Posted: Wed Apr 05, 2023 2:59 Post subject: Tor and Squid autostart?
Hi there,
I'm wondering how I get Tor and Squid to auto-start from entware.
I believe the commands I want to issue are "squid -d 1" and "tor -f /opt/etc/tor/torrc"
I've tried putting those into my startup but it appears to be not working, tried cron, nothing seems to work except manual login and command line start.
I'd also like to know how to auto-start DNSCryptproxy-2 with a working custom config file that tells it to use the tor network, as the built-in entware one gives me major hiccups.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Apr 05, 2023 4:41 Post subject:
DNSCryptproxy-2 via entware works ok make sure your Entware instalation is ok...for more info about
DNSCryptproxy-2 click green link in my signature... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
DNSCryptproxy-2 via entware works ok make sure your Entware instalation is ok...for more info about
DNSCryptproxy-2 click green link in my signature...
Thanks, yeah I found that dnscryptproxy wouldn't load my config file, not sure why not.
Had to add heaps of #'s infront of every line :/ - with default entware .toml.
root@DD-WRT:/opt/etc# dnscrypt-proxy /opt/etc/dnscrypt-proxy.toml
/opt/etc/dnscrypt-proxy.toml:42:1: property not found line 42: [listen_addresses = ['127.0.0.1:30']].
Wed Apr 5 21:39:10 2023 [ERROR] Unable to read the configuration file
Wed Apr 5 21:39:10 2023 [ERROR] Unable to start the proxy
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Apr 05, 2023 11:55 Post subject:
you have to use its default .toml file just edit the values as they should look
toml file is very specific and small change in intervals or any incorrect value i will not work
the bad thing is on some updates it can depreciate ot change values or add spaces and you have to
manually edit your settings again…it is very touchy picky thing i moved to smartdns on that device i used
dnscrypt _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Ok figured this out.
With entware, it's all about the files in /opt/etc, and /opt/etc/init.d/rc.unslung restart will restart the services.
Running by command line over ride vs actual proper config files doesn't work as well.
Re DNSCrypt, probably easiest to run the inbuilt one, as the entware config files give me major issues on a Broadcom Northstar Prototype based cpu.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Wed Apr 05, 2023 21:18 Post subject:
did you install broadcom entware version or arm based dual core version as this is the correct one for R7000
and this line that restarts opt scripts you save in usb script so it will be-called when usb is up
do we know your router and firmware number ? there you go you must start with it as we
cant guess it and help gets down to zero…as it gets messy _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
did you install broadcom entware version or arm based dual core version as this is the correct one for R7000
and this line that restarts opt scripts you save in usb script so it will be-called when usb is up
do we know your router and firmware number ? there you go you must start with it as we
cant guess it and help gets down to zero…as it gets messy
Dual core Broadcom Northstar Prototype - Linksys XAC1900 EA6900 DDWRT 51140
Ah, usb script.
Good to know what that's for, thanks Alozaros.
Currently I'm pretty happy with adblock filter ipv6 for dnscrypt redirected on port 30 from dnsmasq, but was wondering if there are advantages to running DNS through the TOR network as tcp via the socks proxy?
sadly the opkg updates are http, but all the entware thing is about a great level of trust as its been build and maintained by Russians... for free... But many of us are finding it quite useful
its also synch with OpenWRT, so updates are not always on time, when the new binaries updates are up..also not all the stuff get updated to their last versions... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
sadly the opkg updates are http, but all the entware thing is about a great level of trust as its been build and maintained by Russians... for free... But many of us are finding it quite useful
its also synch with OpenWRT, so updates are not always on time, when the new binaries updates are up..also not all the stuff get updated to their last versions...
Mmm. Well it's a great resource, no doubt about that.
I'm more worried about misconfigured entware packages ie tor/squid/etc allowing anyone on the internet to connect, vs deliberate hacks, it is, ofcourse, free software and it's our job to make sure it's set up properly for us and default config needs vary widely.
I think the reason to use the patch installer is so that you use secure https for dl's all the time with entware, as compared to internal stuff rolling back to not secure port 80.
I suspect that caching servers/ssl bumps can lead to systems being compromised, even if the source is clean.
It's lead me to a tiny bit of wonder if my (borrowed) http blocklist could be a way for someone to insert some dodgy dns resolution, but probably not. Works better than https.
Re dnscrypt, yeah it has the option to push stuff through a tor proxy, is that a good or bad thing to turn on?
And back to my main question.
how do you autoexecute specific commands in entware, as compared to the full config files?
I'm okay with full config files now, but, it's probably worth knowing.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Fri Apr 07, 2023 8:18 Post subject:
the thing with entware packages is some of them may need special configs to make them work as intended
and it could be very difficult to find or adapt the correct cmds
as far as checking security of entware packages…there are many ways for it… _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913