What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I got the AC87U, and using the software number generator. Is it worth the cash to buy the TrueRNG v3?
 
Last edited:
Great, as it would have costed me >80$ to import one from USA at Ebay. :) Would like to show my gratitude for making life easier, by giving us this great script. :)
 
Last edited:
I like test my internet connection, now after dnscrypt runs, I get the following results:
Code:
netalyzr.icsi.berkeley.edu --> Failure:

Direct TCP connections to remote DNS servers (port 53) succeed, but do not receive the expected content.
A DNS proxy or firewall generated a new request rather than passing the client's request unmodified.
A DNS proxy or firewall caused the client's direct DNS request to arrive from another IP address. Instead of your IP address, the request came from 176.56.237.171. (dnscrypt.eu-nl)
---
UDP access to remote DNS servers (port 53) appears to pass through a firewall or proxy. The client was unable to transmit a non-DNS traffic on this UDP port, but was able to transmit a legitimate DNS request, suggesting that a proxy, NAT, or firewall intercepted and blocked the deliberately invalid request.
A DNS proxy or firewall caused the client's direct DNS request to arrive from another IP address. Instead of your IP address, the request came from 176.56.237.171. (dnscrypt.eu-nl)
A DNS proxy or firewall generated a new request rather than passing the client's request unmodified.
Code:
netztest.at --> Failure:

TCP Incoming:
It has been attempted to establish an incoming connection on port: 5061.
It has been attempted to establish an incoming connection on port: 8080.
TCP outgoing:
It has been attempted to establish an outgoing connection to the QoS test server on port: 53
UDP Incoming:
It has been attempted to receive packets from the QoS test server on port: 5004 and send them back.
Number of packets requested: 1, received by the client: 0, came back to the server: 0.
Packet loss rate: 100%
It has been attempted to receive packets from the QoS test server on port: 3389 and send them back.
Number of packets requested: 1, received by the client: 0, came back to the server: 0.
Packet loss rate: 100%
UDP Outgoing:
It has been attempted to send packets to the QoS test server on port: 53 and receive them back.
Number of sent packets: 1, received by the server: 0, came back to the client: 0.
Packet loss rate: 100%

Can the wonderful script be improved, perhaps, because of the results? Excuse these Noob questions ... :)
 
@eclp it looks like you're thinking something is wrong but it's mainly because of your specific setup, you're actually using a VPN or some kind of proxy that causes these issues/side effects, these have nothing to do with with this script.
 
Just wondering what the Let's Encrypt certificate is for on the latest installer?
 
Well it's a function I built into this script to replace the self signed cert our routers generate with let's encrypt valid certificate as well as adding a static hostname inside dnsmasq for the public domain so that we can access the webui with hostname from the internal network with a green https connection.
 
Well it's a function I built into this script to replace the self signed cert our routers generate with let's encrypt valid certificate as well as adding a static hostname inside dnsmasq for the public domain so that we can access the webui with hostname from the internal network with a green https connection.
I nearly understand that :D

Seems having DDNS setup to dnsomatic causes an issue?

Code:
Info:  This operation will install Let's Encrypt certificate in place of
 Info:  the self signed certificate to jffs, no other data will be changed.
 Info:  Also some start scripts will be installed/modified as required.

