Posted: Tue Feb 13, 2024 19:24 Post subject: RT-AC68U vA - DNSCrypt Resolver
Sorry long hiatus with Fresh Tomato but So Much More Help with DD-WRT!
Unable to setup DNSCrypt Resolver using TLS errors. I have spent much time trying to resolve this with various post on topic and multiple release. Perhaps I am not holding my breath right or there is just issue with hardware.
Feb 13 13:18:00 DD-WRT user.err smartdns: create icmp socket failed, Address family not supported by protocol
Feb 13 13:18:00 DD-WRT user.info : [smartdns] : successfully started
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up
Feb 13 13:18:00 DD-WRT user.info : [dnsmasq] : Error on startup, returncode 1
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Tue Feb 13, 2024 23:36 Post subject:
i dont see any DNSCrypt Resolver related stuff here ??
"Unable to setup DNSCrypt Resolver using TLS errors..." ??
not very clear what is happening here neither...
and the log says it all
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up
go and check 21 line take it out...
I smell misconfiguration....
SmartDNS and DNSCypt will not coexist together..along with DNSmasq...well it can, but its a nonsense... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Screenshots of configuration and certain other bits obtained via CLI would probably help discern the problem here. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
I did have a look at the guide you produced egc, however I was not successful in implementing. I suspect there is an issue with this device or perhaps some type of work around..
I did upload a zip file twice which included message log, dnsmasq.conf and smartdns.conf but there seems to be an issue on dd-wrt server end..It uploads 100% on my end, I am connected with paid vpn service, so I do not suspect it is being filtered at my end..
Posted: Wed Feb 14, 2024 13:46 Post subject: Re: RT-AC68U vA - DNSCrypt Resolver
stillaround2024 wrote:
Sorry long hiatus with Fresh Tomato but So Much More Help with DD-WRT!
Unable to setup DNSCrypt Resolver using TLS errors. I have spent much time trying to resolve this with various post on topic and multiple release. Perhaps I am not holding my breath right or there is just issue with hardware.
Feb 13 13:18:00 DD-WRT user.err smartdns: create icmp socket failed, Address family not supported by protocol
Feb 13 13:18:00 DD-WRT user.info : [smartdns] : successfully started
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up
Feb 13 13:18:00 DD-WRT user.info : [dnsmasq] : Error on startup, returncode 1
Server not accepting 7zip file with logs but does show 100% upload?? Raw text pasted.
-------------------
router ver RT-AC68U var
fw ver - DD-WRT v3.0-r55109 std (02/09/24)
kernel - Linux 4.4.302-st48 #10985 SMP Thu Feb 8 08:17:31 +06 2024 armv7l
Previous ver r54682 "same results"
mode - gateway router - Vlan 3/br1, Vlan 4/br2 (dhcp working) wlan 2.4 N only and no 5 ghz devices being used
jffs on defualt - usb never worked on this router and the v3 replacement is buggy across the board so it will hold samba
Update Method - default settings first reboot - then hard reset - pw change reboot -
root@DD-WRT:~#
root@DD-WRT:~# cd /tmp/var/log
root@DD-WRT:/tmp/var/log# ls
messages
root@DD-WRT:/tmp/var/log# cat messages
Feb 13 13:17:52 DD-WRT daemon.info ntpclient[1835]: Time set from 212.18.3.19 [212.18.3.19].
