What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

we both using ac68u right?

Yes, indeed. Still don't get it either. I haven't had a single crash since you posted the 'dnscrypt is reborn' thread and I started using it, so your guess is as good as mine... Are you experiencing crashes since using the installer by bigeyes0x0? Or did you have them before, when we manually installed and configured it?
 
Yes, indeed. Still don't get it either. I haven't had a single crash since you posted the 'dnscrypt is reborn' thread and I started using it, so your guess is as good as mine... Are you experiencing crashes since using the installer by bigeyes0x0? Or did you have them before, when we manually installed and configured it?

I used the installer for v1 but not in this v2. I installed v2 manually like we have discussed. Previously v1 installation don’t have problem.

During the v2, I install haveged via amtm thru v1 installer and installed without dnscrypt. Then manually install v2.

If I didn’t remember wrongly during v1 dnscrypt installer. It is launched in daemonize mode. And I now understand why I couldn’t see the cert refresh log during v1. Think it is similar to v2. And that’s why there is no crash.
 
I used the installer for v1 but not in this v2. I installed v2 manually like we have discussed. Previously v1 installation don’t have problem.

During the v2, I install haveged via amtm thru v1 installer and installed without dnscrypt. Then manually install v2.

If I didn’t remember wrongly during v1 dnscrypt installer. It is launched in daemonize mode. And I now understand why I couldn’t see the cert refresh log during v1. Think it is similar to v2. And that’s why there is no crash.

It'll be nice when y'all are done with the beta-ing so @thelonelycoder will add this version/functionality to amtm
 
It'll be nice when y'all are done with the beta-ing so @thelonelycoder will add this version/functionality to amtm

I'm sure he will, as @thelonelycoder has mentioned already, but dnscrypt-proxy v2 is currently still in beta and @bigeyes0x0 is working closely with the developer. This might result in changes to the installer script, so untill dnscrypt-proxy as well as the installer script are no longer in beta, it'll take some patience. Having that said, the installer works perfectly fine in it's current state, so if you want to have a go a it, browse a few pages back for the install instructions.
 
Damn... still auto terminate... after dnssec validation disabled. Not that issue.

Now installed via the installer with haveged... default setting with Google dns. Will monitor... I note that the ownership of dnscrypt is nobody. Let see if this makes a diff.
 
What is the command to restart dnscrypt-proxy if we modified the toml?
Installed via installer
 
Sounds good to me. Looking forward to the next beta. Current installer works like a charm, btw. Thanks!

One remark on the current (beta12) installer, not sure wether on purpose, but nevertheless it might be worth mentioning. During executing the installer you ask for an initial DNS-server, quad9 by default, whichs gets added to dnsmasq.conf. However, if the user specifies a different dns server, it's not being added to dnscrypt-proxy.toml as fallback:

Code:
## Fallback resolver
## This is a normal, non-encrypted DNS resolver, that will be only used
## for one-shot queries when retrieving the initial resolvers list, and
## only if the system DNS configuration doesn't work.
## No user application queries will ever be leaked through this resolver,
## and it will not be used after IP addresses of resolvers URLs have been found.
## It will never be used if lists have already been cached, and if stamps
## don't include host names without IP addresses.
## It will not be used if the configured system DNS works.
## A resolver supporting DNSSEC is recommended. This may become mandatory.
fallback_resolver = "9.9.9.9:53"

Not sure you've done that on purpose?

I also have a feature request to consider for when it's stable: Would you consider building in an option to check during install wether there's an existing config file and ask the user if it wants to keep using the existing config or start fresg? Maybe it's possible to skip several questions and copy the values from, let's say dnscrypt-proxy.toml.old, to the new config file and only ask user input on new variables/functionality (if any). An option to reconfigure afterwards could be used to start completely fresh with the default. It's not mandator by far, would be nice-to-have and might be more convenient to a broader public.

@Protik, the functionality you are looking for is already included in dnscrypt-proxy v2 since a few betas ago. Just edit /jffs/dnscrypt-proxy/dnscrypt-proxy.toml and remove the hash before the line file = 'query.log' as shown below and a file will be created in the same directory where the executable is. You can also specify a full path if you want to store it elsewhere, for example to have the file deleted on reboot. If you wish to keep logging dns queries, I suggest you do this on usb instead of jffs, by specifying an absolute path to /tmp/mnt/<your_usb>/<folder_name>/query.log. A restart of dnscrypt-proxy or rebooting your router is required for these changed settings to take effect.

