What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

How are you running dnscrypt-proxy? I use it as a service. I have my /opt/etc/init.d/S09dnscrypt-proxy as follows:
Code:
#!/bin/sh

ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="--local-address=127.0.0.1:65053 --daemonize -R cisco"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func
Make it executable. and dnscrypt-proxy will auto start when your router boots.

If you are planning to use more than one revolver, create multiple files: S09dnscrypt-proxy1, S09dnscrypt-proxy2, S09dnscrypt-proxy3 etc.
each with
Code:
ARGS="--local-address=127.0.0.1:65053 --daemonize -R resolver1"
ARGS="--local-address=127.0.0.1:65054 --daemonize -R resolver2"
ARGS="--local-address=127.0.0.1:65055 --daemonize -R resolver3"
and also make sure your /jffs/configs/dnsmasq.conf.add has the lines:
Code:
no-resolv
server=127.0.0.1#65053
server=127.0.0.1#65054
server=127.0.0.1#65055
 
How are you running dnscrypt-proxy? I use it as a service. I have my /opt/etc/init.d/S09dnscrypt-proxy as follows:
Code:
#!/bin/sh

ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="--local-address=127.0.0.1:65053 --daemonize -R cisco"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func
Make it executable. and dnscrypt-proxy will auto start when your router boots.

If you are planning to use more than one revolver, create multiple files: S09dnscrypt-proxy1, S09dnscrypt-proxy2, S09dnscrypt-proxy3 etc.
each with
Code:
ARGS="--local-address=127.0.0.1:65053 --daemonize -R resolver1"
ARGS="--local-address=127.0.0.1:65054 --daemonize -R resolver2"
ARGS="--local-address=127.0.0.1:65055 --daemonize -R resolver3"
and also make sure your /jffs/configs/dnsmasq.conf.add has the lines:
Code:
no-resolv
server=127.0.0.1#65053
server=127.0.0.1#65054
server=127.0.0.1#65055

Great this looks do-able. Can I ask why cisco has a mention in this code?
 
That is my content posted as is. I use cisco (opendns) resolver, You don't need to :)

So substitute my cs us north in the Cisco spot?
Edit: cs usnorth
 
You'd need to use the exact name in the /opt/share/dnscrypt-proxy/dnscrypt-resolvers.csv file. No spaces. I think it would be cs-usnorth
 
You'd need to use the exact name in the /opt/share/dnscrypt-proxy/dnscrypt-resolvers.csv file. No spaces. I think it would be cs-usnorth

Yes sir I think you are absolutely correct!
 
How are you running dnscrypt-proxy? I use it as a service. I have my /opt/etc/init.d/S09dnscrypt-proxy as follows:
Code:
#!/bin/sh

ENABLED=yes
PROCS=dnscrypt-proxy
ARGS="--local-address=127.0.0.1:65053 --daemonize -R cisco"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func
Make it executable. and dnscrypt-proxy will auto start when your router boots.

If you are planning to use more than one revolver, create multiple files: S09dnscrypt-proxy1, S09dnscrypt-proxy2, S09dnscrypt-proxy3 etc.
each with
But only one works - the 2nd/3rd returns an error:
Starting ... already running.

Update: Got the solution by using the suggestion/solution from here - the symbolic links for new names of the executable's did the trick!
 
Last edited:
Yes sir I think you are absolutely correct!

Before I make these files I must say the difference between me and you is that you have version 1.9.1 I have version 1.9.3 or 1.9.4 I reinstalled dnscrypt and no errors. Pidof returns to numbers...ipleak.net shows both servers...I really have no reason to think it's not working. It's just updating certificate that it has problems with.

How can I manually call for a certificate update to test what I have. Do I have to wait 24 hours?
 
Good point, @joegreat I do not use more than one instance, so I never actually faced this. So @skeal, please follow the post @joegreat referenced for multiple dnscrypt resolvers

The dnscrypt page 1 install scrypt of this post allows for two resolvers. You get asked which ones during the install. Then it asks if you want all dns to go through dnscrypt.

Sorry I don't think the comprehensive guide is my answer. My dnscrypt works! The installer looks after multiple instances it's the certificate update feature seems broken when using the two resolvers I use. My dns basically is not broken it's the cert renewal that fails. What do you think of this @bigeyes0x0 ?
 
