Posted: Tue Aug 06, 2019 15:43 Post subject: Entware DNSCrypt-Proxy V2 on DDWRT
Here's my example of Entware's DNScrypt-Proxy V2 on R7000 & R7800 using Cisco Servers
I tested Entware DNScrypt-Proxy V2 on 2 routers
- R7000 with Kongac Build 39855M (also working on DDWRT 43217)
- R7800 with Kongat Build 39855M (also working on DDWRT 43217)
For the R7000 & R7800 I used the ARMv7 based installation given in the DD-WRT Wiki (Link from above). My configuration example will be based on Content Filtering with Cisco Servers.
Once Entware is installed you will need install the correct DNScrypt-Proxy V2 package for your router.
- For the R7000 in CLI run "opkg install dnscrypt-proxy2_nohf" without quotes.
- For the R7800 in CLI run "opkg install dnscrypt-proxy2" without quotes.
- I also use YAMon3 and also ran in CLI "opkg install ip-full" without quotes
I also needed to edit /opt/etc/dnscrypt-proxy.toml (I also made a back up of the original file). There are many settings in the file but only configured the following to use Cisco Servers...
- server_names = ['cisco', 'cisco-ipv6']
- listen_addresses = ['127.0.0.1:30', '[::1]:30']
- ipv6_servers = true
- require_nofilter = false
- fallback_resolver = '208.67.220.220:53'
Since I'm using ip-full with YAMon3 I also edited /opt/YAMon3/config.file and changed the these setting to _path2ip='/opt/sbin/ip' & _includeIPv6='1' and restarted YAMon3.
I also edited DNSMasq in the GUI...
- Enable No DNS Rebind
- Addition Options
no-ping
no-resolv
all-servers
domain-needed
server=/ntp.org/208.67.220.220
server=127.0.0.1#30
server=::1#30
quiet-dhcp
To start DNSCrypt-Proxy V2 here my startup commands:
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Aug 07, 2019 9:43 Post subject:
great guide all is working as described by mac913
few Q points:
this guide works only with DNScrypt v2 and uses only v2 public servers,
all those i tested non v2 ware not working...
i used those settings in /opt/etc/dnscrypt-proxy.toml
*do notice to set the server_names = you have to delete/uncomment the # (hashtag) its very on the top
also DNScrypt GUI option must be disabled
in my Additional DNSmasq rules
Basic Setup>Time Settings>Server IP/Name 216.239.35.4
resolving NTP time is vital for DNScrypt operation...
make sure you have a valid/working static DNS...
save to USB script
sleep 10
/opt/etc/init.d/rc.unslung start
---------------------------------------------------------
to use an old DNScrypt version 1.95 instead, still present on (R7800) builds
and be able to use all non v2 DNScrypt public servers i used this guide by mac913 too
*do notice this do not require any entware installation"
----------------- GUI encrypt DNS options needs to be turned off/disabled add to Additional DNSmasq rules
no-resolv
domain-needed
server=127.0.0.1#30
server=127.0.0.2#30
*do notice those public resolvers used here are DNSSEC verified servers, you can use your favourite servers from
https://dnscrypt.info/public-servers/..., you can add as many as you want!! _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sun Feb 19, 2023 8:04; edited 6 times in total
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Sep 14, 2019 18:07 Post subject:
hmmm for some reason i cant't make it work on my
1043v2 (mipsel)unit, i use "opkg install dnscrypt-proxy2" but than i cant start it...
/opt/etc/init.d/rc.unslung start
it doesn't starts it...
do i need to make a start up script .sh like...
i don't remember how i deployed it on my R7800, but followed all the steps
above and it, was successful..sadly im away from that unit and the record how to... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Once Entware is installed you will need install the correct DNScrypt-Proxy V2 package for your router.
- For the R7000 in CLI run "opkg install dnscrypt-proxy2_nohf" without quotes.
- For the R7800 in CLI run "opkg install dnscrypt-proxy2" without quotes.