 Info:  You need to use router dns server for this to work.
 =>  Do you want to proceed [y/n]: y
 Info:  Found domain: all.dnsomatic.com
 Info:  Downloading renew
 Info:  Downloading acme.sh
 Info:  No key and certificate found, getting new cert and key
[Mon Jun  5 08:56:10 DST 2017] Run pre hook:'/jffs/cert/renew pre-hook'
 Stopping webui
[Mon Jun  5 08:56:14 DST 2017] Standalone tls mode.
[Mon Jun  5 08:56:18 DST 2017] Registering account
[Mon Jun  5 08:56:21 DST 2017] Registered
[Mon Jun  5 08:56:23 DST 2017] Update success.
[Mon Jun  5 08:56:23 DST 2017] ACCOUNT_THUMBPRINT='***************************'
[Mon Jun  5 08:56:23 DST 2017] Creating domain key
[Mon Jun  5 08:56:26 DST 2017] The domain key is here: /jffs/cert/all.dnsomatic.com/all.dnsomatic.com.key
[Mon Jun  5 08:56:26 DST 2017] Single domain='all.dnsomatic.com'
[Mon Jun  5 08:56:26 DST 2017] Getting domain auth token for each domain
[Mon Jun  5 08:56:26 DST 2017] Getting webroot for domain='all.dnsomatic.com'
[Mon Jun  5 08:56:26 DST 2017] Getting new-authz for domain='all.dnsomatic.com'
[Mon Jun  5 08:56:28 DST 2017] The new-authz request is ok.
[Mon Jun  5 08:56:29 DST 2017] Verifying:all.dnsomatic.com
[Mon Jun  5 08:56:29 DST 2017] Starting tls server.
[Mon Jun  5 08:56:33 DST 2017] Multi domain='DNS:2d348ced05bbcfd8c7ea53f5d2fc76a4.eab4a449fa399a5c1c4ea8a325f9a053.acme.invalid'
[Mon Jun  5 08:56:40 DST 2017] all.dnsomatic.com:Verify error:DNS problem: NXDOMAIN looking up A for all.dnsomatic.com
[Mon Jun  5 08:56:41 DST 2017] Please add '--debug' or '--log' to check more details.
[Mon Jun  5 08:56:41 DST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Mon Jun  5 08:56:41 DST 2017] Run post hook:'/jffs/cert/renew post-hook'
cp: can't stat '/jffs/cert/all.dnsomatic.com/fullchain.cer': No such file or directory
 Restarting webui
 Info:  Configure dnsmasq.postconf file for dnscrypt
 Info:  Configure init-start file for dnscrypt
 Info:  Setup completed!
 Info:  Please reboot your router for the changes to take effect!
GoNz0@Router:/tmp/home/root#
 
Basically if you use router dns caching server on your network (using dnscrypt force you to do this) with dynamic dns, this option helps:
1. Reduce the boot time as the router does not need to generate the self signed certificate at boot.
2. Let you have an actual https connection to your router webui using Let's Encrypt cert.

I will look into the issue with dnsomatic. Maybe I will need to let user enter their domain after all.
 
Basically if you use router dns caching server on your network (using dnscrypt force you to do this) with dynamic dns, this option helps:
1. Reduce the boot time as the router does not need to generate the self signed certificate at boot.
2. Let you have an actual https connection to your router webui using Let's Encrypt cert.

I will look into the issue with dnsomatic. Maybe I will need to let user enter their domain after all.
Yeah it would be nice if it asked for a domain or maybe had a 1, use ***** domain that it can see or 2 input your own?

Now it has gone and generated a dnsomatic certificate that I can't connect to do I need to wipe the JFFS folder and stick everything back on?
 
Basically the let's encrypt feature masks the public IP of your domain with the private IP of your router. This is so you can use the hostname for the https cert with LAN access to the WebUI (I rather not enable WAN access to the webui just so I can access my router webui without a security exception with router domain name through NAT Loopback). Maybe that's why you have NAT loopback problem. I'll check that and if it's an issue then I might need to remove this feature or at a note, because I rarely use NAT loopback myself.
 
Basically the let's encrypt feature masks the public IP of your domain with the private IP of your router. This is so you can use the hostname for the https cert with LAN access to the WebUI (I rather not enable WAN access to the webui just so I can access my router webui without a security exception with router domain name through NAT Loopback). Maybe that's why you have NAT loopback problem. I'll check that and if it's an issue then I might need to remove this feature or at a note, because I rarely use NAT loopback myself.
Yea, I don't know why I decided to add it... I don't expose the router externally and it doesn't even use ssl... I do have a domain name via DDNS (and even my own certs) so I guess I was just dinking around...
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top