Thanks.
I'm re-reading the red link. It still takes me to the your successful post but it refers only to Atheros. Thanks for clarifying.
I'm running /opt on a usb at the moment so I need to read that wiki to before downloading and running these installation scripts for entware.
Thanks again.
for Stubby DNS over TLS, follow the red link in my signature...
Stubby requires Entware installation. There 3 different Entware instlalations...
Broadcom for Broadcom routers
Atheros for Atheros routers
For dual core ARM routers, as R7000 is...
once you have Entware installed setting up Stubby is the same for all installations...
if you update to a newer DDWRT build you can also use SmartDNS, as its has the same capabilities..for TLS encryption..and you don't need Entware installation, just USB jfff,
instead...(do keep in mind it requires more reading & understanding)
Greeting. I've managed to get Stubby working on my TPLink C7v4 build 44772 with just one problem. The startup script is fine and the stubby is loaded in memory. However, stubby isn't resolving any DNS. I have to restart the service/daemon manually (using the exact same startup script) to get stubby working.
I have openvpn server enabled. I see somewhere openvpn client posses a problem to the startup and adding 'sleep 10' should fix it nicely. I added 'sleep 10', but it didn't solve the problem. Also tried start, sleep 10, stop and start, no difference.
I wonder if you have come across such before.
Many thanks to take time to read my message.
--- Resolved ----
I found from syslog that stubby was started before the router time was synced. It turned out that 'sleep 10' was not enough for my router.
I calculated the time needed by the router to sync with NTP from the log, it is about 35 seconds from boot. So, I put 'sleep 40' and everything is wonderful again.
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Fri Apr 23, 2021 18:45 Post subject:
on the new builds pass 46xxx
you can add this line to start up script instead of sleep xx
is-mounted.sh /opt
it is checking the USB mount first and than executes what ever is there when its up and running..in this way you can avoid using sleep time command and adjusting it
you can give it a path to either /opt /jffs or /mnt.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I ma trying to install Entaware on usb on 7800 and follwomg the steps from page 3 of this post.
However, I keep getting the following after some downloads:
Info: Basic packages installation...
generic.sh: line 43: /opt/bin/opkg: Permission denied
generic.sh: line 44: /opt/bin/opkg: Permission denied
cp: can't stat '/opt/etc/shells.1': No such file or directory
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Wed Jan 26, 2022 13:11 Post subject:
hifiboy wrote:
I ma trying to install Entaware on usb on 7800 and follwomg the steps from page 3 of this post.
However, I keep getting the following after some downloads:
Info: Basic packages installation...
generic.sh: line 43: /opt/bin/opkg: Permission denied
generic.sh: line 44: /opt/bin/opkg: Permission denied
cp: can't stat '/opt/etc/shells.1': No such file or directory
i've no idea what you are doing, as you didn't post all your actions...following this guide at page 3, post 10 may bring you to a wrong end if you don't read it carefully, as well read the Entware install guide...
to save your effort:
for different routers there is a different Entware installation and this is vital...R7800 is dual core...
also USB must be ext2, 3 or 4, turned on and mounted to /opt...than you have to follow the guide... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
the abive link worked,
I followed exactly all steps on page three and it works.
How do I change the cloudfare to adguard family protection: On their site the link is as: tls://dns-family.adguard.com
How doi i edit the below to work with adguard do I replace -
GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 9.9.9.9
tls_auth_name: "dns9.quad9.net"
tls_port: 853
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
tls_port: 853
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Wed Jan 26, 2022 15:05 Post subject:
hifiboy wrote:
the abive link worked,
I followed exactly all steps on page three and it works.
How do I change the cloudfare to adguard family protection: On their site the link is as: tls://dns-family.adguard.com
How doi i edit the below to work with adguard do I replace -
GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 9.9.9.9
tls_auth_name: "dns9.quad9.net"
tls_port: 853
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
tls_port: 853
open stubby config file .yml with nano
and replace IP at - address_data:
and the other line should look like
tls_auth_name: "dns-family.adguard.com"
make sure when you edit .yml file to not put an extra spaces/interval or anything else,
try to keep it in the same order .yml its very prone/sensitive to wrong tabs and spaces, it will not work otherwise...
once you finish with editing press ctrl+x to save the file and
type in CLI+enter:
/opt/etc/init.d/rc.unslung restart _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Wed Jan 26, 2022 17:39 Post subject:
yep read the document, but stick to the settings i posted in the guide, as those are the most optimised and correct one, so far...