Last edited:
Before I make these files I must say the difference between me and you is that you have version 1.9.1 I have version 1.9.3 or 1.9.4 I reinstalled dnscrypt and no errors. Pidof returns to numbers...ipleak.net shows both servers...I really have no reason to think it's not working. It's just updating certificate that it has problems with.

How can I manually call for a certificate update to test what I have. Do I have to wait 24 hours?
I don't believe it's anything to be concerned about....it gets retried automatically. I see it occasionally as well. My guess is it's one of two things.....
- the dnscrypt server is just busy and the command timed out
- dnscrypt just happens to be starting when something else is starting on the router that temporarily blocks communication.....like a restart of dnsmasq or the firewall.
 
The dnscrypt page 1 install scrypt of this post allows for two resolvers. You get asked which ones during the install. Then it asks if you want all dns to go through dnscrypt.

Sorry I don't think the comprehensive guide is my answer. My dnscrypt works! The installer looks after multiple instances it's the certificate update feature seems broken when using the two resolvers I use. My dns basically is not broken it's the cert renewal that fails. What do you think of this @bigeyes0x0 ?


You can try with --test option
to see if certificates are getting generated properly for the provider you have selected,
if not switch to a different dnscrypt-proxy provider.

Try the below replacing the values with your installation details and provider of your choice

dnscrypt-proxy --local-address=127.0.0.1:65053 --ephemeral-keys --daemonize -ZDnsCryptProxy1 -Rdnscrypt.eu-dk --test=10080

After running the command, type the below in your ssh shell
echo $?

Meaning of the value displayed by the echo command
0 if a valid certificate can be used
2 if no valid certificates can be used
3 if a timeout occurred, and
4 if a currently valid certificate is going to expire before the margin.

Check in syslog to see if any issue with configuration or certificates for the provider
 
If I have a vpn client enabled and have all traffic going through the vpn is dnscrypt still used for the dns lookups? Do I want it to be? If not enabled what changes would have to be made to make dnscrypt work through the vpn and what would I need to change on the vpn client page?

Thank you.
 
Last edited:
@bigeyes0x0,

Have you considered using dnscrypt-proxy.conf to configure dnscrypt-proxy instead of using command-line options ?​
 
As I'm having problem with MIPS based router, for now the script switches to use entware-ng dnscrypt-proxy binaries.

@bigeyes0x0,

Have you considered using dnscrypt-proxy.conf to configure dnscrypt-proxy instead of using command-line options ?​
I don't think that's required because there's nothing to config there at least from my setup used here in the script.
 
Hello ... I still have these messages in the syslog and dnscrypt does not work. What can I do? Please help!
Code:
.........ac87u: dnscrypt-proxy started for boot services
dnscrypt-proxy: Clock might be off - Pretending that this certificate is valid no matter what
.........ac87u: OpenDNS: Update IP succeeded
.........ac87u: Restart dnscrypt-proxy for normal operations
dnscrypt-proxy: Unable to retrieve server certificates
 
Hello ... I still have these messages in the syslog and dnscrypt does not work. What can I do? Please help!
Code:
.........ac87u: dnscrypt-proxy started for boot services
dnscrypt-proxy: Clock might be off - Pretending that this certificate is valid no matter what
.........ac87u: OpenDNS: Update IP succeeded
.........ac87u: Restart dnscrypt-proxy for normal operations
dnscrypt-proxy: Unable to retrieve server certificates

This is worth the shot. Change your resolvers to something different and test. Sometimes resolvers get busy with the requests...if you have picked like cs-usnorth selection 31 in the setup...and it's not working for you try a different one like 36 I believe it is cs-ussouth. As a for instance I'm saying.
 
Is there a reason why there isn't the second opendns server ? (208.67.222.222) I can't do failover from
208.67.220.220 to 208.67.222.222.. :/
 
Is there a reason why there isn't the second opendns server ? (208.67.222.222) I can't do failover from
208.67.220.220 to 208.67.222.222.. :/

All I know is the installer script asks your preferences for dns servers whether it 1 or 2 resolvers. It's a pretty painless setup...:)
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top