- I also use YAMon3 and also ran in CLI "opkg install ip-full" without quotes
There are 2 packages, are you using dnscrypt-proxy2_nohf for MIPSEL? _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sun Sep 15, 2019 9:31 Post subject:
nope i used the standard one that was compatible with Qualcomm R7800 "opkg install dnscrypt-proxy2" ...
should i use the other one instead...??
is opkg install dnscrypt-proxy2_nohf the right one for mipsel....??? i doubt ... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
nope i used the standard one that was compatible with Qualcomm R7800 "opkg install dnscrypt-proxy2" ...
should i use the other one instead...??
is opkg install dnscrypt-proxy2_nohf the right one for mipsel....??? i doubt ...
The "dnscrypt-proxy2" will not run on an R7000 what makes MIPSEL better? The "dnscrypt-proxy2" must have special instruction set that works on the R7800. The "dnscrypt-proxy2_nohf" build must have a reduced instruction set for SoC with less processing hardware in it.
My guess "_nohf" may mean No Hardware Floating point support, don't known. _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Mon Sep 16, 2019 16:55 Post subject:
A WR1043NDv2 is not an R7800. IPQ8065 with a Krait is not the lower-end Atheros. R7800 is an ARM processor, not a MIPS. I thought this was a known fact?
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Mon Sep 16, 2019 20:48 Post subject:
kernel-panic69 wrote:
A WR1043NDv2 is not an R7800. IPQ8065 with a Krait is not the lower-end Atheros. R7800 is an ARM processor, not a MIPS. I thought this was a known fact?
well to make clear, i know all of that...above
what i didn't know is, what was the meaning of nohf..
VARIANT:=nohf
DEPENDS:=@TARGET_armv7_3_2||@TARGET_armv7_2_6 +ca-bundle
now i know...about nohf....
i had a believe, it was Broadcom related only...
armv7_3_2 & armv7_2_6...is a Broadcom....
but that was a guess...
the other interesting bit is in my entware packages i can see only dnscrypt-proxyV2...
available...??
while dnscrypt-proxy2 requires only +ca-bundle and i do have it installed too
so that must be the right way...or im missing something???
so far, i made it work on R7000 and R7800
haven't made it yet, for 1043v2... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14248 Location: Texas, USA
Posted: Mon Sep 16, 2019 21:49 Post subject:
Does the disabled FPU issue affect Entware like it does Optware? .... That's the only thing I can think of, unless there is a separate package for MIPS.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Sep 18, 2019 17:26 Post subject:
well i already tried/succeeded with R7000 it was ok..
as well on R7800...
DNScryptv2 on TP1043v2 is my problem now ...
so far, DoT on it runs flawlessly..haven tried unbound, yet...
ON R7000 im a bit afraid to jump around different, 3 rd party's,
as they tend to screw CFE sometimes and im not willing to deal
with it..so far i tried Tomato on it...hmm was ok...
but DD-WRT seems kind of better and more updated...working or not...
sadly Kong's gone now...... a bit of a wonder what to do with R7000....and R7800
on R7800 OpenWRT is not my taste but tried it in the past, quite scatchy and things
ware not always working as intended... but it was a hail of a shit to
set via Luci...(that was pulling me away)...but once you find out, what it what
it was ok...
yep XWRT-Vortex on R7000 looks like a asuswrt-merlin https://www.asuswrt-merlin.net/
will be fun to try...is it safe i read it needed an updated CFE...
than it wont be that easy to go back to DDWRT...??? _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
The only reason I'm testing/playing with Xwrt-Vortex on the R7000 is that the ISP's IPTV Boxes only connect wirelessly via WPS (DD-WRT does not support it). I only loaded up the Firmware so I don't know if the CFE changed. Xwrt-Vortex latest release is on kernel 2.6 so I only plan to using it on internal networks. I too prefer DD-WRT.
From what I read (have not done it) going back to DD-WRT...
1) Factory Default Xrt-Vortex
2) Load Netgear Firmware
3) Factory Default Netgear
4) Load DD-WRT
5) Factory Default DD-WRT _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531