Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon May 18, 2020 17:42 Post subject:
the only thing that comes to my mind is, spacing is different in win/linux, so when you install on router side manually edit toml file with nano....do not copy paste file... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
the only thing that comes to my mind is, spacing is different in win/linux, so when you install on router side manually edit toml file with nano....do not copy paste file...
I tried to run it manually (did not think of that earlier)
/opt/sbin/dnscrypt-proxy dnscrypt-proxy.toml
it returns with
[2020-05-18 23:15:23] [FATAL] Unsupported key in configuration file: [broken_implementations.fragments_blocked]
So I tried the above with the original toml file and it returned the same error.
So I commented out the fragments_blocked line and tried again.
This time it came back with
[2020-05-18 23:33:01] [FATAL] Unsupported key in configuration file: [tls_client_auth]
By default, the creds = is commented out so I commented out the [tls_client_auth] key
Then it had
[2020-05-18 23:36:15] [FATAL] Unsupported key in configuration file: [anonymized_dns.skip_incompatible]
So I commented that out.
This time it started but only ran for a few seconds and then stopped.
Even though I specify a log file for the application, none is created.
For my DNSmasq settings I have the following Enabled
Dnsmasq
Cache DNSSEC data
Validate DNS Replies (DNSSEC)
Local DNS
No DNS Rebind
Query DNS in Strict Order
The Additional Dnsmasq options field is blank, I have not added anything to it
Finally got the log file to work and the error is
UPDATED
[2020-05-19 01:52:02] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
LATEST UPDATE - NOW WORKING
changed the config to listen to PORT 30
added server=127.0.0.1#30 to Dnsmasq options
Did a dig debug.opendns.com txt - it returned encryption active.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Thu Jul 02, 2020 0:12 Post subject:
yep, not bad idea to do opkg update/upgrade periodically...
Entware guy said, he is updating the stuff once when its needed, but he doesn't always add the last versions, only the stable instead... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Fri Sep 25, 2020 6:36 Post subject:
yep there was an opkg update...recently...
i'm not using DNScrypt at the moment, nor ive test it it for a while, last time I set it on a client router...
mac913 could you tell me, is it working, as it should with the update...
for example my stubby bugged and i had to debug it...it turned up it needed to be adjusted to the new openssl 1.1.1g / 1.1.1h now
by any chance do you know what this line means in DNScrypt report its interesting : P
Firefox workaround initialized _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I'm currently using v2.0.44 with build 44467 on two R7800s. One R7800 it's using Cisco Servers and the other R7800 is using Quad9 Servers and is working fine.
As for the Firefox workaround check out the changlog:
https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/ChangeLog
I use FireFox as my main browser and I have no issues. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
I'm currently using v2.0.44 with build 44467 on two R7800s. One R7800 it's using Cisco Servers and the other R7800 is using Quad9 Servers and is working fine.
I don't know about Firefox workaround cause it is there since a while, last year it was there and btw I use edge as browser and I see firefox in my log
I'm currently using v2.0.44 with build 44467 on two R7800s. One R7800 it's using Cisco Servers and the other R7800 is using Quad9 Servers and is working fine.
I don't know about Firefox workaround cause it is there since a while, last year it was there and btw I use edge as browser and I see firefox in my log
Read the changelog link from my last post about the FireFox workarounds it's coded to all platforms, so I doubt it does anything in these routers since FireFox is not running on the router. It would make more sense that the FireFox Workaround would help platforms in PCs running Windows, Linux etc. along with DNSCrypt v2. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Once the service is started, it's failing with the following:
dnscrypt-proxy[9083]: Unable to retrieve source [public-resolvers]: [Get "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md": x509: certificate signed by unknown authority]
I have already installed/upgraded ca-bundle and ca-certificates from Entware. Why is the service ignoring that?
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Sep 28, 2021 8:35 Post subject:
x2s there are couple of reasons DNScrypt to not work...
-you installation is not correct, have a look at https://wiki.dd-wrt.com/wiki/index.php/Installing_Entware
-your configuration is not correct - click on green link in my signature
-your router may not work with DNScryptv2 as it requires more powerful CPU... for example it doesn't work on my @720Mhz mips CPU (1043v2)
-your NTP time is not correct...its vital for DNScrypt
-your servers of choice are not spelled correctly or something like...
-did you turned off the GUI option for DNScrypt (if you have one at all) you should disable it via GUI
-as egc noted above your build is very old...
As alternative to DNScrypt, you can choose between Unbound via USB, SmartDNS via /jffs on USB, or Stubby via /opt on USB (red link in my signature), also bear in mind Stubby is the easiest and light on settings/options, where Unbound has a solid config and SmartDNS it suppose to be fastest and smartest among all...
I personally use Stubby as it does very well... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
-your configuration is not correct - click on green link in my signature
-your servers of choice are not spelled correctly or something like...
I'm pretty experienced with DNSCrypt (although on different platform). Currently I'm just trying to launch the DNSCrypt service to see if reaches the normal state for further configuration, but the cert problem is stopping me from that.
Quote:
-your router may not work with DNScryptv2 as it requires more powerful CPU... for example it doesn't work on my @720Mhz mips CPU (1043v2)
hopefully it has enough power, provided the service actually starts...
Quote:
-your NTP time is not correct...its vital for DNScrypt
NTP is synced and the log confirms that
Quote:
-did you turned off the GUI option for DNScrypt (if you have one at all) you should disable it via GUI
it's disabled in the Services -> Services -> Dnsmasq section
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Sep 28, 2021 13:06 Post subject:
is your DNS working...do you have anything as an specific DNS in those 3 box's, and did you config no-resolv server=127.0.0.1#30
if you follow the config from the green link it should be working...the fact it's not retrieving something meant no DNS or internet connection...or a bad config in general...
As you said you are experienced, on what platform do you run it at obviously its not working at DDWRT you are trying atm... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913