Feb 13 13:17:52 DD-WRT daemon.info process_monitor[1834]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Feb 13 13:17:52 DD-WRT daemon.info process_monitor[1834]: Local timer delta is 1707848247
Feb 13 13:17:52 DD-WRT daemon.debug process_monitor[1834]: Restarting cron (time sync change)
Feb 13 13:17:52 DD-WRT user.info : [cron] : daemon successfully stopped
Feb 13 13:17:52 DD-WRT user.info : [cron] : successfully started
Feb 13 13:17:52 DD-WRT daemon.debug process_monitor[1834]: We need to re-update after 3600 seconds
Feb 13 13:17:52 DD-WRT daemon.info process_monitor[1834]: [process_monitor] : set timer: 3600 seconds, callback: ntp_main()
Feb 13 13:17:52 DD-WRT cron.info cron[1863]: (CRON) STARTUP (fork ok)
Feb 13 13:17:52 DD-WRT daemon.info process_monitor[1834]: [process_monitor] : cleanup timers
Feb 13 13:17:52 DD-WRT user.info : [process_monitor] : daemon successfully stopped
Feb 13 13:17:52 DD-WRT user.info : [process_monitor] : successfully started
Feb 13 13:17:52 DD-WRT kern.alert kernel: [ 30.891314] fast-classifier: shutting down
Feb 13 13:17:52 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Feb 13 13:17:52 DD-WRT kern.alert kernel: [ 31.058312] fast-classifier (PBR safe v2.1.6b): starting up
Feb 13 13:17:52 DD-WRT kern.alert kernel: [ 31.064047] fast-classifier: registered
Feb 13 13:17:52 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Feb 13 13:17:53 DD-WRT kern.alert kernel: [ 31.527622] fast-classifier: shutting down
Feb 13 13:17:53 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully stopped
Feb 13 13:17:53 DD-WRT kern.info kernel: [ 32.341521] br0: port 2(eth1) entered forwarding state
Feb 13 13:17:54 DD-WRT user.info : [vpn modules] : vpn modules successfully unloaded
Feb 13 13:17:54 DD-WRT user.info : [vpn modules] : nf_conntrack_proto_gre successfully loaded
Feb 13 13:17:54 DD-WRT user.info : [vpn modules] : nf_nat_proto_gre successfully loaded
Feb 13 13:17:54 DD-WRT user.info : [vpn modules] : nf_conntrack_pptp successfully loaded
Feb 13 13:17:54 DD-WRT user.info : [vpn modules] : nf_nat_pptp successfully loaded
Feb 13 13:17:54 DD-WRT kern.info kernel: [ 32.661355] br0: port 1(vlan1) entered forwarding state
Feb 13 13:17:54 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_ageing_time: br1:vlan3 Setting new ageing time to 300
Feb 13 13:17:54 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_ageing_time: br2:vlan4 Setting new ageing time to 300
Feb 13 13:17:54 DD-WRT kern.alert kernel: [ 32.728505] fast-classifier (PBR safe v2.1.6b): starting up
Feb 13 13:17:54 DD-WRT kern.alert kernel: [ 32.734238] fast-classifier: registered
Feb 13 13:17:54 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Feb 13 13:17:54 DD-WRT user.info : [sfe] : shortcut forwarding engine successfully started
Feb 13 13:17:55 DD-WRT user.info : [nas] : start nas lan
Feb 13 13:17:55 DD-WRT user.info : [nas] : start nas for wl0
Feb 13 13:17:55 DD-WRT user.info : [nas] : NAS lan (wl0 interface) successfully started
Feb 13 13:17:55 DD-WRT user.info : [nas] : successfully started
Feb 13 13:17:56 DD-WRT user.info : [nas] : daemon successfully stopped
Feb 13 13:17:56 DD-WRT user.info : [nas] : start nas lan
Feb 13 13:17:56 DD-WRT user.info : [nas] : start nas for wl0
Feb 13 13:17:56 DD-WRT user.info : [nas] : NAS lan (wl0 interface) successfully started
Feb 13 13:17:56 DD-WRT user.info : [nas] : successfully started
Feb 13 13:17:56 DD-WRT daemon.info httpd[1317]: [httpd] : httpd server shutdown
Feb 13 13:17:56 DD-WRT user.info : [httpd] : daemon successfully stopped
Feb 13 13:17:56 DD-WRT daemon.info httpd[2238]: [httpd] : httpd server started at port 80
Feb 13 13:17:56 DD-WRT user.info : [httpd] : successfully started
Feb 13 13:17:57 DD-WRT user.info : [resetbutton] : daemon successfully stopped
Feb 13 13:17:57 DD-WRT user.info : [resetbutton] : successfully started
Feb 13 13:17:57 DD-WRT daemon.err ntpclient[1880]: Failed resolving address to hostname 2.pool.ntp.org: Try again
Feb 13 13:17:57 DD-WRT daemon.err ntpclient[1880]: Failed resolving server 2.pool.ntp.org: Network is down
Feb 13 13:17:57 DD-WRT daemon.notice ntpclient[1880]: Network up, resolved address to hostname 212.18.3.19
Feb 13 13:17:57 DD-WRT daemon.debug ntpclient[1880]: Connecting to 212.18.3.19 [212.18.3.19] ...