There are some lines that are not in the default config, but those are needed in order to function correctly... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 01 Feb 2016 Posts: 54 Location: Oregon, U.S.
Posted: Mon Jan 31, 2022 15:21 Post subject: A different STUBBY problem
I am running r48081 on a WRT1900AC v1.
Installed stubby using opkg install stubby.
I was given stubby v0.4.0 and GetDNS v1.7.0.
I followed the guide listed in the red link of your SIG. I have created the S61stubby.sh file and placed it in /opt/etc/init.d with execute permissions.
[Note: I had to remove the period & space '. ' from the last line otherwise rc.unslung kept crashing with "rc.func not found"]
I have successfully created stubby.yml for use with SAFEDNS.COM. I had to remove the 'tls_pubkey_pinset:' section from SAFEDNS config file they provided to make it work.
Here is my problem.
I can use SSH command line to start stubby by typing 'stubby -g' and the sevice starts and runs without error until the router reboots. For some strange reason stubby WILL NOT start from a script such as S61stubby.sh, nor can it be started from the start section of the Administration tab.
I have tried having a SSH session open while the router is starting up then running the 'top' command and
'stubby -g -v 5 -C /opt/etc/stubby/stubby.yml' never shows up in the running processes meaning the S61stubby script failed. The /opt/var/log/stubby.log has yet to be created.
You also cannot start stubby from the command box using
Code:
stubby -g
at the Adminstration tab without getting "sh: eval: line 0: stubby: not found." Not found? Okay???
But all you have to do is start an SSH session and type "stubby -g" and everything works just fine. I give up.
Any ideas how to make stubby start during router start up?
Is this a Entware problem? Maybe a missing configuration for stubby?
Having to manually start it each time from SSH kind of defeats the whole purpose of installing it.
Here's a tip: Try using "stubby -h" for help and another great option is -i to validate your config files including stubby.yml. This is where I found the command line arguments and discovered that the tls_pubkey_pinset was not needed.[/code][/img]
Joined: 18 Mar 2014 Posts: 12904 Location: Netherlands
Posted: Mon Jan 31, 2022 16:00 Post subject:
You should not use the Command box to actually run things only very simple commands works.
Run things from the CLI.
Place things you want to run when teh router boots in Command box and then save as Startup or better save as USB in your case (as it must run from USB I assume).
If you use save as Startup then the commands run while the USB is not up so cannot be found.
To mitigate this as first line us:
is-mounted /opt
or
sleep 30
The is-mounted utility loops until /opt is available but not all routers have it, instead use sleep 30 to wait 30 seconds
Joined: 01 Feb 2016 Posts: 54 Location: Oregon, U.S.
Posted: Tue Feb 01, 2022 4:15 Post subject: Thanks for listening....boy was I wrong
Well I have finally figured that I do not have a any sort of a problem with Entware or Stubby.
It would seem the problem lies with something in the the R48081 build for this router.
Later on in the day I discovered my custom SSL certificate for the webUI was not working. That's clue number one.
I started trouble shooting the startup script. I noticed that neither rc.unslung or binds-on-mount.sh scripts were executing. So I added a log message command to the each script, including the startup. None of those messages ever appear in SYSLOG. Clue number two.
Now I'm curious and started testing my firewall rules by trying to connect to prohibited destinations. None of the 15 firewalls rules I have entered in the FIREWALL box work. (Huh?) So now I open an SSH session and display the current running firewall rules. None of the 15 rules listed in the Firewall box are present. Clue number three.
So now I have a fair hunch that absolutely nothing entered on the COMMAND tab of the Administration page is being executed at bootup.
So now I have an evil idea.
I saved the following into the startup script:
Code:
erase nvram && reboot
Figuring what do I have to lose? Other than resetting the configuration and start over, nothing. I power cycled the router. Nothing happened. I pressed the reset button. Nothing happened. I rebooted the router at least 10 times. The startup script never executed. Hmmm??? Has the erase nvram command been blocked from being run in the startup script? Maybe???
Now I changed the startup script to something far less sinister such as:
Code:
sleep 60
touch /opt/var/log/testlog-0131.log
Rebooted another 10 times. The file testlog-0131.log never appeared in the directory.
So that means I wasted over two hours chasing a problem that just turned out to be a small symptom of a much larger problem.
I'm off to nuke this install and start over. I'll test startup process prior to re-entering my entire config again.
Again this was DD-WRT v3.0-r48081 std (01/11/22) on Linksys WRT1900AC v1 w/ JFFS on USB storage & External HD via e-sata.