Posted: Sun Oct 22, 2017 10:26 Post subject: Standard DD-WRT contain built-in DNSCrypt?
I'm trying to decide what router to buy right now, or even if I need to. Whichever model I buy, I want to be able to use OpenVPN and DNSCrypt with it. I know DD-WRT has OpenVPN support, so I'm not too worried about that.
However, when I tried to search for posts of people talking about DNSCrypt, but all I found were people talking about the Kong mod of DD-WRT, which, as far as I can tell, supports far fewer models than the beta versions of DD-WRT on this site.
So I must ask: Do the beta versions of DD-WRT (specifically the ones at http://www.dd-wrt.com/site/support/other-downloads) have built-in support for DNSCrypt, or do I need to install another version like Kong's?
Finally, assuming OpenVPN and DNSCrypt are included, can they interact well together, and do they start up automatically when I power on the router, or do I have to add some special command to get them to work? I know routers have to be power cycled sometimes, and I don't want to have to run a command manually every time to start DNSCrypt or OpenVPN, as I have people who don't know how to do these things using the router when I"m not around.
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Sun Oct 22, 2017 10:33 Post subject:
yep, you read it wright Kong builds have DNSCrypt on it
as well be wise with your choice especially for VPN support
you 'd need a powerful router, to get a good performance look for dual core CPU routers...so far Kong's best support
is Netgear R line like R6400, R7000, R7500, R7800, R9000
so they go in that graduate way for price/performance as well....of course Brain Slyer supports those devices too
so he has his own firmware interpretation too you can try them both, so far Kong personally test's all builds related to Netgear and especially few ....while BS relays on public test after new build is available...
for Kong builds and supported devices look here:
http://www.desipro.de/ddwrt/
read all read me files in Kongs directory
and yep OpenVPN and DNSCrypt can work together but you have to read how to and find your way there are tons of discussions how to look on ggl or youtube or look at the forum
each VPN provider has his own settings scripts or variables that have to be set up on the main GUI and than they suppose to work even after restart, all settings are kept on the nvram so no need to touch them once they are up an running, well sometimes when there are new firmware updates you might need to fiddle with them again and either create new pair keys or add some new variables but this is only when new firmware comes up and you want to change your current one...nothing is easy but with some reading here and there you will get some light
good luck _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Mon Oct 23, 2017 2:59 Post subject:
I am not sure if it works or not, but the options are there for DNSCrypt on BS's newest build on my WRT3200ACM and WRT1200AC. _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Ok, I can use Kong's version just to be safe. Let's say I buy the Netgear R7000, which Kong's site (is his site http://www.desipro.de/ddwrt/K3-AC-Arm/Supported%20Models ? It looks like his site, but there's no authoritative source that mentions it so I'm not sure) says is compatible with his version.
Should something go wrong, is the procedure for reverting from Kong's DD-WRT to stock the same as reverting from BS's DD-WRT to stock? I don't know exactly how to revert, but I assume you just flash the stock firmware file downloaded from the manufacturer's site.
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Mon Oct 23, 2017 4:55 Post subject:
Yes, that is his site. As far as reverting on an R7000 I do not know, but you should be able to find the answer in the Broadcom forum. _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Mon Oct 23, 2017 7:30 Post subject:
so if you are planning to use VPN do keep in mind that R7000 and R6400 are the lowest grade by performance/CPU/price, as VPN is CPU intensive procedure its recommended to have more CPU power,so the best price/performance/cpu value goes to R7800, you can find it on decent price on Ebay or Amazon even second hand....So far my R7000 does great for a home needs, before that it was my business router and was ok too
reverting back to stock is easy just use those revert files...in Kongs directory
just to let you know, although stock firmware has good set of features for me it's was actually shit and full of bugs and security holes, while in DD-WRT some of those features are not present and DD-WRT uses software NAT instead of hardware...
recently SFE was implemented (hardware NAT) and DD-WRT WAN to LAN performance is increased, so even R7000 has a good WAN performance now, the only downside of it... SFE does not operate with QoS turned on, if you want to use it.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 16 Nov 2015 Posts: 6445 Location: UK, London, just across the river..
Posted: Fri Mar 02, 2018 7:45 Post subject:
yes it does work but depends on NTP time so make sure you
selected nearest NTP time server...
look at the bottom of basic settings...
if there is something wrong with NTP there wont be DNScrypt running... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913