DNSCrypt on Asus-Merlin Variants?

[ColinTaylor]

The wifi system I am on at work is not mine, and they use opendns to spoof the dns port 53, and that blocks/redirects websites like youtube. Now dns's that are cached load instantly plus I have access to soundcloud, youtube and all the other fun stuff.

Where I used to work that would have been a breach of my contract of employment and grounds for immediate dismissal. Just saying, not judging.

 

[RogueSpear]

I cannot start debugging both the firmware (which is already beyond my ability to entirely debug as a single, unique developer) and the whole DNSCrypt implementation.

Indeed, I can empathize with that. I'll have some time at home now to try and nail down where and why the breakage happens.

Your comments on the timing of things is well received. A good deal of my efforts the last couple of months has been figuring out when to run this and when to run that. And it dovetails somewhat about with your comments about USB disks. I actually have some things run from the USB disk in an attempt to delay their execution and because I don't want them to run if it doesn't properly mount anyway. I've been doing quite a bit of experimentation with different brands of both spinning drives and flash drives, USB 2.0 vs. 3.0, using a powered hub or no hub. Just trying to find a reliable sweet spot.

Thanks for your insight and reply.

 

[RMerlin]

Indeed, I can empathize with that. I'll have some time at home now to try and nail down where and why the breakage happens.

Your comments on the timing of things is well received. A good deal of my efforts the last couple of months has been figuring out when to run this and when to run that. And it dovetails somewhat about with your comments about USB disks. I actually have some things run from the USB disk in an attempt to delay their execution and because I don't want them to run if it doesn't properly mount anyway. I've been doing quite a bit of experimentation with different brands of both spinning drives and flash drives, USB 2.0 vs. 3.0, using a powered hub or no hub. Just trying to find a reliable sweet spot.

Thanks for your insight and reply.

If you need to rely on a USB disk, I recommend having a loop where you check for the presence of the disk (just check for its mount point under /mnt like in the postconf example I posted). If the disk isn't found, sleep for 4-5 seconds, then check again. That should provide you with a mostly bulletproof setup. Be careful to not do that in any script that is blocking (for instance, all postconf scripts are blocking, so they should never delay and wait for something to happen).

 

[lancethepants]

Space permitting, I would put DNSCrypt in jffs which mounts more dependably then external hdd.
Plus I don't like the thought of having to rely on hdd to work for internet access to work as well.

 

[Ronv42]

Doesn't DNSCrypt require you to use very specific DNS servers that actually support it, which means losing any locale-aware name resolution

Not if properly implemented like OpenDNS/Cisco. Verified that both Amazon Prime and VUDU are resolving to local CDN's in the Midwest. I wonder if Anycasting may have something to do with it.

 

[Hello World]

Indeed, I can empathize with that. I'll have some time at home now to try and nail down where and why the breakage happens.

Your comments on the timing of things is well received. A good deal of my efforts the last couple of months has been figuring out when to run this and when to run that. And it dovetails somewhat about with your comments about USB disks. I actually have some things run from the USB disk in an attempt to delay their execution and because I don't want them to run if it doesn't properly mount anyway. I've been doing quite a bit of experimentation with different brands of both spinning drives and flash drives, USB 2.0 vs. 3.0, using a powered hub or no hub. Just trying to find a reliable sweet spot.

Thanks for your insight and reply.

Did you get everything to work on your router? I'm using Merlin's FW and I would like to run OpenDNS, DDNS (DuckDNS via script), VPN, and DNSCrypt (via script), as well as both USB ports used? I would love to know how you have it configured as mine keeps losing the DDNS connection (everything else works).

 

[bigeyes0x0]

Indeed cisco/OpenDNS is location aware for CDN. Not because of anycast though as those from d0wn or fusl do not work.

Also using this script here https://github.com/lancethepants/dnscrypt-arm-musl-static/blob/master/dnscrypt.sh

I modified to:

#!/bin/bash

set -e
set -x

mkdir ./dnscrypt && cd ./dnscrypt

BASE=`pwd`
SRC=$BASE/src
WGET="wget --prefer-family=IPv4 --no-check-certificate"
DEST=$BASE/opt
CC=arm-uclibc-gcc
CXX=arm-uclibc-g++
LDFLAGS="-L$DEST/lib"
CPPFLAGS="-I$DEST/include"
MAKE="make -j`nproc`"
CONFIGURE="./configure --prefix=/opt --host=arm-linux"
PATCHES=$(readlink -f $(dirname ${BASH_SOURCE[0]}))/patches
mkdir -p $SRC

############# ###############################################################
# LIBSODIUM # ###############################################################
############# ###############################################################

mkdir $SRC/libsodium && cd $SRC/libsodium
$WGET https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-1.0.11.tar.gz
tar zxvf libsodium-1.0.11.tar.gz
cd libsodium-1.0.11

CC=$CC \
CXX=$CXX \
LDFLAGS=$LDFLAGS \
CPPFLAGS=$CPPFLAGS \
$CONFIGURE \
--enable-minimal \
--disable-shared

$MAKE
make install DESTDIR=$BASE

############ ################################################################
# DNSCRYPT # ################################################################
############ ################################################################

mkdir $SRC/dnscrypt && cd $SRC/dnscrypt
$WGET https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.7.0.tar.gz
tar zxvf dnscrypt-proxy-1.7.0.tar.gz
cd dnscrypt-proxy-1.7.0

CC=$CC \
CXX=$CXX \
CPPFLAGS=$CPPFLAGS \
LDFLAGS=$LDFLAGS \
$CONFIGURE

$MAKE LDFLAGS="$LDFLAGS"
make install DESTDIR=$BASE/dnscrypt

Then I ran strip on final binary to have much smaller binary with libsodium statically linked for ARM models. I attach the binary here with csv https://drive.google.com/open?id=0By5oGIJU70FaNEJndnc3cVZqWnc so everyone can use it directly from jffs if you can't compile yourself which would require setting up firmware compilation on Ubuntu from the github wiki.

 

[bigeyes0x0]

I made this http://www.snbforums.com/threads/beta-dnscrypt-installer-for-asuswrt.36071/ , hope it's useful and easy for you guys.