What's new

DNScrypt dnscrypt installer for asuswrt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Better clarity now I have had time to look at it. This code in firewall-start is being run more than once at boot causing excessive pre-routing logs. Not sure if its a security issue or not.
Code:
[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules
Can we add some check code to see if this has been run or not? With the end result being that that instruction only gets run once.
 
Router handles dns m8, all fields left blank. Happens to all devices i use such as PC, laptop and server. All set to dhcp but the router gives the same ip to them via dhcp tables.

Sent from my SM-G920F using Tapatalk
Can you do an extended test at https://www.dnsleaktest.com/ and check the result for any DNS that you haven't set in the installer. Knowing what they are might actually get us somewhere guessing where the leak comes from.
 
Better clarity now I have had time to look at it. This code in firewall-start is being run more than once at boot causing excessive pre-routing logs. Not sure if its a security issue or not.
Code:
[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules
Can we add some check code to see if this has been run or not? With the end result being that that instruction only gets run once.
I will take a look at this.
 
Can you do an extended test at https://www.dnsleaktest.com/ and check the result for any DNS that you haven't set in the installer. Knowing what they are might actually get us somewhere guessing where the leak comes from.
I ran the extended test and it gives a single virginmedia server, so it's ignoring dnscrypt and using my isp instead

Sent from my SM-G920F using Tapatalk
 
To add, I have just set "WAN DNS Setting" to 192.168.1.1 (the router) and

Code:
C:\Windows\system32>nslookup -type=txt debug.opendns.com
Server:  Router
Address:  192.168.1.1
Non-authoritative answer:
debug.opendns.com       text =
        "server m37.lon"
debug.opendns.com       text =
        "flags 20 0 8050 3950000000000000000"
debug.opendns.com       text =
        "originid 19592237"
debug.opendns.com       text =
        "actype 2"
debug.opendns.com       text =
        "bundle 5670731"
debug.opendns.com       text =
        "source 82.1.22.110:33973"
debug.opendns.com       text =
        "dnscrypt enabled (713156774457306E)"

I have never had to do this before so I'm a little stumped why I have to tell it to do this despite telling the dnscrypt settings to route all DNS queries through dnscrypt
 
@GoNz0 Do you have VPN? Otherwise this seems to be a quirk with >=382 branch. Can you do another command for me and get me the System Log in webui printed out by dnsmasq:
Code:
service restart_dnsmasq
 
@GoNz0 Do you have VPN? Otherwise this seems to be a quirk with >=382 branch. Can you do another command for me and get me the System Log in webui printed out by dnsmasq:
Code:
service restart_dnsmasq
I am on the 384 beta branch now as I gave on on the 382 a while back. I decided to give this another go once I updated to 384.

I did the command twice, once with the dns servers set to 192.168.1.1 and again after removing them.

For now it is working. Even after a reboot o_O

VPN wise I have openVPN installed on this laptop, it isn't active though as I only run it to RDP into servers, I had ruled that out by logging into my games PC and server.

https://pastebin.com/eM3LrVmg
 
@GoNz0
No VPN on the actual router though, right?

Anyway I think I caught the issue, something is weird with dnsmasq on your firmware version. It doesn't honor the no-resolv directive I believe as there's no line like this logged: "warning: ignoring resolv-file flag because no-resolv is set" . Can you also double check once again that:
1. /etc/dnsmasq.conf contains no-resolv
2. The log when restarting dnsmasq does not contain "warning: ignoring resolv-file flag because no-resolv is set"

I have some idea to fix this but let's make sure first.
 
Last edited:
Better clarity now I have had time to look at it. This code in firewall-start is being run more than once at boot causing excessive pre-routing logs. Not sure if its a security issue or not.
Code:
[ -x /jffs/dnscrypt/manager ] && /jffs/dnscrypt/manager fw-rules
Can we add some check code to see if this has been run or not? With the end result being that that instruction only gets run once.
This is fixed in rc3! Thank you sir!
 
@GoNz0 I have pushed a new version on beta that tries to fix your leaky issue. Please go back to your default WAN DNS settings that you had leaky DNS before and try to update dnscrypt-proxy with my installer. Also answer my previous questions, just wanna make sure.

@all: the change is kinda drastic, it works on my branch 380, dunno how it acts for those on >= 382, it might brick your network lol.
 
@GoNz0
No VPN on the actual router though, right?

Anyway I think I caught the issue, something is weird with dnsmasq on your firmware version. It doesn't honor the no-resolv directive I believe as there's no line like this logged: "warning: ignoring resolv-file flag because no-resolv is set" . Can you also double check once again that:
1. /etc/dnsmasq.conf contains no-resolv
2. The log when restarting dnsmasq does not contain "warning: ignoring resolv-file flag because no-resolv is set"

I have some idea to fix this but let's make sure first.

1, it does contain no-resolv on line 7
2, it isn't there, just the following

https://pastebin.com/0rbYjw56

I will update in a few hours as I have to go out now, thanks for the help so far.


*edit
by the way I can't install a swap file to my usb storage, does it need to be a certain file format to allow it?
 
Installed and rebooted b4 I go out and I have internet still along with the welcome.opendns.com landing page saying I'm secure :)
 
Installed just now rc3 again and it is fine. Running awesome using DoH.
 
by the way I can't install a swap file to my usb storage, does it need to be a certain file format to allow it?

A swapfile can be installed on any ext2/3/4 filesystem. The dnscrypt-proxy installer can do it for you, amtm can do it, SkyNet can do it and you can also create it manually.
 
Recently upgraded the firmware on a 68u to 384.beta
DNScrypt with server set as google and wan dns set as 192.168.1.1 was working fine. DNSleak showed approx 60 google servers and no other servers. After upgrading the firmware DOH doesn't work anymore. nslookup yahoo.com in SSH doesn't resolve the address. I removed the dnscrypt directory and reinstalled RC3 but google as the server still doesn't work. I changed the server to cisco in the config file and restarted the service and it started working again.

I have already preresolved dns.google.com in /jffs/configs/dnsmasq.conf.add by adding the below lines.

Code:
server=/dns.google.com/8.8.8.8
server=/download.dnscrypt.info/8.8.8.8

TIA
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top