Dnscrypt on dd-wrt

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Author Message
davidpiedra
DD-WRT Novice


Joined: 06 Aug 2013
Posts: 7

PostPosted: Mon Nov 03, 2014 17:27    Post subject: How to run DNSCrypt? Reply with quote
Hello, i know this is an old post, but can't find information in other places about DNSCrypt. My router is running DD-WRT and the firmware seems to support JJFS, but how do I run DNSCrypt? I upload the files from lancepants to the jjfs folder and then?

Thanks for your help.

EDIT: I don't use DNSMasq.

David
Sponsor
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Mon Nov 03, 2014 17:52    Post subject: Re: How to run DNSCrypt? Reply with quote
davidpiedra wrote:
Hello, i know this is an old post, but can't find information in other places about DNSCrypt. My router is running DD-WRT and the firmware seems to support JJFS, but how do I run DNSCrypt? I upload the files from lancepants to the jjfs folder and then?

Thanks for your help.

EDIT: I don't use DNSMasq.

David

First, the DNS server of the router has to call DNSCrypt, e.g. at 192.168.1.1:40.

Second, DNSCrypt, as compiled the Lancethepants has to find its csv file at /opt/share/dnscrypt-proxy/dnscrypt-resolvers.csv

Third, in order to run it enter:

/opt/bin/dnscrypt-proxy -a 192.168.1.1:40 -d -R opendns

Time zone has to be UTC with no daylight saving and the time has to be synchronized from an IP number.

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


DD-WRT noob
DD-WRT Novice


Joined: 19 Jan 2015
Posts: 1

PostPosted: Mon Jan 19, 2015 19:29    Post subject: Reply with quote
ptruman wrote:
Been done.
I found this earlier :

http://lancethepants.com/files/

It's a binary which runs happily on my WRT54GS V1.1


Hey,

Do I download the "mipsel" or "arm" files? I have a Asus RT-AC56U router.

Thanks
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Mon Jan 19, 2015 23:22    Post subject: Reply with quote
DD-WRT noob wrote:
ptruman wrote:
Been done.
I found this earlier :

http://lancethepants.com/files/

It's a binary which runs happily on my WRT54GS V1.1


Hey,

Do I download the "mipsel" or "arm" files? I have a Asus RT-AC56U router.

Thanks

Use ARM.

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Wed Dec 02, 2015 17:41    Post subject: Reply with quote
I was reading the tutorial for doing this (http://www.linksysinfo.org/index.php?threads/dnscrypt-preview.37031/) and I'm wondering how to input 127.0.0.2:40 into Setup->WAN Setup->Static DNS. I'm running Firmware: DD-WRT v3.0-r28211 std (11/16/15) on an EA6900 router. DNScrypt doesn't seem to be part of this firmware.
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Wed Dec 02, 2015 21:03    Post subject: Reply with quote
johnnyNobody999 wrote:
I was reading the tutorial for doing this (http://www.linksysinfo.org/index.php?threads/dnscrypt-preview.37031/) and I'm wondering how to input 127.0.0.2:40 into Setup->WAN Setup->Static DNS. I'm running Firmware: DD-WRT v3.0-r28211 std (11/16/15) on an EA6900 router. DNScrypt doesn't seem to be part of this firmware.

First, it indeed isn't part of it. Second, edit dnsmsasq config file and put therein
Code:
server=127.0.0.1#40

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Thu Dec 03, 2015 2:27    Post subject: Reply with quote
slobodan wrote:
Second, edit dnsmsasq config file and put therein
Code:
server=127.0.0.1#40


Just want to confirm that it should be 127.0.0.1#40 instead of 127.0.0.1:40

I tried both and it appears that the daemon didn't start. I tried to start the daemon with:

/jffs/dnscrypt-proxy -a 127.0.0.1:40 -r 208.67.220.220:53 -d

Also tried:

/jffs/dnscrypt-proxy -a 127.0.0.1:40 -L /jffs/dnscrypt-resolvers.csv -R opendns -d
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Mon Jan 11, 2016 23:45    Post subject: Reply with quote
I took another stab at this and messed something up. Lost DNS. I tried removing the changes but my DNS is still messed up. Installing dnscrypt also killed my openvpn server that was running on the router - I think it was the time getting messed up due to loss of DNS. At least I got my openvpn server working again after rolling back. One thing that kept my clients working was installing dnscrypt on all my Linux boxes - otherwise websites wouldn't resolve. I still have problems with DNS on boxes that don't have dnscrypt options but was able to fix those by manually entering DNS server IP addresses. I don't know if it's just coincidence but I discovered that my mail server isn't accepting incoming mail now, also. When it rains it pours.
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Wed Jan 13, 2016 2:19    Post subject: Reply with quote
I got dnscrypt to work on an individual PC running Ubuntu 14.04 but I'm not sure of how to implement it on the router using dd-wrt. For one thing dnscrypt-proxy is in binary form from lancethepants while it's an editable script on Ubuntu. Getting the settings right on the router will require an explanation of such things as to why port 40 is being used and what dnscrypt server I'm trying to make contact with - I suppose that'll explain why udp port 40 is being used. Besides, if I want to use cs-uswest I have to use port 443 - that's what I'm using on Ubuntu. If dnscrypt is hardwired to be a certain way then a dd-wrt tutorial might be in order. Of course, if dnscrypt was included in dd-wrt with a GUI maybe a lot of guess work would be eliminated.
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Fri Jan 15, 2016 18:20    Post subject: Reply with quote
[quote="slobodan"]
ptruman wrote:
Settings:

Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3


What is 192.168.1.1? Your router LAN IP? And what is 127.0.0.3? I'm familiar with 127.0.0.2
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Sun Jan 17, 2016 23:46    Post subject: Reply with quote
[quote="johnnyNobody999"]
slobodan wrote:
ptruman wrote:
Settings:

Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3


What is 192.168.1.1? Your router LAN IP? And what is 127.0.0.3? I'm familiar with 127.0.0.2

Yes, 192.168.1.1 is the DNSMasq on the router, which in its turn calls dnscrypt.