Feb 13 13:17:57 DD-WRT daemon.info ntpclient[1880]: Time set from 212.18.3.19 [212.18.3.19].
Feb 13 13:17:57 DD-WRT daemon.info process_monitor[1878]: Cyclic NTP Update success (servers 2.pool.ntp.org 212.18.3.19 88.99.174.22)
Feb 13 13:17:57 DD-WRT daemon.info process_monitor[1878]: Local timer delta is 5
Feb 13 13:17:57 DD-WRT daemon.debug process_monitor[1878]: We need to re-update after 3600 seconds
Feb 13 13:17:57 DD-WRT daemon.info process_monitor[1878]: [process_monitor] : set timer: 3600 seconds, callback: ntp_main()
Feb 13 13:17:59 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_state: br1:vlan3:0 entering learning state
Feb 13 13:17:59 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_state: br2:vlan4:0 entering learning state
Feb 13 13:17:59 DD-WRT kern.info kernel: [ 37.682375] br1: port 1(vlan3) entered learning state
Feb 13 13:17:59 DD-WRT kern.info kernel: [ 37.687612] br2: port 1(vlan4) entered learning state
Feb 13 13:17:59 DD-WRT daemon.info mstpd[722]: set_if_up: Port vlan3 : up
Feb 13 13:17:59 DD-WRT daemon.info mstpd[722]: set_if_up: Port vlan4 : up
Feb 13 13:18:00 DD-WRT user.info : [dnsmasq] : maybe died, we need to re-exec it
Feb 13 13:18:00 DD-WRT user.info : [smartdns] : daemon successfully stopped
Feb 13 13:18:00 DD-WRT user.err smartdns: create icmp socket failed, Address family not supported by protocol
Feb 13 13:18:00 DD-WRT user.info : [smartdns] : successfully started
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: bad option at line 21 of /tmp/dnsmasq.conf
Feb 13 13:18:00 DD-WRT daemon.crit dnsmasq[2335]: FAILED to start up
Feb 13 13:18:00 DD-WRT user.info : [dnsmasq] : Error on startup, returncode 1
Feb 13 13:18:14 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_state: br1:vlan3:0 entering forwarding state
Feb 13 13:18:14 DD-WRT daemon.info mstpd[722]: MSTP_OUT_set_state: br2:vlan4:0 entering forwarding state
Feb 13 13:18:14 DD-WRT kern.info kernel: [ 52.683664] br1: port 1(vlan3) entered forwarding state
Feb 13 13:18:14 DD-WRT kern.info kernel: [ 52.689107] br2: port 1(vlan4) entered forwarding state
Feb 13 13:18:14 DD-WRT daemon.info mstpd[722]: set_if_up: Port vlan3 : up
Feb 13 13:18:14 DD-WRT daemon.info mstpd[722]: set_if_up: Port vlan4 : up
Feb 13 13:18:44 DD-WRT kern.info kernel: [ 82.833393] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Feb 13 13:18:44 DD-WRT authpriv.info dropbear[2349]: Child connection from 192.168.1.13:57250
Feb 13 13:18:50 DD-WRT authpriv.notice dropbear[2349]: Password auth succeeded for 'root' from 192.168.1.13:57250
root@DD-WRT:/tmp/var/log#
may be use that one only...
server=/time-a-g.nist.gov/129.6.15.28
in general in NTP time zone you add only IP.s not a resolving name..as long its not an IP format remove anything from there too...
if your NTP time is not ready and running expect problems...
also looking at your SmartDNS config no idea why you want those there too...it seams you've made a proper DNS mess...