Code:
###############################
#        Query logging        #
###############################
## Log client queries to a file
[query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file)
file = 'query.log'



Just tested it, it does. Tested it before, it worked then, but maybe it got broken in between betas. In beta 12 it works as supposed to, I'm looking at it now (see attached file).

You are right, this works on beta 12. But dnscrypt crashes after a while for me too. I don't have the time to tinker with it right now. So I will wait for a more stable version.

@bigeyes0x0, a suggestion. In the original DNSCryp is reborn tutorial, there is a line to be added for IPv6 in dnsmasq.conf file. In the lines you append in /etc/dnsmasq.conf, that line is missing. I don't really know what are the implications for that line is, but you can add an option to append that line based on user input whether the user wants IPv6 or not.
 
Apparently it is,

Code:
/jffs/dnscrypt/manager dnscrypt-start
Thx.
If you want it to be stable, add
daemonize = true
To the toml file and restart dnscrypt.
Confirmed it wouldn’t close auto.
I am thinking of the vsz usage stating 777m. I have increase my swap to 2gb. Let’s see how.
Still can’t give up on why it keep auto close... lol

@M@rco
Do you have memory management Enable at the Tools, Other setting?
Mine is off...
 
But dnscrypt crashes after a while for me too. I don't have the time to tinker with it right now. So I will wait for a more stable version.

@M@rco
Do you have memory management Enable at the Tools, Other setting?
Mine is off...

Memory management is enabled (default setting).

I still can't get my head around why for the both of you it keeps crashing/quitting after a while... Quite frustrating, I imagine.

I installed the latest 384 alpha last weekend, did a clean install, went through QiS, enabled SSH, installed amtm, created a 512Mb swapfile, installed SkyNet, Ab-Solution, Entware, pixelserv, htop, openssh-sftp-server and ran the dnscrypt-proxy installer (including the install of haveged). It just works, hasn't crashed on me a single time since I jumped on the dnscrypt v2 train. The rest of my router settings is all still at the default settings, as QoS unfortunately still doesn't work for me on the latest alpha. Oh, and I've set fixed wifi channels for both bands, which is totally unrelated too.

Those are the only things I changed/added to a clean install. And it works like a charm, beta after beta. How about deleting the /jffs/dnscrypt folder, going through the startup scripts manually removing anything related, check dnsmasq.conf.add etcetera to remove every trace of manual attempts to fix it and install it using bigeyes0x0 installer? Or even better, do a factory reset, configure your connection, install the minimum of required scripts and run @bigeyes0x0 installer. I can't explain the issues you're experiencing (which frustrates me somehow), but I haven't seen other reports of crashes so far, as far as I'm aware, so I can't get rid of the feeling that something's wrong with your setup/memory management/swap... you name it...

If I could blame it on the beta, I would, but I just can't and I don't see other reports (or I must have missed them), but these betas are so stable, bugfixes are minimal, it's mostly added functionality with each release.

I sincerely hope you'll figure it out. Very curious to hear if a fresh install (if you're willing to do so) will solve your issues.
 
Last edited by a moderator:
Memory management is enabled (default setting).

I still can't get my head around why for the both of you it keeps crashing/quitting after a while... Quite frustrating, I imagine.

I installed the latest 384 alpha last weekend, did a clean install, went through QiS, enabled SSH, installed amtm, created a 512Mb swapfile, installed SkyNet, Ab-Solution, Entware, pixelserv, htop, openssh-sftp-server and ran the dnscrypt-proxy installer (including the install of haveged). It just works, hasn't crashed on me a single time since I jumped on the dnscrypt v2 train. The rest of my router settings is all still at the default settings, as QoS unfortunately still doesn't work for me on the latest alpha. Oh, and I've set fixed wifi channels for both bands, which is totally unrelated too.

Those are the only things I changed/added to a clean install. And it works like a charm, beta after beta. How about deleting the /jffs/dnscrypt folder, going through the startup scripts manually removing anything related, check dnsmasq.conf.add etcetera to remove every trace of manual attempts to fix it and install it using bigeyes0x0 installer? Or even better, do a factory reset, configure your connection, install the minimum of required scripts and run @bigeyes0x0 installer. I can't explain the issues you're experiencing (which frustrates me somehow), but I haven't seen other reports of crashes so far, as far as I'm aware, so I can't get rid of the feeling that something's wrong with your setup/memory management/swap... you name it...

If I could blame it on the beta, I would, but I just can't and I don't see other reports (or I must have missed them), but these betas are so stable, bugfixes are minimal, it's mostly added functionality with each release.

