That is the URL and IP for the WebUI. AB-Solution sets its own tld (.absolution) with the only domain admin in that range locally on the router.What is “admin.absolution” on 172.20.0.3?
Oh, I like the color scheme; looks like it’s more readable than all the ones in AB3
Probably the webui!What is “admin.absolution” on 172.20.0.3?
Oh, I like the color scheme; looks like it’s more readable than all the ones in AB3
[Mm] ) # show options menu
[ "$more" = "more" ] && more=less || more=more
I think I've got a working setup, though only in an Ubuntu VM.This is how it will work if you put all the pieces together.
AB, or better: Dnsmasq will direct all non-local and not-blocked domain queries upstream. It sounds simple but a steep learning curve might hinder instant success.
port=53
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
no-resolv
# Add other name servers here, with domain specs if they are for
# non-public domains.
server=127.0.0.1#5353
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
include: "/etc/unbound/unbound.conf.d/*.conf"
## DNS Over TLS, Simple ENCRYPTED recursive caching DNS, TCP port 853
## unbound.conf -- https://calomel.org
#
server:
# access-control: 10.0.0.0/8 allow
# access-control: 127.0.0.0/8 allow
# access-control: 192.168.0.0/16 allow
cache-max-ttl: 14400
cache-min-ttl: 900
do-tcp: yes
hide-identity: yes
hide-version: yes
interface: 127.0.0.1
port: 5353
minimal-responses: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
ssl-upstream: yes
use-caps-for-id: yes
verbosity: 1
forward-zone:
name: "."
forward-addr: 9.9.9.9@853 # quad9.net primary
forward-addr: 149.112.112.112@853 # quad9.net secondary
# forward-addr: 145.100.185.15@853 # dnsovertls.sinodun.com US
# forward-addr: 145.100.185.16@853 # dnsovertls1.sinodun.com US
# forward-addr: 184.105.193.78@853 # tls-dns-u.odvr.dns-oarc.net US
# forward-addr: 185.49.141.37@853 # getdnsapi.net US
# forward-addr: 199.58.81.218@853 # dns.cmrg.net US
# forward-addr: 146.185.167.43@853 # securedns.eu Europe
# forward-addr: 89.233.43.71@853 # unicast.censurfridns.dk Europe
&& more=less
We're here to help, your thoughtful responses are very welcome, everywhere.Apologies to @thelonelycoder for a slight hijack of the thread...
Which would then seamlessly work with DNS based filtering from the WebUI. Just point the ones to the unbound IP.EDIT: In theory, to bypass AB-S DNS filter can be pointed for those devices to unbound. This will most likely prevent local DNS resolution from working since Unbound won't understand the LAN!
EDIT2: Need to have unbound listen on a new IP, rather than localhost, since I don't think DHCP can push DNS with a different port.
Taking inspiration from AB-S and the PixelServ interface (i.e. ifconfig br0:unbound x.x.x.x up), I've now got unbound up on its own IP, and DNS resolution seems to work. Config file for unbound likely needs some optimising (uploaded here) https://pastebin.com/pA5qPQ6UWhich would then seamlessly work with DNS based filtering from the WebUI. Just point the ones to the unbound IP.
I am following closely!Taking inspiration from AB-S and the PixelServ interface (i.e. ifconfig br0:unbound x.x.x.x up), I've now got unbound up on its own IP, and DNS resolution seems to work. Config file for unbound likely needs some optimising (uploaded here) https://pastebin.com/pA5qPQ6U
Oddly I had to create /opt/var/lib/unbound, it wasn't created as part of the install. But it survives a reboot and unbound is ticking along as an optional DNS resolver. Next up, installing AB-S and seeing how I get on.
ifconfig br0:dnscrypt 10.14.16.2 up
ARGS="--local-address=10.14.16.2:53 --daemonize -R cisco"
# DO NOT EDIT this part of the file #
# generated by AB-Solution 3.11
RC='/opt/etc/init.d/rc.unslung'
i=30
until [ -x "$RC" ];do
i=$(($i-1))
if [ "$i" -lt 1 ];then
logger "Unable to start Entware"
exit
fi
sleep 1
done
logger "AB-Solution started rc.unslung via $0"
$RC start $0
# end of DO NOT EDIT #
Make sure the virtual interfaces are outside the DHCP range for both unbound and dnscrypt.Taking inspiration from AB-S and the PixelServ interface (i.e. ifconfig br0:unbound x.x.x.x up), I've now got unbound up on its own IP, and DNS resolution seems to work.