That's what you'd need in GUI SmartDNS section, as well look at the GUI DNSmasq settings...
for NTP time select your time zone in the GUI (basic set up page) and may be just add a one IP--> 162.159.200.123 this is Cloudflare NTP time, you can use GGl time if so 216.239.35.8
or them both in this format with interval between 216.239.35.4 162.159.200.123
can do NTP time in DNSmasq if more convenient server=/time-a-g.nist.gov/129.6.15.28...or can add a bootstrap DNS to SmartDNS..
add to SmartDNS config...(i doubt it does the job but anyway)
server 9.9.9.9 -bootstrap-dns _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Posted: Thu Feb 29, 2024 21:14 Post subject: Thanks 4 the help guys
Thanks 4 the help guys!
I was unable to implement any of the recommendations. I tried to set this up on r55109,r54682,r54604 and r54475 all failed..
Great idea,it should of been implemented years ago and I bet there is a lot of push back from certain bodies..
Any event had to jump ship and return to fresh tomato to get this to work out of box..
If your reading this today --Netflix changed the password length on the bell receiver app.. a real shit show..it should be 60 but the new limit is 30 and some of the characters will not work on the remote menu..
Posted: Wed Mar 13, 2024 18:31 Post subject: headed back
Ok FT does have this working some what..but Entware Stubby is the way to go!!...So I will load dd-wrt back on with a recent build I had tried... I just hope samba on dd-wrt allows addgroup and not some d.a....single user version like whats on FT.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Mar 13, 2024 23:26 Post subject:
SmartDNS is working as it should no problems with it …
DNScript 1.95 embeded ddwrt version is also working as it should…
Stubby is also working via Entware …
I tend to believe you either dont follow the guidances or over complicate the set up with
unessecarry stuff…
anyway for Stubby check red link in my sig … _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
SmartDNS is working as it should no problems with it …
DNScript 1.95 embeded ddwrt version is also working as it should…
Stubby is also working via Entware …
I tend to believe you either dont follow the guidances or over complicate the set up with
unessecarry stuff…
anyway for Stubby check red link in my sig …
I thought the original stubby.yml should be posted so one can see where some of the confusion arises.
root@DD-WRT:/opt/etc/stubby/bcckups# cat stubby.yml.bck
# Note: by default on OpenWRT stubby configuration is handled via
# the UCI system and the file /etc/config/stubby. If you want to
# use this file to configure stubby, then set "option manual '1'"
# in /etc/config/stubby.
resolution_type: GETDNS_RESOLUTION_STUB
round_robin_upstreams: 1
appdata_dir: "/opt/var/lib/stubby"
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private: 1
idle_timeout: 10000
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
dns_transport_list:
- GETDNS_TRANSPORT_TLS
upstream_recursive_servers:
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
#back up file org config working - Note to self
There is No tls_port: declaration is the working config file, unlike the Smart DNS guide egc put up for the community,however when you pointed the missing entry out, on another thread; the matter was resolved when adding additional DoT servers. I suspect the reason the original stubby.yml worked without tls_port: was because of the ipv6 address used for cloudflare.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Mar 27, 2024 22:17 Post subject:
Original Stubby standard config is old and very basic, it made in order to work out of the box 'kind of'...and also missing config lines...that could be vital..like the certificates path, tls version, port and ect...
you can use Stubby however you like... as long as you are happy...
for more info what stubby does check with kdig (you have to install it via entware)
p.s. it seams someone locked down the Stubby thread so, i cannot add testing methods or edit the Stubby config..very clever, i have to admit.. (must ve happened very recently).. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913