I don't think so. I originally thought there was a problem but it seems the user was having entware problems itself.Did I messed up with wiki? Tested twice on clean installation with no issues.
PS I have to add postinst script of fke-hwclock package to save current time after it was installed.
PPS Wait, I've done that before No need to run fke-hwclock right after installation.
Not those under the WAN section. Those do not matter. You're going to be telling dnsmasq to use dnscrypt port instead so those settings are now ignored by dnsmasq.For this to work properly, does it matter what dns settings you have under the wan section, eg I have manually entered the opendns servers here rather than automatically use dns from isp?
Oct 21 18:52:57 dnscrypt-proxy[807]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
Hi,i am insert USB drive in asus rt-ac68u and try to install entware and dnscrypt but i got errors? I lost internet connection....what is wrong with my installation? here is a log:
http://pastebin.com/cDCi5mg4
Code:Oct 21 18:52:57 dnscrypt-proxy[807]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
Oct 21 23:25:42 dnscrypt-proxy: - [cisco] does not support DNS Security Extensions
Oct 21 23:25:42 dnscrypt-proxy: - [cisco] does not support Namecoin domains
Oct 21 23:25:42 dnscrypt-proxy: - [cisco] logs your activity - a different provider might be better a choice if privacy is a concern
Oct 21 23:25:42 dnscrypt-proxy[1297]: Starting dnscrypt-proxy 1.6.0
Oct 21 23:25:42 dnscrypt-proxy[1297]: Generating a new session key pair
Oct 21 23:25:42 dnscrypt-proxy[1297]: Done
Oct 21 23:25:42 admin: Started from .
Oct 21 23:25:42 dnscrypt-proxy[1297]: Server certificate #1435874751 received
Oct 21 23:25:42 dnscrypt-proxy[1297]: This certificate looks valid
Oct 21 23:25:42 dnscrypt-proxy[1297]: Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
Oct 21 23:25:42 dnscrypt-proxy[1297]: Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
Oct 21 23:25:42 dnscrypt-proxy[1297]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
Oct 21 23:25:42 admin: Started transmission-daemon from .
Oct 22 00:26:10 dnscrypt-proxy[1297]: Refetching server certificates
Oct 22 00:26:10 dnscrypt-proxy[1297]: Server certificate #1435874751 received
Oct 22 00:26:10 dnscrypt-proxy[1297]: This certificate looks valid
Oct 22 00:26:10 dnscrypt-proxy[1297]: Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
Oct 22 00:26:10 dnscrypt-proxy[1297]: Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
thank you for reply....so i need to know if it possible to change dnscrypt server? i choose number 2 from list and for example i would like to change to server at number 17?dnscrypt-proxy purpose is not to hide your real IP.
i got something like you post here:Hi,
There is something wrong with your configuration: opendns provider now called cisco and the message "Server certificate #1435874751 received" is missing. On top evey hour you should have a "Refetching server certificates" message in the syslog.log (see details below).
Funny enough: the Proxying message looks correct!
Most likely you run an older version of dnscrypt. A update of Entware with the command: opkg update & opkg upgrade & sleep 2 & reboot would solve the problem.
With kind regards
Joe
admin: Started from .
dnscrypt-proxy[1297]: Server certificate #1435874751 received
dnscrypt-proxy[1297]: This certificate looks valid
dnscrypt-proxy[1297]: Chosen certificate #1435874751 is valid from [2015-07-03] to [2016-07-02]
dnscrypt-proxy[1297]: Server key fingerprint is ED19:BFBA:FAFC:9257:DFDC:68C7:69BF:AC24:94CD:743F:3C1D:4966:134D:FE2C:4BDC:F315
dnscrypt-proxy[1297]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
Hi,but test site says you aren´t using openDNS?
http://welcome.opendns.com/
I tried this but nothing would resolve....Here's my wiki mod. No Optware or Entware required.
/jffs/scripts/wan-start
Code:#!/bin/sh logger -t $(basename $0) "started [$$]" /bin/pidof dnscrypt-proxy > /dev/null 2>&1 || \ ( # Now resolve DNS name for NTP server ntp_name=$(nvram get ntp_server0) grep "$ntp_name" /jffs/configs/hosts.add > /dev/null 2>&1 || \ for ip in $(/jffs/bin/hostip $ntp_name) do echo $ip $ntp_name >> /jffs/configs/hosts.add done # restart NTP client to eliminate 4-5 mins delay killall ntp sleep 1 service restart_dnsmasq service restart_ntpc sleep 5 # wait up to 5 minutes to make sure the router has the correct time tmax=300 i=0 while [ $i -le $tmax ] do if [ "$(nvram get ntp_ready)" -eq "1" ] then break fi logger "Waiting for correct time to be set." sleep 1 i=`expr $i + 1` done # dnscrypt-proxy requires the correct time for certificate validation /jffs/bin/dnscrypt-proxy --local-address=127.0.0.1:60053 --ephemeral-keys --resolver-name=dnscrypt.org-fr --resolvers-list=/jffs/bin/dnscrypt-resolvers.csv --daemonize /jffs/bin/dnscrypt-proxy --local-address=127.0.0.1:60054 --ephemeral-keys --resolver-name=soltysiak --resolvers-list=/jffs/bin/dnscrypt-resolvers.csv --daemonize )
/jffs/configs/dnsmasq.conf.add
Code:... ### dnscrypt no-resolv server=127.0.0.1#60053 # dnscrypt server=127.0.0.1#60054 # dnscrypt ...
I tried this but nothing would resolve....
My method is for Dnscrypt that you compile yourself using an ARM cross compiler included with the Asuswrt-Merlin firmware, and copy to /jffs/bin.I tried this but nothing would resolve....
The OpenDNS test will only work with the Cisco/OpenDNS servers.still waiting for answer how to change dnscrypt server....i am using cisco from number 2 within installation....there are 53 servers i think....server from number 17 i think not working.....i test it now with new installation....
EDIT: got it on page 11....
Only Cisco server do the test at http://welcome.opendns.com , all the other servers do not make the test?
I do not know why
Depends if you want faster response or no logging. Generally I try to pick a server that is physically closest to me that doesn't log.which is best, the fastest and the lowest ping dnscrypt server?
Depends if you want faster response or no logging. Generally I try to pick a server that is physically closest to me that doesn't log.
Thread starter | Title | Forum | Replies | Date |
---|---|---|---|---|
B | (solved) Dnscrypt blocked-names.txt automatically deleted upon modification | Asuswrt-Merlin | 4 |
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!