AB3 is adamantly recreating that file, silently if you remove it or part of it.I mount Entware in my post-mount script, is there a way I can safely disable this in services-start? I had more success when calling rc.unslung when the partition is being mounted, rather than waiting on a timer.
if [ -f /opt/share/absolution/.conf/absolution.conf ]; then
. /opt/share/absolution/.conf/absolution.conf
if [ "$AB_STATUS" = "enabled" ] && [ "$psState" = "on" ]; then
switchesFile=/opt/share/absolution/.conf/pixelserv.switches
[ -f "$switchesFile" ] && switches=$(cat $switchesFile | tr '\n' ' ') || switches=
ifconfig br0:pixelserv-tls $psIP up
logger -t AB-Solution "created br0:pixelserv-tls $psIP from $0"
export TZ=$(cat /etc/TZ)
ENABLED=yes
PROCS=pixelserv-tls
ARGS="$psIP $switches"
PREARGS=""
PRECMD="ulimit -s 64"
DESC="$PROCS (AB-Solution)"
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
. /opt/etc/init.d/rc.func.ab
else
logger -t AB-Solution "pixelserv-tls or AB-Solution disabled, not starting pixelserv-tls from $0"
fi
else
logger -t AB-Solution "absolution.conf file not found, not starting pixelserv-tls from $0"
fi
The self-check in AB3 for services-start is for the #DO NOT EDIT line and:I mount Entware in my post-mount script, is there a way I can safely disable this in services-start? I had more success when calling rc.unslung when the partition is being mounted, rather than waiting on a timer.
Code:# DO NOT EDIT this part of the file # # generated by AB-Solution 3.11 RC='/opt/etc/init.d/rc.unslung' i=30 until [ -x "$RC" ];do i=$(($i-1)) if [ "$i" -lt 1 ];then logger "Unable to start Entware" exit fi sleep 1 done logger "AB-Solution started rc.unslung via $0" $RC start $0 # end of DO NOT EDIT #
if ! grep -q "RC='/opt/etc/init.d/rc.unslung'" $jScripts/$1;then
# DO NOT EDIT this part of the file #
# generated by AB-Solution 3.9
RC='/opt/etc/init.d/rc.unslung'
Make sure the virtual interfaces are outside the DHCP range for both unbound and dnscrypt.
Looks good! I'll leave it be, I rarely reboot the router anyway!AB3 is adamantly recreating that file, silently if you remove it or part of it.
This changes in AB4 as I no longer need services-start, I found a much better way to do it.
AB4 will only need a post-mount and dnsmasq.postconf with a single line source reference to the actual AB postconf and post-mount files.
I also bring up the virtual interfaces in the actual S80 binary start files, just before the binary gets called.
In AB4 the /opt/etc/init.d/S80pixelserv-tls looks thus:
It brings up the needed virtual interface and pixelserv-tls but only if AB services ($AB_STATUS) or pixelserv-tls ($psState) is enabled in AB.
Jan 28 04:20:08 kernel: <6>usbcore: deregistering interface driver usblp
Jan 28 04:20:08 kernel: <6>ohci_hcd 0000:00:0b.0: remove, state 1
Jan 28 04:20:08 kernel: <6>usb usb2: USB disconnect, address 1
Jan 28 04:20:08 kernel: <6>ohci_hcd 0000:00:0b.0: USB bus 2 deregistered
Jan 28 04:20:08 kernel: <6>ehci_hcd 0000:00:0b.1: remove, state 1
Jan 28 04:20:08 kernel: <6>usb usb1: USB disconnect, address 1
Jan 28 04:20:08 kernel: <6>usb 1-2: USB disconnect, address 2
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <6>ehci_hcd 0000:00:0b.1: USB bus 1 deregistered
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 haveged: haveged starting up
Jan 28 04:20:08 kernel: <6>SysRq : Emergency Sync
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <4>Emergency Sync complete
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock detected
Jan 28 04:20:08 kernel: <4>
Jan 28 04:20:08 kernel: <3>EXT2-fs (sda2): previous I/O error to superblock deteccted
Jan 28 04:20:08 kernel: <4>
Jan 28 12:30:59 hotplug[846]: USB ext2 fs at /dev/sda2 mounted on /tmp/mnt/absolute
Jan 28 12:30:59 usb: USB ext2 fs at /dev/sda2 mounted on /tmp/mnt/absolute.
Jan 28 12:30:59 kernel: EXT2-fs (sda2): warning: mounting unchecked fs, running e2fsck is recommended
running e2fsck is recommended
chmod a+rx /jffs/scripts/pre-mount
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Would you kindly post the error message that was displayed by curl?I have problems to write updates notity. I have an gmail account, and the smtp.gmail.com with port 465 are not working. When I try to send a testmessage, it was not possible.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!