I sincerely hope you'll figure it out. Very curious to hear if a fresh install (if you're willing to do so) will solve your issues.

I assume crashing is quite normal as it's still in beta. Problem is dnscrypt v2 is not verbose enough for me to hunt it down. After 1 week or so, I should have some time tinker with it again. May be then I will try to figure it out.
 
Memory management is enabled (default setting).

I still can't get my head around why for the both of you it keeps crashing/quitting after a while... Quite frustrating, I imagine.

I installed the latest 384 alpha last weekend, did a clean install, went through QiS, enabled SSH, installed amtm, created a 512Mb swapfile, installed SkyNet, Ab-Solution, Entware, pixelserv, htop, openssh-sftp-server and ran the dnscrypt-proxy installer (including the install of haveged). It just works, hasn't crashed on me a single time since I jumped on the dnscrypt v2 train. The rest of my router settings is all still at the default settings, as QoS unfortunately still doesn't work for me on the latest alpha. Oh, and I've set fixed wifi channels for both bands, which is totally unrelated too.

Those are the only things I changed/added to a clean install. And it works like a charm, beta after beta. How about deleting the /jffs/dnscrypt folder, going through the startup scripts manually removing anything related, check dnsmasq.conf.add etcetera to remove every trace of manual attempts to fix it and install it using bigeyes0x0 installer? Or even better, do a factory reset, configure your connection, install the minimum of required scripts and run @bigeyes0x0 installer. I can't explain the issues you're experiencing (which frustrates me somehow), but I haven't seen other reports of crashes so far, as far as I'm aware, so I can't get rid of the feeling that something's wrong with your setup/memory management/swap... you name it...

If I could blame it on the beta, I would, but I just can't and I don't see other reports (or I must have missed them), but these betas are so stable, bugfixes are minimal, it's mostly added functionality with each release.

I sincerely hope you'll figure it out. Very curious to hear if a fresh install (if you're willing to do so) will solve your issues.

As mentioned, my memory management is disable as I feel the router working too hard clearing the cache.
Good news as of now but still need to monitor... 4hr plus without auto shutdown .

The result could be due to remaking a bigger swap of 2gb and at the same time I did the following once before I have minimum activity on the router (sleeping)
Clear PageCache only. sync; echo 1 > /proc/sys/vm/drop_caches (Similar to what memory management enable is doing)
I also did the following code before to make sure my VM is aggressively used.
echo 100 > /proc/sys/vm/swappiness

I will monitor further with moderate surfing and stress test in the memory. Without clearing cache this time to see if it will kill the dnscrypt-proxy.

Current memory status
lGMDL8Z_d.jpg
 
Last edited:
For my config, I also have memory management disabled because RAM is supposed to be used as cache, free RAM is wasted RAM. I also have 512MB swap only but I do not use any other script. Still on 380.69_2 with settings I set for quite some times (months). No other settings applied to sysfs.

For the whole of yesterday I have been trying to torrent like hell and copy files as NAS back and forth so there's more memory pressure but still no dnscrypt-proxy crashed at all. In the end it's likely a specific issue for people to have it. Because we have established that it has nothing to do with my script here and for some reason, daemonizing helps you guys, better try to work with Frank to figure out why.
 
For my config, I also have memory management disabled because RAM is supposed to be used as cache, free RAM is wasted RAM. I also have 512MB swap only but I do not use any other script. Still on 380.69_2 with settings I set for quite some times (months). No other settings applied to sysfs.

For the whole of yesterday I have been trying to torrent like hell and copy files as NAS back and forth so there's more memory pressure but still no dnscrypt-proxy crashed at all. In the end it's likely a specific issue for people to have it. Because we have established that it has nothing to do with my script here and for some reason, daemonizing helps you guys, better try to work with Frank to figure out why.

Maybe it is your installer helping it from auto terminate, I also did some memory stress test like, download torrent and also doing updating of ab-solution and Skynet. It stays strong. Memory dropped to 23mb, then spring back to 70+mb. Kernel memory management doing its job.

Strange...
 
Not likely, because my script simply launches the app.
Why now it don’t auto terminate?
All I did is reinstall swap to 2gb, make swappiness 100, used your installer.

Could previous swap creation be corrupted causing error?

Maybe @AtAM1 do similar setting as me and test it.
- set 2gb swap
- set swappiness to 100
- install via installer
 
Who knows? Only by having more logs of process termination we may know more. This is only something that Frank can do though as someone said that loglevel 0 does not provide more details here already.
 
