
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Fri Jan 24, 2020 2:48    Post subject: Reply with quote
My build is DD-WRT v3.0-r40270M kongac (07/11/19)
amr_adn
DD-WRT Novice


Joined: 05 Feb 2013
Posts: 8

PostPosted: Fri Jan 24, 2020 5:32    Post subject: Reply with quote
Tried same steps on 39960 kong AC still same issue

root@DD-WRT:/opt/etc/init.d# ./S09dnscrypt-proxy2 start
Starting dnscrypt-proxy... done.
root@DD-WRT:/opt/etc/init.d# ./S09dnscrypt-proxy2 check
Checking dnscrypt-proxy... dead.
root@DD-WRT:/opt/etc/init.d#

for now I will stick to my raspberry pi which already has dnscrypt proxy2 running with pihole. I wanted to use my pi for other router so I was trying to install entware on dd-wrt on netgear R7000. Looks like it will not work
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Jan 24, 2020 9:01    Post subject: Reply with quote
amr_adn wrote:
Tried same steps on 39960 kong AC still same issue

root@DD-WRT:/opt/etc/init.d# ./S09dnscrypt-proxy2 start
Starting dnscrypt-proxy... done.
root@DD-WRT:/opt/etc/init.d# ./S09dnscrypt-proxy2 check
Checking dnscrypt-proxy... dead.
root@DD-WRT:/opt/etc/init.d#

for now I will stick to my raspberry pi which already has dnscrypt proxy2 running with pihole. I wanted to use my pi for other router so I was trying to install entware on dd-wrt on netgear R7000. Looks like it will not work


hmmm did you follow this guide to install entware ??
https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware

did you install the dual core arm version or the broadcom one ?
back in the days on the same Kong build dnscrypt-proxy v2 was working flawlessly...

p.s. try those settings

server_names = ['dnscrypt.uk-ipv4', 'dnscrypt.nl-ns0']
listen_addresses = ['127.0.0.1:30']
max_clients = 250
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
doh_servers = false
require_dnssec = true
require_nolog = true
require_nofilter = false
disabled_server_names = []
force_tcp = false
timeout = 2500
keepalive = 30
refused_code_in_responses = false
cert_refresh_delay = 240
fallback_resolver = '9.9.9.9:53'
ignore_system_dns = false
netprobe_timeout = 60
block_ipv6 = false

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Mon Apr 27, 2020 20:48    Post subject: Reply with quote
If a server isn't specified does that mean that it will randomly select servers?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Tue Apr 28, 2020 6:11    Post subject: Reply with quote
johnnyNobody999 wrote:
If a server isn't specified does that mean that it will randomly select servers?


if server is not specified it will not work...
if you have a bunch of servers it will use the first than...

in fact you are scouting the options, unbound, stubby, dnscrypt and if security is your goal, the last one is most secure, sadly it needs more understanding and carefully setting it...than stubby...same is for unbound it needs more understanding of the matter...
personally i was using DNScrypt v2 for a while than moved to stubby..the reason was i needed a light solution...and DNScrypt v2 can be blocked by ndpi filter, if you use it as it is, unless you use DoH option in it......while stubby or unbound are FBDS (firewall bypassing dns solution) Wink

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Tue Apr 28, 2020 14:59    Post subject: Reply with quote
Alozaros wrote:
johnnyNobody999 wrote:
If a server isn't specified does that mean that it will randomly select servers?


if server is not specified it will not work...
if you have a bunch of servers it will use the first than...

in fact you are scouting the options, unbound, stubby, dnscrypt and if security is your goal, the last one is most secure, sadly it needs more understanding and carefully setting it...than stubby...same is for unbound it needs more understanding of the matter...
personally i was using DNScrypt v2 for a while than moved to stubby..the reason was i needed a light solution...and DNScrypt v2 can be blocked by ndpi filter, if you use it as it is, unless you use DoH option in it......while stubby or unbound are FBDS (firewall bypassing dns solution) Wink


Yep, there's a lot of things that I need to research because there are a lot of things about the dd-wrt firmware and software (that runs on all platforms - like dnscrypt). There's a lot of options in the dd-wrt firmware and I have no idea when to use most of them and info is hard to come by. I'm currently using dnscrypt2 and unbound on a PC in order to get familiar with them before trying to use them on the router. I've noticed that the unbound.conf has a lot of stuff in it including a section for dnscrypt. None of the dnscrypt section is enabled but dnscrypt is working. So, why is there a dnscrypt section in that file? Knowing how all this stuff interacts with each other is somewhat of a mystery. But, it gives me something to do. But the problem is that you can really mess things up and spend days trying to restore to a working system. Some of the log info is quite cryptic at times though. But, I'm getting better at not messing up stuff. It's nice to have options but hopefully someone with come up with with simpler solutions in the future. Too many options can cause someone to not make a decision (like when buying a car or TV or oven or whatever).
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14125
Location: Texas, USA

PostPosted: Fri May 01, 2020 20:35    Post subject: Reply with quote
Friendly reminder: Unless it's something to fix the how-to, this is not a helpdesk thread.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Goto page Previous  1, 2, 3, 4, 5, 6  Next Display posts from previous:    Page 3 of 6
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum