What's new

Dnscrypt from opendns

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

For those that installed via Entware, what are the MD5/SHA1 hashes for the "hostip" and "dnscrypt-proxy" binaries?
I'm using dnscrypt-proxy from Entware on 3 routers: D-Link DIR320 with Oleg's firmware, Asus RT-N14U with Padavans firmware and Asus RT-N66U with asuswrt-merlin.

Not sure it can help, but anyway:
* On RT-N66U:
Code:
admin@RT-N66U:/tmp/home/root# opkg status dnscrypt-proxy | grep Version
Version: 1.4.0-2
admin@RT-N66U:/tmp/home/root# md5sum /opt/sbin/dnscrypt-proxy
b5f0c84392e71f560eb483979dd87a61  /opt/sbin/dnscrypt-proxy
admin@RT-N66U:/tmp/home/root# md5sum /opt/sbin/dnscrypt-proxy-hostip
28ec3c1e7f1dcad59cb552abd8d1d897  /opt/sbin/dnscrypt-proxy-hostip
* On RT-N14U:
Code:
/opt/home/admin # opkg status dnscrypt-proxy | grep Version
Version: 1.4.0-2
/opt/home/admin # md5sum /opt/sbin/dnscrypt-proxy
b5f0c84392e71f560eb483979dd87a61  /opt/sbin/dnscrypt-proxy
/opt/home/admin # md5sum /opt/sbin/dnscrypt-proxy-hostip
28ec3c1e7f1dcad59cb552abd8d1d897  /opt/sbin/dnscrypt-proxy-hostip
 
Thanks!

I'm trying your non-Entware package on an ASUS RT-AC66U router with Merlin 374.43 firmware.

That's version 1.4.0 (without the -2) and (thus?) has different checksums.
 
I'm trying your non-Entware package on an ASUS RT-AC66U router with Merlin 374.43 firmware.

That's version 1.4.0 (without the -2) and (thus?) has different checksums.
That's right. Non-Entware version:
a) was built with a different toolchain to use firmware system libraries,
b) was linked with a static version of libsodium, so no additional files is needed.
 
Understood.

Did some homework that I should have done earlier I guess... :eek:

Seems like all the files/locations I did not understand in Sinshiva's post are Entware related. Also I can apparently check hashes myself from the Entware GitHub repository for regular builds (those match the ones you posted).

Maybe I should try Entware first...

Two things that I did not find yet:

  1. How large should the USB stick be to get Entware installed? (with only the dnscrypt-proxy and dnscrypt-proxy-hostip packages on top)
  2. Can I uninstall Entware by unplugging the stick and formatting /jffs?
 
That's right. Non-Entware version:
a) was built with a different toolchain to use firmware system libraries,
b) was linked with a static version of libsodium, so no additional files is needed.
Hey ryzhov_al....thanks for sharing. I am going to give the non-entware (I am using a AC56U)version another try. The last time I tried the NTP with names and this time I will try with the ip address. Being a newbie, if I can't get it to work this way what would be the simplest way of removing the script without formatting the jfss?

Cheers!
 
i am using the Entware/N66 version. It's working well atm, otherwise i would try ryzhov's package. I had trouble getting things to play well on reboots, though, so i watched the syslog and devised my ugly hack scripts.

MY dnsmasq0 contains;

Code:
address=/0.0.0.0/0.0.0.0
addn-hosts=/tmp/mnt/sda1/hosts.clean

(for this: http://forums.smallnetbuilder.com/showthread.php?t=15309 )

this file could otherwise be blank or the script modified.

MY dnsmasq1 contains:

Code:
address=/0.0.0.0/0.0.0.0
addn-hosts=/tmp/mnt/sda1/hosts.clean

no-resolv
server=127.0.0.1#65053

with the bottom two lines for the dnscrypt setup.


http://forums.smallnetbuilder.com/showpost.php?p=124281&postcount=98

regarding the services-start script; that's added when entware is installed. the point of showing mine was the 15s sleep to time it better with wan-start on reboots. part of what i mean by ugly

somebody asked; i'm using DDNS via dnsomatic and no-ip.com.
 
Last edited:
Two things that I did not find yet:

  1. How large should the USB stick be to get Entware installed? (with only the dnscrypt-proxy and dnscrypt-proxy-hostip packages on top)
  2. Can I uninstall Entware by unplugging the stick and formatting /jffs?
  1. 16MB is enough:)
  2. Yes.

Being a newbie, if I can't get it to work this way what would be the simplest way of removing the script without formatting the jfss? !
Code:
rm /jffs/configs/dnsmasq.conf.add
reboot
 
Hi guys:

I've been doing all this and had the same no internet issue after restart.

The issue I am seeing here is that if you install entware using "The easy way":
https://github.com/RMerl/asuswrt-merlin/wiki/Entware

it doesn't work.

It DOES work if you DELETE the asusware folder (or entware folder will not mount):
If you have previously used Optware or Download Master you must remove the current installation:
Code:
rm -rf asusware

So, to properly do this, after or before installing entware, execute the code :
rm -rf asusware
=> or the ln -sf command (to mount entware on top of the /opt folder) will not work.

Then, install entware using "The easy way" and all will be fine.
Hope this helps.

@puremind - can you please confirm if you are using Asus DDNS via the router and also NTP sever set as pool.ntp.org?
I was asking because of this error -
Jun 5 19:36:10 watchdog: start ddns.
Jun 5 19:36:10 rc_service: watchdog 355:notify_rc start_ddns
Jun 5 19:36:10 ddns update: ez-ipupdate: starting...
Jun 5 19:36:40 ddns update: error connecting to ns1.asuscomm.com:80

cheers
 
Last edited:
I have replaced NTP Server hostname with an IP Address and ran the command again, but still no joy!
 
Hi guys, no progess on the Non-Entware package? it looks like nobody has had luck with the package! Thanks :)

If I would go the Entware route, witch one of the many codes that are written by ryzolv-al is the most recent one or the correct one, a step by step newbie, I ask because when I started the thread, there are various edits and steps, the same question for installing transmission ...

Thanks for the hard work guys, you really give this routers lots of value, appreciate it.
Regards. :D
 
Hi guys, no progess on the Non-Entware package? it looks like nobody has had luck with the package! Thanks :)

If I would go the Entware route, witch one of the many codes that are written by ryzolv-al is the most recent one or the correct one, a step by step newbie, I ask because when I started the thread, there are various edits and steps, the same question for installing transmission ...

Thanks for the hard work guys, you really give this routers lots of value, appreciate it.
Regards. :D

shooter40sw - I have gone ahead and installed Entware and Transmission last night, so today will try the dnscrypt via entware and see what happens. all the guys adding comments that its working never said if they are using asus ddns etc
 
all the guys adding comments that its working never said if they are using asus ddns etc
I'm using the entware version, never have had any problems with it and I'm also using asus ddns for my port forwarded mumble server.

So it should not give any problems with "asus ddns" and the "entware version" :rolleyes:
 
Installed Entware and the dnscrypt-proxy package.

Encrypted DNS via DNSCrypt.eu works!

(I'd still prefer a USB/Entware-less install, but this is already nice)
 
Last edited:
Installed Entware and the dnscrypt-proxy package.

Encrypted DNS via DNSCrypt.eu works!

(I'd still prefer a USB/Entware-less install, but this is already nice)

Hello - can you please confirm
(1) if you have asus ddns configured within the GUI
(2) Specified Opendns server within the GUI
PS - should the download2 folder which was created during DM installed it be deleted?

I uninstalled DownloadMaster and installed Entware, Transmission, deleted asusware folder and the DNSCrypt using both modified wan_script and the one specified in wiki but still getting the failed to connect to ns1.asuscomm.com:80 with no internet connection after installing. Below are the 2 wan_start scripts I tried -

Modified Version wan_start secript
-----------------
-------------------

#!/bin/sh

# Wait up to 15 seconds to make sure /opt partition is mounted
i=0
while [ $i -le 15 ]
do
if [ -d /opt/tmp ]
then
break
fi
sleep 1
i=`expr $i + 1`
done

# Now resolve DNS name for NTP server
ntp_name=$(nvram get ntp_server0)
grep "$ntp_name" /jffs/configs/hosts.add > /dev/null 2>&1 || \
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $ntp_name)
do
echo $ip $ntp_name >> /jffs/configs/hosts.add
done

# Restart dnsmasq
service restart_dnsmasq && sleep 1

# and restart NTP client to eliminate 4-5 mins delay
killall ntp && sleep 1
service restart_ntpc


------------------------------------------------------------------------
RMerlin Version
--------------------------------------------------------------------------------
https://github.com/RMerl/asuswrt-merlin/wiki/Secure-DNS-queries-using-DNSCrypt
------------------------------------------------------------------------------------

#!/bin/sh

# Wait up to 15 seconds to make sure /opt partition is mounted
i=0
while [ $i -le 15 ]
do
if [ -d /opt/tmp ]
then
break
fi
sleep 1
i=`expr $i + 1`
done

# Now resolve DNS name for NTP server
rm -f /jffs/configs/hosts.add
ntp_name=$(nvram get ntp_server0)
for ip in $(/opt/sbin/dnscrypt-proxy-hostip $ntp_name)
do
echo $ip $ntp_name >> /jffs/configs/hosts.add
done

# and restart NTP client to eliminate 4-5 mins delay
killall ntp && sleep 1
service restart_ntpc
 
Last edited:
Hello - can you please confirm
(1) if you have asus ddns configured within the GUI
(2) Specified Opendns server within the GUI
PS - should the download2 folder which was created during DM installed it be deleted?
(1) No, currently not (though I think I should, for OpenVPN).
(2) Yes, that was in the GUI, but I used the DNSCrypt.eu server option when installing the Entware dnscrypt-proxy package and that server was confirmed to be the only used (tested via https://www.dnsleaktest.com).

I did not have the Download Manager installed before I started experimenting with DNSCrypt.
 
Last edited:
thanks - I have removed everything and went back to DM, pending when anyone with asus ddns configured confirms which of the methods what worked for them.
 
I installed entware and configured dnscrypt through the guide on github and no go.. no internet service, behaves the same as installing the script with no entware need. I get ISP IP but no internet if I dont place other DNS thats not the router
20:14:16 dnscrypt-proxy[547]: Refetching server certificates
Dec 31 20:14:16 dnscrypt-proxy[547]: Server certificate #1380734687 received
Dec 31 20:14:16 dnscrypt-proxy[547]: This certificate has not been activated yet
Dec 31 20:14:16 dnscrypt-proxy[547]: No useable certificates found
Dec 31 20:14:42 ddns update: error connecting to updates.dnsomatic.com:80
Dec 31 20:14:42 ddns update: asusddns_update: 1


ec 31 20:00:11 dnsmasq[352]: started, version 2.69 cachesize 1500
Dec 31 20:00:11 dnsmasq[352]: warning: interface tun21 does not currently exist
Dec 31 20:00:11 dnsmasq[352]: warning: ignoring resolv-file flag because no-resolv is set
Dec 31 20:00:11 dnsmasq[352]: asynchronous logging enabled, queue limit is 5 messages
Dec 31 20:00:11 dnsmasq-dhcp[352]: DHCP, IP range xxxxxxxxx -- xxxxxxxxxx, lease time 1d
Dec 31 20:00:11 dnsmasq[352]: using nameserver 127.0.0.1#65053
Dec 31 20:00:11 dnsmasq[352]: read /etc/hosts - 5 addresses
Dec 31 20:00:11 dnsmasq[352]: read /etc/hosts.dnsmasq - 3 addresses
Dec 31 20:00:11 dnsmasq-dhcp[352]: read /etc/ethers - 3 addresses
Dec 31 20:00:11 WAN Connection: ISP's DHCP did not function properly.
Dec 31 20:00:11 dropbear[364]: Running in background
 
