[Foxgoku]

I am running version 3.0 r47644 on a R7000P and I am trying to add a couple servers/locations that are not listed in the DNSCrypt dropdown list. Looking for a way to do this. I was trying to do this via terminal, but I am getting an error when trying to ammend the /etc/dnscrypt/dnscrypt-resolvers.csv file, saying it is a read-only filesystem. Thanks in advance for any help.

So far I've tried:
-copying the file, making the changes and then copying it back to the location. Can't save back to file location.
-making the changes via 'vi' to the csv direcly. Cannot save, read only.
-copying the file and making changes to that one, cannot copy the file.

[SurprisedItWorks]

See the DNSCrypt links in my sig. May give you some ideas. Those approaches are still working here.

[Foxgoku]

[SurprisedItWorks]

Perhaps the easiest way to have VPN connection fail when using a DNSCrypt setup is to have it looking to resolve a server name like myserver.vpnprovider.com before the DNSCrypt DNS system is up and ready for action. If you are using OpenVPN, it will normally wait a while and try again, and if it still fails, it will rinse and repeat but with longer and longer wait intervals. Eventually it's waiting 5m between tries, so you may have to be patient to see it succeed. I normally include this in the OpenVPN client's Additional Config to make it easier to look at the log (assuming you are linux person comfortable with the CLI):

verb 4
log /tmp/root/vpn.log

That file is in your home directory in the CLI, so in the CLI you can just cat vpn.log to dump the log to the terminal. Setting the verbosity level to 4 (default is 3) puts more detail in the log.

Or, if you are using wireguard or don't want to make OpenVPN wait for DNSCrypt startup, you can add something like

server=/myserver.vpnprovider.com/9.9.9.9

to DNSMasq Additional Options so that myserver.vpnprovider.com will always be resolved via DNS server 9.9.9.9 but without going through DNSCrypt. It will of course mean a DNS-snooping/logging ISP will get myserver.vpnprovider.com for their log, but if they really care what you connect to they can of course look at any encrypted packet you are sending off to myserver.vpnprovider.com and get the numerical IP. If this mild level of revelation bothers you, just go with a numerical IP for the server.

[Alozaros]

if you call DNScrypt form a start up script you may add

sleep 20

on the top of the script..so it ill delay script loading, but than again VPN need DNS to resolve its address unless its not an IP..as well DNScrypt needs correct NTP time...

bear in mind if using DNScrypt via start up script you need to disable the DNScrypt GUI option

if you need more advanced DNScrypt check the green link in my sig

[Docop1]

Here is the config i used last year. i just update to 15nov version and got as many some 5g issues. will check later for dnscrypt, as no DoH or DoT is present. But you can force some server, but this is with the older dnscrypt version. need to check if new server do work the same or get up directly. Got 2 post about the full config. but here the startup section :