UPDATE *** This was not the fix - the bug was with the manager script which bigeyes0x0 has addressed on github. ***

@bigeyes0x0 @M@rco @DonnyJohnny I managed to track down the bug and it had nothing to do with memory management.

Permissions issue is observed when using non-standard admin user ie. http_username

Error from installer:
Code:
chown: unknown user/group admin:root

Installer script line 153:
Code:
 chown admin:root $TARG/$DNSCRYPT_ARCH_TAR/*

The line of code above does not take into consideration any changes made to the default username which results in the following files having incorrect permissions (permissions of a user/group that does not exist with dnscrypt-proxy executed as 'nobody') causing the dncrypt-proxy process to timeout while the manager process continues running. By enabling daemonizing mode, the permissions issue was overriden.

Code:
-rw-r--r--    1 2000     2000           818 Jan 30 19:29 LICENSE
-rw-r--r--    1 2000     2000           707 Jan 30 19:29 blacklist.txt
-rwxr-xr-x    1 2000     2000       5929264 Jan 30 19:32 dnscrypt-proxy
-rw-r--r--    1 2000     2000          6474 Feb  1 09:05 dnscrypt-proxy.toml
-rw-r--r--    1 2000     2000           495 Jan 30 19:29 forwarding-rules.txt

FIX - changing that line to:

Code:
chown `nvram get http_username`:root $TARG/$DNSCRYPT_ARCH_TAR/*

Tested and confirmed without enabling daemonizing mode.

Edit: For those of you having this issue and do not wish to reinstall dnscrypt, remove the daemonize option from the config file and execute:
Code:
chown `nvram get http_username`:root /jffs/dnscrypt/*
then reboot.
 
Last edited by a moderator:
I don't want to be cocky (had to Google that, lol) but I still think it's a local (config?) issue for those having issues.

Why? Well even though I have a 512Mb swapfile, it's barely being used ever. A 2Gb swap shouldn't be necessairy, if you'd ask me. My routers' swappiness is (and has always been) at the default (high) value of 60 and I never felt a need to change it. The only time I observe the swapfile being temporarily used is when AB-Solution is updating it's blocking files weekly and gathering data to create it's reports and backups. My routers memory rarely gets actively used over 80% (when observed in the WebUi, in htop it's always 5%-10% lower even though the WebUi is open at the same time). As linux based systems tend to have a way too high value for swappiness by default (on my Ubuntu systems I generally lower it to 10), I dare to state that even if I would lower the default value on my router, thus making swappiness even less attractive, I would still not be able to crash it.

As for @AtAM1's findings, it's great that you found something that needs correcting, and @bigeyes0x0 will definitely take a look it, but I have a hard time believing that's the (source of the) issue. Why? Because with or without the installer, I never, ever had a crash. Nor have many, many other users. I can't recall if I saw the permission error come by when using the installer, but it sure hasn't made dnscrypt-proxy any less stable for me, as I'm running the last 3 betas using the installer by @bigeyes0x0 without a single crash... The uptime of dnscrypt is identical to the uptime of my router, give or take half a minute because it's started somewhat later in the process after booting.

Sorry, if I'm (considered) a pain, I'm just a naturally born practioner of the Vulcan philosophy. If I'm wrong, please show me how to reproduce the issues you're experiencing, as I don't have them.
 
As for @AtAM1's findings, it's great that you found something that needs correcting, and @bigeyes0x0 will definitely take a look it, but I have a hard time believing that's the (source of the) issue. Why? Because with or without the installer, I never, ever had a crash. Nor have many, many other users. I can't recall if I saw the permission error come by when using the installer, but it sure hasn't made dnscrypt-proxy any less stable for me, as I'm running the last 3 betas using the installer by @bigeyes0x0 without a single crash... The uptime of dnscrypt is identical to the uptime of my router, give or take half a minute because it's started somewhat later in the process after booting.

Sorry, if I'm (considered) a pain, I'm just a naturally born practioner of the Vulcan philosophy. If I'm wrong, please show me how to reproduce the issues you're experiencing, as I don't have them.

I think you missed the crooks of the issue here Marco.. The reason you weren't experiencing the process timeout issue when installing manually or via the installer was because you did not change the default admin username via the router's web gui just like most users on here don't. When you install manually, you are installing as admin:root so no issue there. When you utilize the installer, as the default 'admin' user, you are also installing as admin:root, so no issue there either.

Try it yourself - change the default admin user to marco, keep the memory management feature enabled and reinstall dnscrypt beta12 from 'scratch' then reboot.. I guarantee you the dnscrypt process will terminate after a short while ;)
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top