Last edited:
Ok please somebody explain me! :D something strange just happend
Like in my previous post I said I did not have access.. al the issues appeared just when I has using the script without entware.
So I went and installed entware, and I installed the dnscrypt using the guide in github, I did not work, all the errors on my post. So I wanted my internet back and changed the name of the wan-start script, to wan-start.old changed the chmod also to 555 , and rebooted, I just forgot that I needed to erase the dnsmasq.add and all that. but look now, it works!!!, I can see it the TOP, my ipad works now, DNS o Matic and Open VPN also works

n 13 18:37:08 ddns update: ez-ipupdate: starting...
Jun 13 18:37:08 ddns update: connected to updates.dnsomatic.com (67.215.92.215) on port 80.
Jun 13 18:37:08 ddns update: request successful
Jun 13 18:37:08 ddns update: asusddns_update: 0
Jun 13 18:37:08 ddns: ddns update ok

un 13 18:36:51 dnscrypt-proxy[533]: Server certificate #1380734687 received
Jun 13 18:36:51 dnscrypt-proxy[533]: This certificate looks valid
Jun 13 18:36:51 dnscrypt-proxy[533]: Chosen certificate #1380734687 is valid from [2013-10-03] to [2014-10-03]
Jun 13 18:36:51 dnscrypt-proxy[533]: Server key fingerprint is 227C:86C7:7574:81AB:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Jun 13 18:36:51 dnscrypt-proxy[533]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
Jun 13 18:36:52 nmbd[493]: [2014/06/13 18:36:52, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage
 
Try providing an IP instead of a hostname for the NTP server.
Changed the NTP server to an IP et voila!!......SUCCESS!:D

Finally had a chance to try this again with my wife out shopping and maxxing the CC.

Here is my setup:
1 - Used non-entware on AC56U (arm)
2 - OpenDNS Servers on router gui
3 - DNSOMATIC DDNS (OpenDNS account)

Connected within a minute with a valid certificate

Cheers!
 
Ok please somebody explain me! :D something strange just happend
Like in my previous post I said I did not have access.. al the issues appeared just when I has using the script without entware.
So I went and installed entware, and I installed the dnscrypt using the guide in github, I did not work, all the errors on my post. So I wanted my internet back and changed the name of the wan-start script, to wan-start.old changed the chmod also to 555 , and rebooted, I just forgot that I needed to erase the dnsmasq.add and all that. but look now, it works!!!, I can see it the TOP, my ipad works now, DNS o Matic and Open VPN also works

n 13 18:37:08 ddns update: ez-ipupdate: starting...
Jun 13 18:37:08 ddns update: connected to updates.dnsomatic.com (67.215.92.215) on port 80.
Jun 13 18:37:08 ddns update: request successful
Jun 13 18:37:08 ddns update: asusddns_update: 0
Jun 13 18:37:08 ddns: ddns update ok

un 13 18:36:51 dnscrypt-proxy[533]: Server certificate #1380734687 received
Jun 13 18:36:51 dnscrypt-proxy[533]: This certificate looks valid
Jun 13 18:36:51 dnscrypt-proxy[533]: Chosen certificate #1380734687 is valid from [2013-10-03] to [2014-10-03]
Jun 13 18:36:51 dnscrypt-proxy[533]: Server key fingerprint is 227C:86C7:7574:81AB:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Jun 13 18:36:51 dnscrypt-proxy[533]: Proxying from 127.0.0.1:65053 to 208.67.220.220:443
Jun 13 18:36:52 nmbd[493]: [2014/06/13 18:36:52, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage

Cool -
Please can you confirm if-
(1) You selected dnsomatic.com as your ddns via the router gui
(2) Did you previoulsy have download master installed and if yes, did you delete the asusware folder before/after installing entware
(3) Did you install transmission via entware
(4) Which dnscrypt server option did you select during installation
(5) you just renamed the wan_start and boom all started working :)?
 
Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top