Joined: 24 Feb 2009 Posts: 2026 Location: Sol System > Earth > USA > Arkansas
Posted: Sun Feb 19, 2012 2:24 Post subject:
No it is not possible. There does not appear to be anyone who has compiled the code (or even tried) for the DD-WRT firmware. _________________ E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]
Try Dropbox for syncing files - get 2.5gb online for free by signing up.
Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
It's a binary which runs happily on my WRT54GS V1.1
It works fine on my E3000 using Kong 18050M.
Settings:
Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3
Running it with:
/opt/script/dnscrypt-proxy -a 192.168.1.1 -d
(Saved it in my startup script.)
My internet works ok, but I have the following output on Windows XP:
nslookup www.msn.com
*** Can't find server name for address 192.168.1.1: No information
*** Can't find server name for address 127.0.0.2: No response from server
*** Can't find server name for address 127.0.0.3: No response from server
*** Default servers are not available
Non-authoritative answer:
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.1.1
Now, since I have blocked dynamic.ziggo.nl in my OpenDNS options, it is redirected to the default OpenDNS IP for blocked websites. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Last edited by slobodan on Fri Mar 16, 2012 13:49; edited 1 time in total
What I've done is write a small script called /jffs/etc/config/startdnscryptproxy.wanup (which runs automatically once the WAN comes up)
It contains two lines :
Code:
killall dnscrypt-proxy
/jffs/bin/dnscrypt-proxy --daemonize -a 127.0.0.[b]2[/b] -P 53
That puts dnscrypt-proxy onto 127.0.0.2 port 53.
I've then modded the Local DNS setting on http://YOUR_ROUTER_IP_HERE/index.asp so that the DNS is 127.0.0.2
et voila
As an aside, I'm also using the following in my DNSMasq config :
# Override manual DNS changes
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
That stops anyone on the LAN using their own specified DNS, by routing to my router IP, which hands the request to DNSMasq, which fires it off to DNSCrypt...
Last edited by ptruman on Tue Mar 13, 2012 13:14; edited 1 time in total
Having the plain OpenDNS servers therein could reroute DNS requests via unencrypted DNS traffic. That's why I have put 127.0.0.2 and 127.0.0.3 in Static DNS 2 and 3. They do no serving there, they are just a way to avoid receiving the DNS servers from my provider.
About that blocked domain IP, it is just funny/weird, it is not a problem for using the internet.
Besides dnscrypt-proxy is able to daemonize in multiple instances, so you could replace the plain OpenDNS servers with 127.0.0.3 and 127.0.0.4. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
dnscrypt-proxy can daemonize in multiple instances, but they have to be separate files, or at least separate links to the file. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
Posted: Tue Mar 20, 2012 2:06 Post subject: Excuse my noobness
Hi everyone,
Please forgive this very noob question, but how exactly do I get these files on my router? I am very interested in using DNScrypt-proxy or at least DNSCurve, but I do not know where to start.
What I've done is write a small script called /jffs/etc/config/startdnscryptproxy.wanup (which runs automatically once the WAN comes up)
It contains two lines :
Code:
killall dnscrypt-proxy
/jffs/bin/dnscrypt-proxy --daemonize -a 127.0.0.[b]2[/b] -P 53
That puts dnscrypt-proxy onto 127.0.0.2 port 53.
I've then modded the Local DNS setting on http://YOUR_ROUTER_IP_HERE/index.asp so that the DNS is 127.0.0.2
et voila
As an aside, I'm also using the following in my DNSMasq config :
# Override manual DNS changes
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
That stops anyone on the LAN using their own specified DNS, by routing to my router IP, which hands the request to DNSMasq, which fires it off to DNSCrypt...
Newbie questions. Can you elaborate on setting this up through the gui (or commandline if necessary) step by step?
How to do it? Fill the following options in your DD-WRT Setup page:
Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3
Quote:
What I've done is write a small script called /jffs/etc/config/startdnscryptproxy.wanup (which runs automatically once the WAN comes up)
It contains two lines :
Code:
killall dnscrypt-proxy
/jffs/bin/dnscrypt-proxy --daemonize -a 127.0.0.[b]2[/b] -P 53
If you want to write such a script use:
vi /jffs/etc/config/startdnscryptproxy.wanup
or
nano /jffs/etc/config/startdnscryptproxy.wanup
I would advise using the following command instead of the above:
/jffs/bin/dnscrypt-proxy -d -a 192.168.1.1
Hint: this is just for the record. I have no such wanup script and dnscrypt works fine. I have simply added it to my startup script and I do not have problems with it stopping unexpectedly. Sure, my system first checks if the year is different from 1970 and if no, then it loops back to checking the year, till the time is correctly set with a static IP of a timesever (don't use an URL since there is nothing to resolve it, at least in the configuration suggested by me.) dnscrypt is only executed if the time has been set correctly. I have cron doing an ntpclient synchronization with a static IP every 3 minutes past the hour and 8 minutes past the hour; this is an extra safety measure in the case the router does not get NTP time by itself.
Quote:
That puts dnscrypt-proxy onto 127.0.0.2 port 53.
I've then modded the Local DNS setting on http://YOUR_ROUTER_IP_HERE/index.asp so that the DNS is 127.0.0.2
et voila
As an aside, I'm also using the following in my DNSMasq config :
The last line has been added by the Optware service pixelserv, so you do not have to duplicate it.
I consider that if you use 127.0.0.2 and 127.0.0.3 as DNS servers, strict-order is not necessary, but if it reassures you, you may add it there.
stop-dns-rebind is not needed (and it may be a problem) if you have selected the radio button No DNS Rebind.
Meanwhile I have switched to DNSMasq instead of udhcpd.
Quote:
I'm also running the following in rc_firewall :
Code:
# Override manual DNS changes
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to `nvram get lan_ipaddr`
That stops anyone on the LAN using their own specified DNS, by routing to my router IP, which hands the request to DNSMasq, which fires it off to DNSCrypt...
The above is a good script, type it under Administration / Commands and press Save Firewall. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)