127.0.0.2 are ways to fill the void, they default to localhost on each device, so they are not specific to the router.

dnscrypt wants time to be UTC, so if you take care of that it will be ok (it is kind of a problem in DD-WRT land).

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)


johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Mon Jan 18, 2016 2:24    Post subject: Reply with quote
Quote:
Settings:

Static DNS 1: 192.168.1.1
Static DNS 2: 127.0.0.2
Static DNS 3: 127.0.0.3

What is 192.168.1.1? Your router LAN IP? And what is 127.0.0.3? I'm familiar with 127.0.0.2


Quote:
Yes, 192.168.1.1 is the DNSMasq on the router, which in its turn calls dnscrypt.


I don't use the router default of 192.168.1.1 - that's why I was asking.

Quote:
dnscrypt wants time to be UTC, so if you take care of that it will be ok (it is kind of a problem in DD-WRT land).


It must be an issue with dd-wrt because I have dnscrypt-proxy running on my individual PCs and they are working fine with the time set to local time.

Also, I'm running an OpenVPN server on the router and I'm wondering what impact changing the router to UTC will have on the clients set for local time (i.e. will the clients still be able to connect?).
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Mon Jan 18, 2016 2:41    Post subject: Reply with quote
I just answered my own question about OpenVPN - it still works after changing the router from local time to UTC.

Anyway, I still can't get dns to resolve before or after starting dnscrypt-proxy. I must be doing something wrong but I don't know what. Here's my dnsmasq.conf file with the static leases snipped:

root@ea6900:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
all-servers
strict-order
cache-size=1500
domain=n0sq.us
dhcp-leasefile=/jffs/dnsmasq.leases
dhcp-lease-max=71
dhcp-option=br0,3,192.168.##.1
dhcp-authoritative
dhcp-range=br0,192.168.##.100,192.168.27.149,255.255.255.0,1440m

-snip-

stop-dns-rebind
no-resolv
server=127.0.0.1#40
local=/lan/
expand-hosts
listen-address=127.0.0.1
user=nobody
root@ea6900:~# cat /var/log/messages | grep dns
Jan 1 00:00:06 ea6900 user.info : dnsmasq : dnsmasq daemon successfully started
Jan 18 02:30:04 ea6900 daemon.notice dnscrypt-proxy[1579]: Starting dnscrypt-proxy 1.6.0
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: Generating a new session key pair
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: Done
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: Server certificate #1435874751 received
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: This certificate looks valid
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
Jan 18 02:30:04 ea6900 daemon.info dnscrypt-proxy[1579]: Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
Jan 18 02:30:04 ea6900 daemon.notice dnscrypt-proxy[1579]: Proxying from 127.0.0.1:53 to 208.67.220.220:443
Jan 18 02:32:50 ea6900 user.info : dnsmasq : dnsmasq daemon successfully stopped
Jan 18 02:32:50 ea6900 user.info : dnsmasq : dnsmasq daemon successfully started
Jan 18 02:34:00 ea6900 user.info : dnsmasq : dnsmasq daemon successfully started
Jan 18 02:34:49 ea6900 daemon.notice dnscrypt-proxy[2138]: Starting dnscrypt-proxy 1.6.0
Jan 18 02:34:49 ea6900 daemon.info dnscrypt-proxy[2138]: Generating a new session key pair
Jan 18 02:34:49 ea6900 daemon.info dnscrypt-proxy[2138]: Done
Jan 18 02:35:18 ea6900 daemon.notice dnscrypt-proxy[2157]: Starting dnscrypt-proxy 1.6.0
Jan 18 02:35:18 ea6900 daemon.info dnscrypt-proxy[2157]: Generating a new session key pair
Jan 18 02:35:18 ea6900 daemon.info dnscrypt-proxy[2157]: Done
slobodan
DD-WRT Guru


Joined: 03 Nov 2011
Posts: 1555
Location: Zwolle

PostPosted: Mon Jan 18, 2016 2:57    Post subject: Reply with quote
Every DNSMasq option should be used only once. If use twice or more, it prevents DNSMasq from running. Check /etc/dnsmasq.conf for double statements.

E.g. if you have

cache=500
cache=1500

DNSMasq won't start.

Also, I see dnscrypt proxying on port 53 instead of port 40.

I don't know if your specified listen-address is a good choice.

_________________
2 times APU2 Opnsense 21.1 with Sensei

2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)

3 times Asus RT-N16 shelved

E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)

3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)




Last edited by slobodan on Mon Jan 18, 2016 3:03; edited 1 time in total
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 499

PostPosted: Mon Jan 18, 2016 3:02    Post subject: Reply with quote
slobodan wrote:
Every DNSMasq option should be used only once. If use twice or more, it prevents DNSMasq from running. Check /etc/dnsmasq.conf for double statements.

E.g. if you have

cache=500
cache=1500

DNSMasq won't start.

Also, I see dnscrypt proxying on port 53 instead of port 40.


My system doesn't seem to have a /etc/dnsmasq.conf

root@ea6900:~# cat /etc/dnsmasq.conf
cat: can't open '/etc/dnsmasq.conf': No such file or directory
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next Display posts from previous:    Page 4 of 8
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum